Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | Added time_tag helper to AP for HTML5 time tag [#5919 state:resolved] | Sjoerd Andringa | 2011-02-12 | 1 | -1/+1 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | rewords a little the RDoc of the tag helper | Xavier Noria | 2010-10-19 | 1 | -4/+5 |
| | |||||
* | Additional documentation for data-* attributes. | Stephen Celis & Xavier Noria | 2010-10-19 | 1 | -10/+17 |
| | | | | Signed-off-by: Xavier Noria <fxn@hashref.com> | ||||
* | Call html_escape in ERB::Util module and don't mix it in in the helpers | Santiago Pastorino | 2010-10-18 | 1 | -4/+3 |
| | |||||
* | Rejig the html5 data helper code | Michael Koziarski | 2010-10-18 | 1 | -3/+5 |
| | | | | Avoid allocating an array each pass through and support String subclasses like SafeBuffers | ||||
* | HTML5 data attribute helpers [#5825 state:resolved]. | Stephen Celis | 2010-10-18 | 1 | -4/+17 |
| | |||||
* | Prevent any warnings from being printed during RDoc generation | Joost Baaij | 2010-08-26 | 1 | -1/+1 |
| | |||||
* | s/escape_once/html_escape/, since html safety is the contract that now says ↵ | Xavier Noria | 2010-06-30 | 1 | -1/+1 |
| | | | | whether something has to be escaped | ||||
* | Added titles and description. | Rizwan Reza | 2010-06-16 | 1 | -0/+1 |
| | |||||
* | content_tag_string shouldn't escape_html if escape param is false | Santiago Pastorino | 2010-06-07 | 1 | -1/+1 |
| | |||||
* | adds missing requires for Object#blank? and Object#present? | Xavier Noria | 2010-03-28 | 1 | -0/+1 |
| | |||||
* | Merge remote branch 'mainstream/master' | Pratik Naik | 2010-03-15 | 1 | -1/+1 |
|\ | |||||
| * | Making escaped things more readable | Santiago Pastorino | 2010-03-14 | 1 | -1/+1 |
| | | |||||
* | | Merge remote branch 'mainstream/master' | Pratik Naik | 2010-03-12 | 1 | -23/+5 |
|\| | | | | | | | | | | | | | Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb | ||||
| * | Deprecate block_called_from_erb? pending a solution for getting it into apps | Carlhuda | 2010-03-09 | 1 | -22/+4 |
| | | |||||
| * | Explicit html_escape removed when not needed | Santiago Pastorino and José Ignacio Costa | 2010-02-14 | 1 | -1/+1 |
| | | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local> | ||||
| * | content_tag should escape its input | Bruno Michel | 2010-02-14 | 1 | -1/+1 |
| | | | | | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local> | ||||
* | | Updated documentation for block helpers in tag_helper.rb | Jeroen van Dijk | 2010-03-12 | 1 | -1/+1 |
|/ | |||||
* | More html_safe strings now use the safe_concat method | Santiago Pastorino and José Ignacio Costa | 2010-02-05 | 1 | -1/+1 |
| | | | | | | [#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | action_view is requiring the deleted action_view/erb/util.rb file | Santiago Pastorino | 2010-01-31 | 1 | -1/+0 |
| | | | | Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local> | ||||
* | For performance reasons, you can no longer call html_safe! on Strings. ↵ | Yehuda Katz | 2010-01-31 | 1 | -4/+4 |
| | | | | | | | | | | | | Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe. | ||||
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 1 | -4/+4 |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | ||||
* | Clean tag attributes before passing through the escape_once logic. | Michael Koziarski | 2009-09-04 | 1 | -1/+1 |
| | | | | Addresses CVE-2009-3009 | ||||
* | Allow content_tag options to take an array [#1741 state:resolved] ↵ | rizwanreza | 2009-08-08 | 1 | -9/+7 |
| | | | | | | | | | | [rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Fix tag helpers so that all HTML element boolean attributes render according ↵ | Marc Love | 2009-07-30 | 1 | -1/+4 |
| | | | | | | to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved]. Signed-off-by: Yehuda Katz <wycats@gmail.com> | ||||
* | Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML ↵ | Emilio Tagua | 2009-07-07 | 1 | -2/+1 |
