aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/renderer_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Introduce Template::File as new render file:John Hawthorn2019-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | The previous behaviour of render file: was essentially the same as render template:, except that templates can be specified as an absolute path on the filesystem. This makes sense for historic reasons, but now render file: is almost exclusively used to render raw files (not .erb) like public/404.html. In addition to complicating the code in template/resolver.rb, I think the current behaviour is surprising to developers. This commit deprecates the existing "lookup a template from anywhere" behaviour and replaces it with "render this file exactly as it is on disk". Handlers will no longer be used (it will render the same as if the :raw handler was used), but formats (.html, .xml, etc) will still be detected (and will default to :plain). The existing render file: behaviour was the path through which Rails apps were vulnerable in the recent CVE-2019-5418. Although the vulnerability has been patched in a fully backwards-compatible way, I think it's a strong hint that we should drop the existing previously-vulnerable behaviour if it isn't a benefit to developers.
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Fixes ActionController::Rendering#with_defaultsalpaca-tc2017-03-121-0/+10
| | | | `env` is undefined.
* Fix malformed asset_url when rendering template with ActionController::RendererGiorgos Vrettos2017-03-061-0/+14
|
* Allow any key in Renderer environment hashSammy Larbi2016-10-151-0/+8
| | | | | | When rendering arbitrary templates, it is helpful to not overwrite `env` keys with nil if they don't match any found in the `RACK_KEY_TRANSLATION` This allows the developer to set the environment to exactly what is needed for rendering.
* remove redundant curlies from hash argumentsXavier Noria2016-08-061-1/+1
|
* applies new string literal convention in actionpack/testXavier Noria2016-08-061-36/+36
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Fix ApplicationController.renderer.defaults.merge!Jon Moss2016-04-201-0/+8
| | | | | | | Previously, users were trying to modify a frozen Hash. Includes a regression test :) Fixes #22975
* create a new renderer instance on calls to `for`Aaron Patterson2015-09-141-16/+3
| | | | | | | | | | | | This changes the renderer class to store the controller and defaults as an instance variable rather than allocating a new class. You can create a new renderer with an new env by calling `Renderer#new` or use new defaults by calling `Renderer#with_defaults` and saving the return value somewhere. Also I want to keep the `env` private since I would like to change the keys in the future. This commit only translates particular keys that the user requested.
* eagerly allocate the renderer objectAaron Patterson2015-09-141-0/+4
| | | | | this means the reader doesn't need to lock, but does have the added cost of a new object created for every controller
* :scissors: warning from controller renderer testYuki Nishijima2015-01-311-3/+3
| | | | rails/actionpack/test/controller/renderer_test.rb:89: warning: possible reference to past scope - defaults
* Add ActionController::Base.renderbrainopia2015-01-221-0/+4
|
* Add ActionController::Rendererbrainopia2015-01-221-0/+99
Render arbitrary templates outside of controller actions
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 00:10:34 +0000