Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | button_tag should escape it content | Santiago Pastorino | 2011-01-12 | 1 | -1/+1 | |
| | ||||||
* | authenticity_token option for form_tag [#2988 state:resolved] | Jakub Kuźma | 2011-01-09 | 1 | -5/+17 | |
| | ||||||
* | HTML5 button_tag helper | Rizwan Reza | 2011-01-09 | 1 | -0/+50 | |
| | | | | | | | | This tag is similar in nature to submit_tag, but allows more control. It also doesn't submit if submit type isn't used, allowing JavaScript to control the flow where required. For more information: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-button-element | |||||
* | eternal confusion! fixed doco to inform correctly | Aditya Sanghi | 2010-12-15 | 1 | -1/+1 | |
| | ||||||
* | Added :placeholder option to ActionView::Helpers::FormTagHelper text_field_tag | Ben Mills | 2010-12-13 | 1 | -0/+4 | |
| | ||||||
* | Added a space before "do" keyword | Akira Matsuda | 2010-11-28 | 1 | -1/+1 | |
| | ||||||
* | Call html_escape in ERB::Util module and don't mix it in in the helpers | Santiago Pastorino | 2010-10-18 | 1 | -1/+2 | |
| | ||||||
* | Refactor a bit this code to add data-confirm and data-disable-with | Santiago Pastorino | 2010-10-11 | 1 | -2/+2 | |
| | ||||||
* | Select tags with array options are deprecated, removing | Carlos Antonio da Silva | 2010-09-26 | 1 | -4/+0 | |
| | ||||||
* | Revert "It's snowing!" | wycats | 2010-08-18 | 1 | -1/+1 | |
| | | | | This reverts commit e4283007d607454acf97301821ba1e1c417bdead. | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -8/+8 | |
| | | | | 's/[ \t]*$//' -i {} \;) | |||||
* | It's snowing! | Jeremy Kemper | 2010-08-12 | 1 | -1/+1 | |
| | ||||||
* | Replace snowman with utf8=✓ | wycats | 2010-08-11 | 1 | -1/+1 | |
| | ||||||
* | rename _snowman to _e | wycats | 2010-08-09 | 1 | -1/+1 | |
| | ||||||
* | Change returning with tap | Santiago Pastorino | 2010-07-25 | 1 | -2/+1 | |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | s/escape_once/html_escape/, since html safety is the contract that now says ↵ | Xavier Noria | 2010-06-30 | 1 | -1/+1 | |
| | | | | whether something has to be escaped | |||||
* | url_for no longer escapes HTML, the :escape option is also gone | Xavier Noria | 2010-06-30 | 1 | -0/+2 | |
| | | | | Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc. | |||||
* | Rename _snowman_ to _snowman to be in sync with _method and _csrf_token. | José Valim | 2010-06-29 | 1 | -1/+1 | |
| | ||||||
* | Small typo | wycats | 2010-06-27 | 1 | -1/+1 | |
| | ||||||
* | Fix several known web encoding issues: | wycats | 2010-06-27 | 1 | -3/+12 | |
| | | | | | | | | | | | | | | | | | | | | | | | * Specify accept-charset on all forms. All recent browsers, as well as IE5+, will use the encoding specified for form parameters * Unfortunately, IE5+ will not look at accept-charset unless at least one character in the form's values is not in the page's charset. Since the user can override the default charset (which Rails sets to UTF-8), we provide a hidden input containing a unicode character, forcing IE to look at the accept-charset. * Now that the vast majority of web input is UTF-8, we set the inbound parameters to UTF-8. This will eliminate many cases of incompatible encodings between ASCII-8BIT and UTF-8. * You can safely ignore params[:_snowman_] TODO: * Validate inbound text to confirm it is UTF-8 * Combine the whole_form implementations in form_helper_test and form_tag_helper_test | |||||
* | Adds title and description where needed. | Rizwan Reza | 2010-06-16 | 1 | -0/+1 | |
| | ||||||
* | Fix a bunch of minor spelling mistakes | Evgeniy Dolzhenko | 2010-06-11 | 1 | -1/+1 | |
| | ||||||
* | HTML safety: fix textarea with nil content | Jeremy Kemper | 2010-05-24 | 1 | -1/+1 | |
| | ||||||
* | Improve previous patch a bit [#3645 state:resolved] | José Valim | 2010-05-15 | 1 | -6/+3 | |
| | ||||||
