aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers/tag_helper.rb
Commit message (Collapse)AuthorAgeFilesLines
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-1/+1
|
* Added time_tag helper to AP for HTML5 time tag [#5919 state:resolved]Sjoerd Andringa2011-02-121-1/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* rewords a little the RDoc of the tag helperXavier Noria2010-10-191-4/+5
|
* Additional documentation for data-* attributes.Stephen Celis & Xavier Noria2010-10-191-10/+17
| | | | Signed-off-by: Xavier Noria <fxn@hashref.com>
* Call html_escape in ERB::Util module and don't mix it in in the helpersSantiago Pastorino2010-10-181-4/+3
|
* Rejig the html5 data helper codeMichael Koziarski2010-10-181-3/+5
| | | | Avoid allocating an array each pass through and support String subclasses like SafeBuffers
* HTML5 data attribute helpers [#5825 state:resolved].Stephen Celis2010-10-181-4/+17
|
* Prevent any warnings from being printed during RDoc generationJoost Baaij2010-08-261-1/+1
|
* s/escape_once/html_escape/, since html safety is the contract that now says ↵Xavier Noria2010-06-301-1/+1
| | | | whether something has to be escaped
* Added titles and description.Rizwan Reza2010-06-161-0/+1
|
* content_tag_string shouldn't escape_html if escape param is falseSantiago Pastorino2010-06-071-1/+1
|
* adds missing requires for Object#blank? and Object#present?Xavier Noria2010-03-281-0/+1
|
* Merge remote branch 'mainstream/master'Pratik Naik2010-03-151-1/+1
|\
| * Making escaped things more readableSantiago Pastorino2010-03-141-1/+1
| |
* | Merge remote branch 'mainstream/master'Pratik Naik2010-03-121-23/+5
|\| | | | | | | | | | | | | Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb
| * Deprecate block_called_from_erb? pending a solution for getting it into appsCarlhuda2010-03-091-22/+4
| |
| * Explicit html_escape removed when not neededSantiago Pastorino and José Ignacio Costa2010-02-141-1/+1
| | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
| * content_tag should escape its inputBruno Michel2010-02-141-1/+1
| | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* | Updated documentation for block helpers in tag_helper.rbJeroen van Dijk2010-03-121-1/+1
|/
* More html_safe strings now use the safe_concat methodSantiago Pastorino and José Ignacio Costa2010-02-051-1/+1
| | | | | | [#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* action_view is requiring the deleted action_view/erb/util.rb fileSantiago Pastorino2010-01-311-1/+0
| | | | Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
* For performance reasons, you can no longer call html_safe! on Strings. ↵Yehuda Katz2010-01-311-4/+4
| | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-4/+4
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Clean tag attributes before passing through the escape_once logic.Michael Koziarski2009-09-041-1/+1
| | | | Addresses CVE-2009-3009
* Allow content_tag options to take an array [#1741 state:resolved] ↵rizwanreza2009-08-081-9/+7
| | | | | | | | | | [rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Fix tag helpers so that all HTML element boolean attributes render according ↵Marc Love2009-07-301-1/+4
| | | | | | to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved]. Signed-off-by: Yehuda Katz <wycats@gmail.com>
* Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML ↵Emilio Tagua2009-07-071-2/+1
| | | | | | attributes values should be true or false not attribute's name. [#2864 state:resolved] Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local>
* Adds a video_tag helper for the HTML5 video tag (similar to how the ↵Tieg Zaharia2009-07-021-1/+2
| | | | | | image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
* Cleaning up more render testsYehuda Katz + Carl Lerche2009-05-141-1/+1
|
* Explicitly require ERB Utils extensions from TagHelperJoshua Peek2008-12-091-1/+1
|
* Merge with docrailsPratik Naik2008-12-071-1/+1
|
* Unnecessary CGI requireJeremy Kemper2008-12-031-1/+0
|
* Register 'checked' as an HTML boolean attribute.Hongli Lai (Phusion)2008-11-181-1/+1
| | | | | | | | | | | | | | | This way, 'tag :foo, :type => "checkbox", :checked => false' would output the expected <input type="checkbox" /> instead of the old <input type="checkbox" checked="false" /> The latter would result in a checkbox that's initially checked. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Tag helper should output an attribute with the value 'false' instead of ↵Hongli Lai (Phusion)2008-11-131-4/+6
| | | | omitting the attribute, if the associated option is false but not nil.
* Merge with docrails.Pratik Naik2008-07-161-1/+1
|
* Ruby 1.9 compat: only eval with block.binding in 1.9, uses more memory than ↵Jeremy Kemper2008-07-151-6/+12
| | | | eval with block
* Ruby 1.9 compat: call Proc#binding explicitly. [#623 state:resolved]松田 明2008-07-151-1/+1
|
* Performance: javascript helper tweaks to speed up escaping and reduce object ↵Jeremy Kemper2008-06-211-1/+1
| | | | allocations when building options strings
* Check whether blocks are called from erb using a special __in_erb_template ↵Jeremy Kemper2008-06-191-8/+24
| | | | variable visible in block binding.
* Use output_buffer reader and writer methods exclusively instead of hitting ↵Jeremy Kemper2008-06-081-4/+0
| | | | the instance variable so others can override the methods.
* Merge branch 'master' into erboutJeremy Kemper2008-06-061-3/+4
|\
| * Drop a string conversion from the often-called tag_options helperJeremy Kemper2008-06-061-3/+4
| |
* | Don't pass block binding to concatJeremy Kemper2008-06-021-5/+2
| |
* | Try replacing _erbout with @output_bufferJeremy Kemper2008-06-021-1/+1
|/
* The tag helper may bypass escaping.Jeremy Kemper2007-09-241-17/+26
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* escape_once uses negative lookahead to avoid double-escaping instead of a ↵Jeremy Kemper2007-09-241-6/+1
| | | | | | second gsub git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* tag_options creates fewer objectsJeremy Kemper2007-09-181-14/+15
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Massive documentation update for all helpers (closes #8223, #8177, #8175, ↵David Heinemeier Hansson2007-06-231-15/+35
| | | | | | #8108, #7977, #7972, #7971, #7969) [jeremymcanally] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that content_tag with a block will just return the result instead of ↵David Heinemeier Hansson2007-05-021-1/+6
| | | | | | concate it if not used in a ERb view #7857, #7432 [michael.niessner] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Clean up multiple calls to #stringify_keys in TagHelper, add better ↵Rick Olson2007-01-051-23/+42
| | | | | | documentation and testing for TagHelper. Closes #6394 [Bob Silva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 20:26:08 +0000