| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The approach is to compile <% %> into a method call that checks whether
the value returned from a block is a String. If it is, it concats to the buffer and
prints a deprecation warning.
* <%= %> uses exactly the same logic to compile the template, which first checks
to see whether it's compiling a block.
* This should have no impact on other uses of block in templates. For instance, in
<% [1,2,3].each do |i| %><%= i %><% end %>, the call to each returns an Array,
not a String, so the result is not concatenated
* In two cases (#capture and #cache), a String can be returned that should *never*
be concatenated. We have temporarily created a String subclass called NonConcattingString
which behaves (and is serialized) identically to String, but is not concatenated
by the code that handles deprecated <% %> block helpers. Once we remove support
for <% %> block helpers, we can remove NonConcattingString.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
ActiveSupport::SafeBuffer
Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
|
|
|
|
| |
through String#<< which checks if the String is safe, use safe_concat, which uses the original (internal) String#<< and leaves the safe flag as is. Results in a significant performance improvement.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* A new module (ActiveSupport::Autoload) is provide that extends
autoloading with new behavior.
* All autoloads in modules that have extended ActiveSupport::Autoload
will be eagerly required in threadsafe environments
* Autoloads can optionally leave off the path if the path is the same
as full_constant_name.underscore
* It is possible to specify that a group of autoloads live under an
additional path. For instance, all of ActionDispatch's middlewares
are ActionDispatch::MiddlewareName, but they live under
"action_dispatch/middlewares/middleware_name"
* It is possible to specify that a group of autoloads are all found
at the same path. For instance, a number of exceptions might all
be declared there.
* One consequence of this is that testing-related constants are not
autoloaded. To get the testing helpers for a given component,
require "component_name/test_case". For instance, "action_controller/test_case".
* test_help.rb, which is automatically required by a Rails application's
test helper, requires the test_case.rb for all active components, so
this change will not be disruptive in existing or new applications.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|