aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/new_base/render_template_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate :controller and :action path parametersAndrew White2016-03-011-1/+1
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Fix test messages use directly true, false and nil instead of their symbolAkshay Vishnoi2015-03-191-3/+3
|
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-291-2/+2
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-2/+2
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Fix actionpack test cases broken by #16888Godfrey Chan2014-09-261-0/+9
|
* Fix typos like `a html` to `an html` and 'an mail' to 'an email'. [ci skip]Santosh Wadghule2014-07-141-2/+2
|
* Raise RuntimeErrors with inspectable and MRI-independent messages.Federico Ravasio2013-11-241-2/+2
| | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation.
* Override <%== to always behave as literal text rather than toggling based on ↵Jeremy Kemper2012-12-031-2/+8
| | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
* html_escape should escape single quotesSantiago Pastorino2012-07-311-1/+1
| | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215
* deprecate `describe` without a block.Aaron Patterson2012-07-091-2/+0
| | | | | minitest/spec provides `describe`, so deprecate the rails version and have people use the superclass version
* Remove default match without specified methodJose and Yehuda2012-04-241-1/+1
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Show detailed exceptions no longer returns true if the request is local in ↵José Valim2011-12-161-0/+6
| | | | production.
* Get rid of update_details in favor of passing details to find_template.José Valim2011-09-221-3/+3
|
* realigns a series of hash arrowsXavier Noria2010-11-211-10/+10
|
* Added support for Erubis <%== tagJan Maurits Faber2010-11-081-0/+10
| | | | | | | <%== x %> is syntactic sugar for <%= raw(x) %> Signed-off-by: Michael Koziarski <michael@koziarski.com> [#5918 status:committed]
* Allow cache to be temporarily disabled through lookup_context.José Valim2010-10-071-1/+12
|
* render :template => 'foo/bar.json' now works as it should.José Valim2010-10-071-1/+14
|
* Fixed routes to use new API in a few more actionpack testsPiotr Sarnacki2010-09-051-3/+7
|
* Add support for compile-time <%= raw %>Yehuda Katz2010-01-311-22/+34
|
* Redraw default routes on all internal integration tests. We don't need ↵Joshua Peek2009-10-031-3/+3
| | | | SimpleRouteCase anymore
* File extra test folders into controller, dispatch, or templateJoshua Peek2009-10-031-0/+170
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 14:14:37 +0000