| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/template/template_test.rb
|
|
|
|
|
|
| |
is being rendered
Closes #5025 part 2
|
| |
|
|
|
|
| |
ActionPack
|
| |
|
| |
|
|
|
|
| |
inside a body, so you can stream.
|
| |
|
| |
|
|
|
|
|
| |
The author of ERB sais, his eRuby implementation was originally named "ERb/ERbLight" and then renamed to "ERB" when started bundled as a Ruby standard lib.
http://www2a.biglobe.ne.jp/~seki/ruby/erb.html
|
| |
|
|
|
|
|
|
| |
Conflicts:
actionpack/lib/action_view/template/handlers/erb.rb
|
|
|
|
|
|
|
| |
<%== x %> is syntactic sugar for <%= raw(x) %>
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#5918 status:committed]
|
| |
|
|
|
|
| |
ActionController::Base methods.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Default Encoding.default_internal to UTF-8
* Eliminated the use of file-wide magic comments to coerce code evaluated inside the file
* Read templates as BINARY, use default_external or template-wide magic comments
inside the Template to set the initial encoding
* This means that template handlers in Ruby 1.9 will receive Strings encoded
in default_internal (UTF-8 by default)
* Create a better Exception for encoding issues, and use it when the template
source has bytes that are not compatible with the specified encoding
* Allow template handlers to opt-into handling BINARY. If they do so, they
need to do some of their own manual encoding work
* Added a "Configuration Gotchas" section to the intro Rails Guide instructing
users to use UTF-8 for everything
* Use config.encoding= in Ruby 1.8, and raise if a value that is an invalid
$KCODE value is used
Also:
* Fixed a few tests that were assert() rather than assert_equal() and
were caught by Minitest requiring a String for the message
* Fixed a test where an assert_select was misformed, also caught by
Minitest being more restrictive
* Fixed a test where a Rack response was returning a String rather
than an Enumerable
|
| |
|
|
|
|
|
|
| |
[#4575 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The approach is to compile <% %> into a method call that checks whether
the value returned from a block is a String. If it is, it concats to the buffer and
prints a deprecation warning.
* <%= %> uses exactly the same logic to compile the template, which first checks
to see whether it's compiling a block.
* This should have no impact on other uses of block in templates. For instance, in
<% [1,2,3].each do |i| %><%= i %><% end %>, the call to each returns an Array,
not a String, so the result is not concatenated
* In two cases (#capture and #cache), a String can be returned that should *never*
be concatenated. We have temporarily created a String subclass called NonConcattingString
which behaves (and is serialized) identically to String, but is not concatenated
by the code that handles deprecated <% %> block helpers. Once we remove support
for <% %> block helpers, we can remove NonConcattingString.
|
|
|
|
| |
controller (so plugins and/or controllers can overwrite just one method).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
ActiveSupport::SafeBuffer
Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
|
|
|
|
| |
through String#<< which checks if the String is safe, use safe_concat, which uses the original (internal) String#<< and leaves the safe flag as is. Results in a significant performance improvement.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* A new module (ActiveSupport::Autoload) is provide that extends
autoloading with new behavior.
* All autoloads in modules that have extended ActiveSupport::Autoload
will be eagerly required in threadsafe environments
* Autoloads can optionally leave off the path if the path is the same
as full_constant_name.underscore
* It is possible to specify that a group of autoloads live under an
additional path. For instance, all of ActionDispatch's middlewares
are ActionDispatch::MiddlewareName, but they live under
"action_dispatch/middlewares/middleware_name"
* It is possible to specify that a group of autoloads are all found
at the same path. For instance, a number of exceptions might all
be declared there.
* One consequence of this is that testing-related constants are not
autoloaded. To get the testing helpers for a given component,
require "component_name/test_case". For instance, "action_controller/test_case".
* test_help.rb, which is automatically required by a Rails application's
test helper, requires the test_case.rb for all active components, so
this change will not be disruptive in existing or new applications.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|
|
|
|
| |
vendor requires.
|
| |
|
| |
|
| |
|
|
|
|
| |
era.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|