| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|
| |
|
|
|
|
|
|
|
| |
days return '2 days'.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#3266 state:committed]
|
|
|
|
|
|
|
| |
about depending upon how many months have elapsed
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#3106 state:committed]
|
| |
|
| |
|
|
|
|
|
|
| |
collection to be used. [#2648 state:resolved]
Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
|
|
|
|
| |
Addresses CVE-2009-3009
|
|
|
|
|
|
| |
stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved]
Signed-off-by: Joshua Peek <josh@joshpeek.com>
|
|
|
|
|
|
| |
[#2252 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
| |
Broke CI.
[#2252 state:open]
This reverts commit adedf72821a5623227ce91e6b298838e692477e4.
|
|
|
|
|
|
| |
[#2252 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* request.formats is much simpler now
* For XHRs or Accept headers with a single item, we use the Accept header
* For other requests, we use params[:format] or fallback to HTML
* This is primarily to work around the fact that browsers provide completely
broken Accept headers, so we have to whitelist the few cases we can
specifically isolate and treat other requests as coming from the browser
* For APIs, we can support single-item Accept headers, which disambiguates
from the browsers
* Requests to an action that only has an XML template from the browser will
no longer find the template. This worked previously because most browsers
provide a catch-all */*, but this was mostly accidental behavior. If you
want to serve XML, either use the :xml format in links, or explicitly
specify the XML template: render "template.xml".
|
|
|
|
|
|
| |
[#1249 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
|
|
| |
[#2660 status:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
| |
|
|
|
|
|
|
| |
Additionally, actually test that the atom_feed helper works with :xml as an option.
[#1836 state:committed]
|
|
|
|
|
|
|
|
| |
actual behavior
[#3016 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
|
|
| |
[rizwanreza, Nick Quaranto]
Example:
content_tag('p', "limelight", :class => ["song", "play"])
# => <p class="song play">limelight</p>
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
| |
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
| |
define_method() is not supported
|
| |
|
|
|
|
|
|
| |
or ".css" onto external urls [#1664 state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
|
|
|
|
|
| |
to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved].
Signed-off-by: Yehuda Katz <wycats@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- Define to_model on AR
- Define to_model on ActiveModel::APICompliant
- Update test fixtures to be API Compliant
- Start using to_model in AP
|
|
|
|
| |
using ActionView::Base
|
|
|
|
|
|
| |
attributes values should be true or false not attribute's name. [#2864 state:resolved]
Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local>
|
| |
|
|
|
|
| |
Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
|
|
|
|
|
|
| |
image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes
Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
|
|
|
|
|
|
| |
the form authenticity token is set to display:inline [#2846 state:resolved]
Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
|
|
|
|
|
| |
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#2015 state:committed]
|
|
|
|
|
|
|
|
|
|
|
|
| |
An exception will be raised if a local javascript/stylesheet file included
by the stylesheet_link_tag or javascript_include_tag can not be found.
When caching is enabled, we use atomic_write to ensure that the cache file
is not created with zero length.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#2738 state:committed]
|
|
|
|
|
|
| |
[#1311 state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
| |
|
|
|
|
| |
what the proc does in various cases.
|
| |
|
|
|
|
|
| |
This is useful for working around IE's stylesheet limit.
stylesheet_link_tag :all, :concat => true
|