rails.git - Mirror of official rails repo with custom fixes.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge remote branch 'mainstream/master'	Pratik Naik	2010-03-12	1	-23/+5
\|\ \| \| \| \| \| \| \| \| \| \| \| \|	Conflicts: activerecord/lib/active_record/base.rb railties/lib/rails/configuration.rb railties/lib/rails/log_subscriber.rb
\| *	Deprecate block_called_from_erb? pending a solution for getting it into apps	Carlhuda	2010-03-09	1	-22/+4
\| \|
\| *	Explicit html_escape removed when not needed	Santiago Pastorino and José Ignacio Costa	2010-02-14	1	-1/+1
\| \| \| \| \| \| \| \|	Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
\| *	content_tag should escape its input	Bruno Michel	2010-02-14	1	-1/+1
\| \| \| \| \| \| \| \|	Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* \|	Updated documentation for block helpers in tag_helper.rb	Jeroen van Dijk	2010-03-12	1	-1/+1
\|/
*	More html_safe strings now use the safe_concat method	Santiago Pastorino and José Ignacio Costa	2010-02-05	1	-1/+1
\| \| \| \| \| \|	[#3856 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
*	action_view is requiring the deleted action_view/erb/util.rb file	Santiago Pastorino	2010-01-31	1	-1/+0
\| \| \| \|	Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
*	For performance reasons, you can no longer call html_safe! on Strings. ↵	Yehuda Katz	2010-01-31	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
*	Switch to on-by-default XSS escaping for rails.	Michael Koziarski	2009-10-08	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \|	This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
*	Clean tag attributes before passing through the escape_once logic.	Michael Koziarski	2009-09-04	1	-1/+1
\| \| \| \|	Addresses CVE-2009-3009
*	Allow content_tag options to take an array [#1741 state:resolved] ↵	rizwanreza	2009-08-08	1	-9/+7
\| \| \| \| \| \| \| \| \| \|	[rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
*	Fix tag helpers so that all HTML element boolean attributes render according ↵	Marc Love	2009-07-30	1	-1/+4
\| \| \| \| \| \|	to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved]. Signed-off-by: Yehuda Katz <wycats@gmail.com>
*	Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML ↵	Emilio Tagua	2009-07-07	1	-2/+1
\| \| \| \| \| \|	attributes values should be true or false not attribute's name. [#2864 state:resolved] Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local>
*	Adds a video_tag helper for the HTML5 video tag (similar to how the ↵	Tieg Zaharia	2009-07-02	1	-1/+2
\| \| \| \| \| \|	image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
*	Cleaning up more render tests	Yehuda Katz + Carl Lerche	2009-05-14	1	-1/+1
\|
*	Explicitly require ERB Utils extensions from TagHelper	Joshua Peek	2008-12-09	1	-1/+1
\|
*	Merge with docrails	Pratik Naik	2008-12-07	1	-1/+1
\|
*	Unnecessary CGI require	Jeremy Kemper	2008-12-03	1	-1/+0
\|
*	Register 'checked' as an HTML boolean attribute.	Hongli Lai (Phusion)	2008-11-18	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This way, 'tag :foo, :type => "checkbox", :checked => false' would output the expected <input type="checkbox" /> instead of the old <input type="checkbox" checked="false" /> The latter would result in a checkbox that's initially checked. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
*	Tag helper should output an attribute with the value 'false' instead of ↵	Hongli Lai (Phusion)	2008-11-13	1	-4/+6
\| \| \| \|	omitting the attribute, if the associated option is false but not nil.
*	Merge with docrails.	Pratik Naik	2008-07-16	1	-1/+1
\|
*	Ruby 1.9 compat: only eval with block.binding in 1.9, uses more memory than ↵	Jeremy Kemper	2008-07-15	1	-6/+12
\| \| \| \|	eval with block
*	Ruby 1.9 compat: call Proc#binding explicitly. [#623 state:resolved]	松田明	2008-07-15	1	-1/+1
\|
*	Performance: javascript helper tweaks to speed up escaping and reduce object ↵	Jeremy Kemper	2008-06-21	1	-1/+1
\| \| \| \|	allocations when building options strings
*	Check whether blocks are called from erb using a special __in_erb_template ↵	Jeremy Kemper	2008-06-19	1	-8/+24
\| \| \| \|	variable visible in block binding.
*	Use output_buffer reader and writer methods exclusively instead of hitting ↵	Jeremy Kemper	2008-06-08	1	-4/+0
\| \| \| \|	the instance variable so others can override the methods.
