Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | html_escape should escape single quotes | Santiago Pastorino | 2012-07-31 | 1 | -1/+1 |
| | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 | ||||
* | deprecate `describe` without a block. | Aaron Patterson | 2012-07-09 | 1 | -2/+0 |
| | | | | | minitest/spec provides `describe`, so deprecate the rails version and have people use the superclass version | ||||
* | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
* | Show detailed exceptions no longer returns true if the request is local in ↵ | José Valim | 2011-12-16 | 1 | -0/+6 |
| | | | | production. | ||||
* | Get rid of update_details in favor of passing details to find_template. | José Valim | 2011-09-22 | 1 | -3/+3 |
| | |||||
* | realigns a series of hash arrows | Xavier Noria | 2010-11-21 | 1 | -10/+10 |
| | |||||
* | Added support for Erubis <%== tag | Jan Maurits Faber | 2010-11-08 | 1 | -0/+10 |
| | | | | | | | <%== x %> is syntactic sugar for <%= raw(x) %> Signed-off-by: Michael Koziarski <michael@koziarski.com> [#5918 status:committed] | ||||
* | Allow cache to be temporarily disabled through lookup_context. | José Valim | 2010-10-07 | 1 | -1/+12 |
| | |||||
* | render :template => 'foo/bar.json' now works as it should. | José Valim | 2010-10-07 | 1 | -1/+14 |
| | |||||
* | Fixed routes to use new API in a few more actionpack tests | Piotr Sarnacki | 2010-09-05 | 1 | -3/+7 |
| | |||||
* | Add support for compile-time <%= raw %> | Yehuda Katz | 2010-01-31 | 1 | -22/+34 |
| | |||||
* | Redraw default routes on all internal integration tests. We don't need ↵ | Joshua Peek | 2009-10-03 | 1 | -3/+3 |
| | | | | SimpleRouteCase anymore | ||||
* | File extra test folders into controller, dispatch, or template | Joshua Peek | 2009-10-03 | 1 | -0/+170 |