aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/new_base/render_html_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate :controller and :action path parametersAndrew White2016-03-011-2/+2
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Set the content-type to `text/html` if the options[:html] is trueakihiro172015-08-291-1/+0
| | | | | | In this commit, we set the content-type to `text/html` in AbstractController if the `options[:html]` is true so that we don't include ActionView::Rendering into ActionController::Metal to set it properly. I removed the if `options[:plain]` statement because `AbstractController#rendered_format` returns `Mime::TEXT` by default.
* include ActionView::Rendering in the minimal controllerAaron Patterson2015-08-261-0/+1
| | | | without this module, the content type is not set correctly
* provide a request and response to all controllersAaron Patterson2015-08-251-1/+1
| | | | | | | | | | Controllers should always have a request and response when responding. Since we make this The Rule(tm), then controllers don't need to be somewhere in limbo between "asking a response object for a rack response" or "I, myself contain a rack response". This duality leads to conditionals spread through the codebase that we can delete: * https://github.com/rails/rails/blob/85a78d9358aa728298cd020cdc842b55c16f9549/actionpack/lib/action_controller/metal.rb#L221-L223
* Removed single space padding from empty response body.Godfrey Chan2014-07-101-4/+4
| | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-0/+190
This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.