*	Merge branch 'master' into erbout	Jeremy Kemper	2008-06-06	1	-3/+4
\|\
\| *	Drop a string conversion from the often-called tag_options helper	Jeremy Kemper	2008-06-06	1	-3/+4
\| \|
* \|	Don't pass block binding to concat	Jeremy Kemper	2008-06-02	1	-5/+2
\| \|
* \|	Try replacing _erbout with @output_buffer	Jeremy Kemper	2008-06-02	1	-1/+1
\|/
*	The tag helper may bypass escaping.	Jeremy Kemper	2007-09-24	1	-17/+26
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	escape_once uses negative lookahead to avoid double-escaping instead of a ↵	Jeremy Kemper	2007-09-24	1	-6/+1
\| \| \| \| \| \|	second gsub git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	tag_options creates fewer objects	Jeremy Kemper	2007-09-18	1	-14/+15
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Massive documentation update for all helpers (closes #8223, #8177, #8175, ↵	David Heinemeier Hansson	2007-06-23	1	-15/+35
\| \| \| \| \| \|	#8108, #7977, #7972, #7971, #7969) [jeremymcanally] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Fixed that content_tag with a block will just return the result instead of ↵	David Heinemeier Hansson	2007-05-02	1	-1/+6
\| \| \| \| \| \|	concate it if not used in a ERb view #7857, #7432 [michael.niessner] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Clean up multiple calls to #stringify_keys in TagHelper, add better ↵	Rick Olson	2007-01-05	1	-23/+42
\| \| \| \| \| \|	documentation and testing for TagHelper. Closes #6394 [Bob Silva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added block-usage to PrototypeHelper#form_remote_tag, document block-usage ↵	Rick Olson	2006-10-24	1	-2/+2
\| \| \| \| \| \|	of FormTagHelper#form_tag [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5346 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added block-usage to TagHelper#content_tag [DHH]	David Heinemeier Hansson	2006-10-23	1	-4/+24
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5344 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Add <%= escape_once html %> to escape html while leaving any currently ↵	Rick Olson	2006-10-18	1	-1/+10
\| \| \| \| \| \|	escaped entities alone. Fix button_to double-escaping issue. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Fix double-escaped entities, such as &amp;, &#123;, etc. [Rick]	Rick Olson	2006-10-18	1	-1/+6
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5321 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Wrap javascript_tag contents in a CDATA section and add a cdata_section ↵	Sam Stephenson	2005-10-12	1	-0/+9
\| \| \| \| \| \|	method to TagHelper. Closes #1691. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Convert boolean form options form the tag_helper. Recloses #809.	Marcel Molina	2005-10-10	1	-5/+11
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Optimized tag_options to not sort keys, which is no longer necessary when ↵	David Heinemeier Hansson	2005-09-20	1	-10/+9
\| \| \| \| \| \|	assert_dom_equal and friend is available #1995 [skae]. Added assert_dom_equal and assert_dom_not_equal to compare tags generated by the helpers in an order-indifferent manner #1995 [skae] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2271 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added that nil options are not included in tags, so tag("p", :ignore => nil) ↵	David Heinemeier Hansson	2005-07-09	1	-2/+3
\| \| \| \| \| \|	now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [michael@schuerig.de] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1789 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Fixed TagHelper such that :name and 'name' keys in the options doesn't ↵	David Heinemeier Hansson	2005-06-16	1	-2/+1
\| \| \| \| \| \|	result in two attributes #1455 [take_tk] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1426 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Moved image_tag to AssetTagHelper	David Heinemeier Hansson	2005-03-14	1	-26/+0
\| \| \| \|	git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@899 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added TagHelper#image_tag and deprecated UrlHelper#link_image_to ↵	David Heinemeier Hansson	2005-03-09	1	-1/+28
\| \| \| \| \| \|	(recommended approach is to combine image_tag and link_to instead) git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@879 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Fixed that form helpers would treat string and symbol keys differently in ↵	David Heinemeier Hansson	2005-03-06	1	-4/+4
\| \| \| \| \| \|	html_options (and possibly create duplicate entries) #112 [bitsweat] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@833 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added FormTagHelper that provides a number of methods for creating form tags ↵	David Heinemeier Hansson	2005-02-19	1	-26/+0
\| \| \| \| \| \|	that doesn't rely on conventions with an object assigned to the template like FormHelper does. With the FormTagHelper, you provide the names and values yourself. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@687 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
*	Added Iran and Irak to the countries list used by country_select and ↵	David Heinemeier Hansson	2005-02-19	1	-1/+4
\| \| \| \| \| \|	country_options_for_select git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@683 5ecf4fe2-1ee6-0310-87b1-e25e094e27de