| | | | | | | attributes values should be true or false not attribute's name. [#2864 state:resolved] Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local> | ||||
* | Adds a video_tag helper for the HTML5 video tag (similar to how the ↵ | Tieg Zaharia | 2009-07-02 | 1 | -1/+2 |
| | | | | | | image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com> | ||||
* | Cleaning up more render tests | Yehuda Katz + Carl Lerche | 2009-05-14 | 1 | -1/+1 |
| | |||||
* | Explicitly require ERB Utils extensions from TagHelper | Joshua Peek | 2008-12-09 | 1 | -1/+1 |
| | |||||
* | Merge with docrails | Pratik Naik | 2008-12-07 | 1 | -1/+1 |
| | |||||
* | Unnecessary CGI require | Jeremy Kemper | 2008-12-03 | 1 | -1/+0 |
| | |||||
* | Register 'checked' as an HTML boolean attribute. | Hongli Lai (Phusion) | 2008-11-18 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | This way, 'tag :foo, :type => "checkbox", :checked => false' would output the expected <input type="checkbox" /> instead of the old <input type="checkbox" checked="false" /> The latter would result in a checkbox that's initially checked. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Tag helper should output an attribute with the value 'false' instead of ↵ | Hongli Lai (Phusion) | 2008-11-13 | 1 | -4/+6 |
| | | | | omitting the attribute, if the associated option is false but not nil. | ||||
* | Merge with docrails. | Pratik Naik | 2008-07-16 | 1 | -1/+1 |
| | |||||
* | Ruby 1.9 compat: only eval with block.binding in 1.9, uses more memory than ↵ | Jeremy Kemper | 2008-07-15 | 1 | -6/+12 |
| | | | | eval with block | ||||
* | Ruby 1.9 compat: call Proc#binding explicitly. [#623 state:resolved] | 松田 明 | 2008-07-15 | 1 | -1/+1 |
| | |||||
* | Performance: javascript helper tweaks to speed up escaping and reduce object ↵ | Jeremy Kemper | 2008-06-21 | 1 | -1/+1 |
| | | | | allocations when building options strings | ||||
* | Check whether blocks are called from erb using a special __in_erb_template ↵ | Jeremy Kemper | 2008-06-19 | 1 | -8/+24 |
| | | | | variable visible in block binding. | ||||
* | Use output_buffer reader and writer methods exclusively instead of hitting ↵ | Jeremy Kemper | 2008-06-08 | 1 | -4/+0 |
| | | | | the instance variable so others can override the methods. | ||||
* | Merge branch 'master' into erbout | Jeremy Kemper | 2008-06-06 | 1 | -3/+4 |
|\ | |||||
| * | Drop a string conversion from the often-called tag_options helper | Jeremy Kemper | 2008-06-06 | 1 | -3/+4 |
| | | |||||
* | | Don't pass block binding to concat | Jeremy Kemper | 2008-06-02 | 1 | -5/+2 |
| | | |||||
* | | Try replacing _erbout with @output_buffer | Jeremy Kemper | 2008-06-02 | 1 | -1/+1 |
|/ | |||||
* | The tag helper may bypass escaping. | Jeremy Kemper | 2007-09-24 | 1 | -17/+26 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | escape_once uses negative lookahead to avoid double-escaping instead of a ↵ | Jeremy Kemper | 2007-09-24 | 1 | -6/+1 |
| | | | | | | second gsub git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | tag_options creates fewer objects | Jeremy Kemper | 2007-09-18 | 1 | -14/+15 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Massive documentation update for all helpers (closes #8223, #8177, #8175, ↵ | David Heinemeier Hansson | 2007-06-23 | 1 | -15/+35 |
| | | | | | | #8108, #7977, #7972, #7971, #7969) [jeremymcanally] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed that content_tag with a block will just return the result instead of ↵ | David Heinemeier Hansson | 2007-05-02 | 1 | -1/+6 |
| | | | | | | concate it if not used in a ERb view #7857, #7432 [michael.niessner] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Clean up multiple calls to #stringify_keys in TagHelper, add better ↵ | Rick Olson | 2007-01-05 | 1 | -23/+42 |
| | | | | | | documentation and testing for TagHelper. Closes #6394 [Bob Silva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |