aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers
Commit message (Collapse)AuthorAgeFilesLines
* Unify benchmark APIs.José Valim2009-10-151-54/+0
|
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-151-1/+1
|
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-151-1/+1
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-141-12/+16
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* API change: content_tag_for outputs prefixed class nameJoshua Peek2009-10-081-3/+3
|
* error procs have to be safe tooMichael Koziarski2009-10-081-1/+1
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-0812-25/+43
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* NumberHelper depends on big decimal extensionsJoshua Peek2009-10-031-0/+1
|
* Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 ↵John Trupiano2009-09-281-10/+19
| | | | | | | days return '2 days'. Signed-off-by: Michael Koziarski <michael@koziarski.com> [#3266 state:committed]
* Enhancing distance_of_time_in_words to prefix year output with over and ↵Jay Pignata2009-09-281-4/+7
| | | | | | | about depending upon how many months have elapsed Signed-off-by: Michael Koziarski <michael@koziarski.com> [#3106 state:committed]
* AV::UrlHelper depends on Array#secondJoshua Peek2009-09-131-0/+1
|
* Don't force test suite to use bundlerJoshua Peek2009-09-131-0/+1
|
* Allow fields_for on a nested_attributes association to accept an explicit ↵Andrew France2009-09-121-7/+19
| | | | | | collection to be used. [#2648 state:resolved] Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
* Clean tag attributes before passing through the escape_once logic.Michael Koziarski2009-09-041-1/+1
| | | | Addresses CVE-2009-3009
* Don't raise exceptions for missing javascript_include_tag or ↵Sam Pohlenz2009-09-031-2/+6
| | | | | | stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
* I18n: use I18n for select helpers' prompt textAkira Matsuda2009-08-261-1/+2
| | | | | | [#2252 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Revert "I18n: use I18n for select helpers' prompt text"Jeremy Kemper2009-08-261-2/+1
| | | | | | | | Broke CI. [#2252 state:open] This reverts commit adedf72821a5623227ce91e6b298838e692477e4.
* I18n: use I18n for select helpers' prompt textAkira Matsuda2009-08-261-1/+2
| | | | | | [#2252 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Got tests to pass with some more changes.Yehuda Katz2009-08-151-2/+3
| | | | | | | | | | | | | | | | * request.formats is much simpler now * For XHRs or Accept headers with a single item, we use the Accept header * For other requests, we use params[:format] or fallback to HTML * This is primarily to work around the fact that browsers provide completely broken Accept headers, so we have to whitelist the few cases we can specifically isolate and treat other requests as coming from the browser * For APIs, we can support single-item Accept headers, which disambiguates from the browsers * Requests to an action that only has an XML template from the browser will no longer find the template. This worked previously because most browsers provide a catch-all */*, but this was mostly accidental behavior. If you want to serve XML, either use the :xml format in links, or explicitly specify the XML template: render "template.xml".
* Introduce grouped_collection_select helper.codeape2009-08-091-0/+67
| | | | | | [#1249 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Make sure link_to generates the form with the specified :href if any [#2254 ↵Max Lapshin2009-08-101-1/+1
| | | | | | state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Fixed to_label_tag to accept id attribute without changing for attribute ↵Matt Duncan2009-08-091-0/+1
| | | | | | [#2660 status:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Support passing Redcloth options via textilize helper [#2973 state:resolved]rizwanreza2009-08-091-3/+11
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Clean up initializer and some of the internals of PartialRendererYehuda Katz2009-08-091-0/+4
|
* Don't call additional methods on builders passed to the atom_feed helper.Michael Koziarski2009-08-091-1/+1
| | | | | | Additionally, actually test that the atom_feed helper works with :xml as an option. [#1836 state:committed]
* Update truncate documentation / examples to more clearly demonstrate its ↵Steve St. Martin2009-08-081-8/+10
| | | | | | | | actual behavior [#3016 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Allow content_tag options to take an array [#1741 state:resolved] ↵rizwanreza2009-08-081-9/+7
| | | | | | | | | | [rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Allow radio buttons to work with booleans.José Valim2009-08-081-2/+2
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Add :include_blank option for select_tag [#1987 status:resolved]rizwanreza2009-08-081-0/+7
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* remove duplicate call to stringify_keys [#2587 status:resolved]Steve St. Martin2009-08-081-1/+1
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Fix number_to_precision rounding error [#2071 state:resolved]wmoxam2009-08-081-1/+1
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Ruby 1.9.2: implicit argument passing of super from method defined by ↵Jeremy Kemper2009-08-071-3/+1
| | | | define_method() is not supported
* Improve a path in _render_partialYehuda Katz2009-08-061-0/+4
|
* Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" ↵Matthew Rudy Jacobs2009-08-051-10/+14
| | | | | | or ".css" onto external urls [#1664 state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Fix tag helpers so that all HTML element boolean attributes render according ↵Marc Love2009-07-302-2/+5
| | | | | | to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229602f467cfdc0ef606b5ef8a5566a1501 / [#2864 state:resolved]. Signed-off-by: Yehuda Katz <wycats@gmail.com>
* Add support for error_messages_for(@obj)Yehuda Katz2009-07-281-6/+24
|
* Merge docrailsPratik Naik2009-07-254-77/+76
|
* First effort at new Ajax helpersYehuda Katz2009-07-201-0/+68
|
* Rename ActiveRecordHelper to ActiveModelHelperYehuda Katz2009-07-202-3/+1
|
* Finish convert_to_object updatesYehuda Katz2009-07-201-1/+3
|
* Update some tests and add a to_model to form helpersYehuda Katz2009-07-202-3/+5
|
* Define ActiveModel API ComplianceYehuda Katz2009-07-202-9/+28
| | | | | | - Define to_model on AR - Define to_model on ActiveModel::APICompliant - Update test fixtures to be API Compliant - Start using to_model in AP
* Move default_form_builder to ActionView so it'll work in environments not ↵Yehuda Katz2009-07-191-3/+15
| | | | using ActionView::Base
* Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML ↵Emilio Tagua2009-07-072-5/+36
| | | | | | attributes values should be true or false not attribute's name. [#2864 state:resolved] Signed-off-by: Yehuda Katz <wycats@yehuda-katzs-macbookpro41.local>
* Removed unnecessary calls to image_path and hash lookups [#2827 state:resolved]Yehuda Katz + Carl Lerche2009-07-021-3/+3
|
* My suggestion to fix ticket 2401 [#2401 state:resolved]Jarl Friis2009-07-021-4/+6
| | | | Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
* Adds a video_tag helper for the HTML5 video tag (similar to how the ↵Tieg Zaharia2009-07-022-1/+69
| | | | | | image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
* Patch FormTagHelper so that when a form tag is created, the div which holds ↵Elliot Winkler2009-07-011-2/+2
| | | | | | the form authenticity token is set to display:inline [#2846 state:resolved] Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
* Make text_area_tag escape contents by default.Chris Mear2009-06-271-0/+5
| | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2015 state:committed]
* Handle missing javascript/stylesheets assets by raising an exceptionChristos Zisopoulos2009-06-261-4/+28
| | | | | | | | | | | | An exception will be raised if a local javascript/stylesheet file included by the stylesheet_link_tag or javascript_include_tag can not be found. When caching is enabled, we use atomic_write to ensure that the cache file is not created with zero length. Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2738 state:committed]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 22:13:10 +0000