* | Let label helpers accept blocks. | Stephen Celis | 2010-05-15 | 1 | -3/+10 | |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | image_path -> path_to_image in a couple of places, plus motivation for ↵ | Xavier Noria | 2010-04-09 | 1 | -1/+1 | |
| | | | | path_to_image in rdoc | |||||
* | Consistently use lowercase instead of camelCase for all JS class names in Rails | David Heinemeier Hansson | 2010-04-08 | 1 | -10/+10 | |
| | ||||||
* | Remove superfluous condition | Jeremy Kemper | 2010-04-08 | 1 | -1/+1 | |
| | ||||||
* | Merge commit 'rails/master' | Xavier Noria | 2010-04-06 | 1 | -0/+63 | |
|\ | ||||||
| * | Added all the new HTML5 form types as individual form tag methods (search, ↵ | David Heinemeier Hansson | 2010-04-05 | 1 | -0/+63 | |
| | | | | | | | | url, number, etc) (Closes #3646) [Stephen Celis] | |||||
* | | revises some <%= in rdoc | Xavier Noria | 2010-04-05 | 1 | -1/+1 | |
|/ | ||||||
* | HTML safety: give a deprecation warning if an array of option tags is passed ↵ | Jeremy Kemper | 2010-03-31 | 1 | -0/+4 | |
| | | | | to select tag. Be sure to join the tag yourself and mark them .html_safe | |||||
* | adds missing requires for Object#blank? and Object#present? | Xavier Noria | 2010-03-28 | 1 | -0/+1 | |
| | ||||||
* | Merge remote branch 'mainstream/master' | Pratik Naik | 2010-03-12 | 1 | -10/+16 | |
|\ | | | | | | | | | | | | | Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb | |||||
| * | Make form helpers work with <%= | wycats | 2010-03-09 | 1 | -7/+13 | |
| | | ||||||
| * | content_tag should escape its input | Bruno Michel | 2010-02-14 | 1 | -3/+3 | |
| | | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local> | |||||
* | | Updated documentation for block helpers in form_tag_helper.rb | Jeroen van Dijk | 2010-03-12 | 1 | -5/+5 | |
|/ | ||||||
* | More html_safe strings now use the safe_concat method | Santiago Pastorino and José Ignacio Costa | 2010-02-05 | 1 | -3/+3 | |
| | | | | | | [#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | |||||
* | Modify the behavior of `radio_button_tag` to use `sanitize_to_id` for ↵ | Prem Sichanugrist | 2010-02-02 | 1 | -3/+1 | |
| | | | | | | consistency [#1792 status:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | For performance reasons, you can no longer call html_safe! on Strings. ↵ | Yehuda Katz | 2010-01-31 | 1 | -3/+3 | |
| | | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe. | |||||
* | UJS documentation. | Stefan Penner | 2010-01-31 | 1 | -8/+21 | |
| | ||||||
* | add :remote option to form_tag | Stephen St. Martin | 2010-01-31 | 1 | -0/+1 | |
| | ||||||
* | Generate UJS code for :disable_with | Joshua Peek | 2010-01-30 | 1 | -10/+1 | |
| | ||||||
* | updating link_to and button_to to support :remote => true and other options ↵ | Erik St. Martin | 2010-01-30 | 1 | -7/+5 | |
| | | | | | | such as :confirm in a unobtrusive manor Signed-off-by: Joshua Peek <josh@joshpeek.com> | |||||
* | Revert "Merge branch 'rails/master' into ujs" | Joshua Peek | 2010-01-30 | 1 | -5/+15 | |
| | | | | | | | | | | | This reverts commit 3aa1ea1ae4baa4a03d03644e798eeb98a4745785, reversing changes made to 2c12a71378d2146c822acb389b00b866f6420ff5. Conflicts: actionpack/lib/action_view/helpers/javascript_helper.rb actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb | |||||
* | making non remote versions of link_to, button_to, submit_tag and ↵ | Erik St. Martin | 2010-01-27 | 1 | -15/+5 | |
| | | | | image_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with | |||||
* | Merge docrails | Pratik Naik | 2010-01-17 | 1 | -0/+3 | |
| | ||||||
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 1 | -3/+3 | |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | |||||
* | Add :include_blank option for select_tag [#1987 status:resolved] | rizwanreza | 2009-08-08 | 1 | -0/+7 | |
| | | | | | Signed-off-by: José Valim <jose.valim@gmail.com> Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | |||||
* | remove duplicate call to stringify_keys [#2587 status:resolved] | Steve St. Martin | 2009-08-08 | 1 | -1/+1 | |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> |