| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\ |
|
| | |
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
activerecord/lib/active_record/base.rb
railties/lib/rails/configuration.rb
railties/lib/rails/log_subscriber.rb
|
| | |
|
| |
| |
| |
| | |
Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
|
| |
| |
| |
| | |
Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
|
|/ |
|
|
|
|
|
|
| |
[#3856 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
* Additionally, instead of doing concat("</form>".html_safe), you can do
safe_concat("</form>"), which will skip both the flag set, and the flag
check.
* For the first pass, I converted virtually all #html_safe!s to #html_safe,
and the tests pass. A further optimization would be to try to use
#safe_concat as much as possible, reducing the performance impact if
we know up front that a String is safe.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|
|
|
|
| |
Addresses CVE-2009-3009
|
|
|
|
|
|
|
|
|
|
| |
[rizwanreza, Nick Quaranto]
Example:
content_tag('p', "limelight", :class => ["song", "play"])
# => <p class="song play">limelight</p>
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
|
|
| |
to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved].
Signed-off-by: Yehuda Katz <wycats@gmail.com>
|
|
|
|
|
|
| |
attributes values should be true or false not attribute's name. [#2864 state:resolved]
Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local>
|
|
|
|
|
|
| |
image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes
Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This way, 'tag :foo, :type => "checkbox", :checked => false' would output
the expected
<input type="checkbox" />
instead of the old
<input type="checkbox" checked="false" />
The latter would result in a checkbox that's initially checked.
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
omitting the attribute, if the associated option is false but not nil.
|
| |
|
|
|
|
| |
eval with block
|
| |
|
|
|
|
| |
allocations when building options strings
|
|
|
|
| |
variable visible in block binding.
|
|
|
|
| |
the instance variable so others can override the methods.
|
|\ |
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
second gsub
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
#8108, #7977, #7972, #7971, #7969) [jeremymcanally]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
concate it if not used in a ERb view #7857, #7432 [michael.niessner]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
documentation and testing for TagHelper. Closes #6394 [Bob Silva]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
of FormTagHelper#form_tag [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5346 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5344 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
escaped entities alone. Fix button_to double-escaping issue. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5321 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
method to TagHelper. Closes #1691.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
assert_dom_equal and friend is available #1995 [skae]. Added assert_dom_equal and assert_dom_not_equal to compare tags generated by the helpers in an order-indifferent manner #1995 [skae]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2271 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [michael@schuerig.de]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1789 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
result in two attributes #1455 [take_tk]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1426 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
| |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@899 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|
|
|
|
|
|
| |
(recommended approach is to combine image_tag and link_to instead)
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@879 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
|