aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view
Commit message (Collapse)AuthorAgeFilesLines
* Make encodings work with Erubis and 1.9 againYehuda Katz2009-10-161-3/+5
|
* Fix a bug where templates with locales were not being sorted correctlyYehuda Katz2009-10-161-1/+1
|
* Merge branch 'master' into orchestraJeremy Kemper2009-10-151-1/+10
|\
| * Change config implementation in AV slightlyYehuda Katz2009-10-151-1/+10
| |
* | Renamed Orchestra to Notifications once again [#3321 state:resolved]José Valim2009-10-151-1/+1
| |
* | Unify benchmark APIs.José Valim2009-10-152-56/+4
| |
* | Update Orchestra instrumentations and move part of logging to Orchestra.José Valim2009-10-151-1/+1
| |
* | Revert "Rename Orchestra to Notifications [#3321 state:resolved]"José Valim2009-10-151-1/+1
|/ | | | This reverts commit 8cbf825425dc8ad3770881ea4e100b9023c69ce2.
* Make this less brittle and work on 1.8Yehuda Katz2009-10-151-9/+9
|
* Make the erubis implementation easier for plugins to change.Michael Koziarski2009-10-151-1/+4
|
* Add a read-only method which plugin authors can use to determine if xss ↵Michael Koziarski2009-10-151-0/+5
| | | | | | | escaping. This doesn't provide a way to turn off the escaping, but alternative template engine authors can figure out what their default should be by calling this. Avoids a messy version + plugin check.
* Rename Orchestra to Notifications [#3321 state:resolved]Joshua Peek2009-10-141-1/+1
|
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-151-1/+1
|
* Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the ↵Michael Koziarski2009-10-151-1/+1
| | | | latter isn't
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-151-1/+1
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-142-13/+17
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* Fix a bug where render :text could not handle yield :symbol. Fixes guides ↵Yehuda Katz2009-10-101-9/+13
| | | | generation
* Fix issue with standalone ActionViewYehuda Katz2009-10-091-1/+4
|
* Get rid of constant name usage for stack trace help in favor of overriding ↵Yehuda Katz2009-10-091-9/+9
| | | | #inspect and .name.
* Finish porting over the initializers to the app object and fix all the testsCarl Lerche2009-10-081-2/+5
|
* API change: content_tag_for outputs prefixed class nameJoshua Peek2009-10-081-3/+3
|
* Fix warning spew for 1.9Carl Lerche2009-10-081-1/+5
|
* error procs have to be safe tooMichael Koziarski2009-10-081-1/+1
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-0819-32/+112
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Not calling a private method anymoreYehuda Katz2009-10-071-2/+5
|
* Fix warning spewYehuda Katz2009-10-061-1/+3
|
* NumberHelper depends on big decimal extensionsJoshua Peek2009-10-031-0/+1
|
* Ported the new ActionView::TestCase from 2-3-stable to master [#3260Erik Ostrom2009-09-282-25/+101
| | | | | | | | | | | | | | | | | state:resolved] The test case now mimicks the template environment more closely, so it's possible to use render, load helper dependencies. This also fixes assert_select, and similar assertions. Because view tests and helpers generally don't render full templates assert_select looks first in rendered and then in output_buffer to find the rendered output. Additional `master'-only changes: Made the Action Pack Rakefile run the ActionView::TestCase tests, and made ActionView::Rendering#_render_text always return a string. Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 ↵John Trupiano2009-09-282-10/+22
| | | | | | | days return '2 days'. Signed-off-by: Michael Koziarski <michael@koziarski.com> [#3266 state:committed]
* Enhancing distance_of_time_in_words to prefix year output with over and ↵Jay Pignata2009-09-281-4/+7
| | | | | | | about depending upon how many months have elapsed Signed-off-by: Michael Koziarski <michael@koziarski.com> [#3106 state:committed]
* Restore split between require-time and runtime load path mungery. Simplifies ↵Jeremy Kemper2009-09-241-1/+1
| | | | vendor requires.
* Clean up log output for rendered templatesJoshua Peek2009-09-244-67/+87
|
* Instrument process_action, render and sql.José Valim2009-09-201-2/+4
|
* Remove unused code in ActionView.José Valim2009-09-153-130/+0
| | | | Signed-off-by: Yehuda Katz <wycats@gmail.com>
* Rollback AS bundler work and improve activation of vendored dependenciesJoshua Peek2009-09-131-1/+1
|
* AV::UrlHelper depends on Array#secondJoshua Peek2009-09-131-0/+1
|
* Don't force test suite to use bundlerJoshua Peek2009-09-131-0/+1
|
* Allow fields_for on a nested_attributes association to accept an explicit ↵Andrew France2009-09-121-7/+19
| | | | | | collection to be used. [#2648 state:resolved] Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
* Clean tag attributes before passing through the escape_once logic.Michael Koziarski2009-09-041-1/+1
| | | | Addresses CVE-2009-3009
* Replace :formats => ["*/*"] with the default formats setYehuda Katz + Carl Lerche2009-09-031-0/+2
|
* Don't raise exceptions for missing javascript_include_tag or ↵Sam Pohlenz2009-09-031-2/+6
| | | | | | stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Refactor ActionView::ResolverYehuda Katz + Carl Lerche2009-09-031-77/+95
|
* Fix the */* with Net::HTTP bug [#3100 state:resolved]Yehuda Katz + Carl Lerche2009-09-011-22/+9
|
* Remove some old cruftYehuda Katz2009-08-271-3/+0
|
* Add a default parameter for Resolver#initializeCarl Lerche2009-08-261-1/+1
|
* I18n: use I18n for select helpers' prompt textAkira Matsuda2009-08-262-1/+6
| | | | | | [#2252 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Revert "I18n: use I18n for select helpers' prompt text"Jeremy Kemper2009-08-262-6/+1
| | | | | | | | Broke CI. [#2252 state:open] This reverts commit adedf72821a5623227ce91e6b298838e692477e4.
* I18n: use I18n for select helpers' prompt textAkira Matsuda2009-08-262-1/+6
| | | | | | [#2252 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Fixes ActionMailer regression [#3059 state:resolved]Yehuda Katz2009-08-151-1/+1
|
* Got tests to pass with some more changes.Yehuda Katz2009-08-153-4/+16
| | | | | | | | | | | | | | | | * request.formats is much simpler now * For XHRs or Accept headers with a single item, we use the Accept header * For other requests, we use params[:format] or fallback to HTML * This is primarily to work around the fact that browsers provide completely broken Accept headers, so we have to whitelist the few cases we can specifically isolate and treat other requests as coming from the browser * For APIs, we can support single-item Accept headers, which disambiguates from the browsers * Requests to an action that only has an XML template from the browser will no longer find the template. This worked previously because most browsers provide a catch-all */*, but this was mostly accidental behavior. If you want to serve XML, either use the :xml format in links, or explicitly specify the XML template: render "template.xml".
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 19:31:49 +0000