| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
After:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
Backport of #10969
|
|
|
|
|
|
| |
Rails were including 'application.js' to the pack when using
`javascript_include_tag :all` even there's no application.js in the
public directory.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
|
|
|
| |
This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a.
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
|
|
| |
option"
Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
This reverts commit fc092a9cba5fceec38358072e50e09250cf58840.
This reverts commit e9051e20aeb2c666db06b6217954737665878db7.
This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1.
This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
|
| |
|
|
|
|
| |
Respect absolute paths in compute_source_path.
|
|
|
|
| |
Render img tag with empty src if empty string is passed to image_tag.
|
| |
|
| |
|
|
|
|
| |
Support data: url scheme
|
| |
|
| |
|
|
|
|
|
|
| |
English to
American English(according to Weber)
|
|
|
|
|
|
| |
That integer is rather irrelevant, the only thing that matters is that
it is consistent and with no apparent bias. Zlib.crc32 is 8-10 times
faster than bytes.sum, so use that.
|
| |
|
|
|
|
| |
wildcard of the assets path because in ruby 1.9 is not consistent
|
|\
| |
| | |
Asset urls master
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
config.action_controller.default_asset_host_protocol
It's best to leave this unset.
When unset the :request protocol is used whenever it can be and
:relative is used in the other situations.
When set to :request then assets hosts will be disabled when there
is no request in scope and will use the request protocol whenever a
request is in scope.
If set to :relative, then a relative protocol is always used except
for stylesheet link tags which must use the :request protocol to
avoid double downloads in IE6&7.
Conflicts:
actionpack/lib/sprockets/helpers/rails_helper.rb
actionpack/test/template/sprockets_helper_test.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
download of stylesheets in IE7 and IE8.
Conflicts:
actionpack/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb
actionpack/lib/sprockets/helpers/rails_helper.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
used during asset precompilation.
Conflicts:
actionpack/lib/action_view/asset_paths.rb
actionpack/lib/sprockets/helpers/rails_helper.rb
actionpack/test/template/sprockets_helper_test.rb
|
|/ |
|
| |
|
|
|
|
| |
This reverts commit 057412ce38ead06307a887dca333837a99f84f22.
|
| |
|
| |
|
|
|
|
| |
nil value
|
| |
|
|
|
|
| |
corrects issues with ordering and duplicates.
|
|
|
|
|
|
|
|
| |
they are expanded, and removing duplicates.
When individual js assets are specified, they will override the order of the same asset specified in an expansion.
[#5938 state:resolved]
|
| |
|
|
|
|
|
| |
Using the same hash instance makes using the same expansions for
both javascripts and stylesheets.
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
setup within the railtie
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
a link for Mobile Safari with it
|
|
|
|
|
|
| |
are too specific.
This reverts commit 6891f46d10957f21f200fc4dc2b6076ff411b1da, ec8610cfdc32d0fe816fb22405e00ef1b6c90d73, and d18ff1b7efd96e7c08bc1a15137735be45f87e07.
|
| |
|
| |
|
|
|
|
| |
proxying back to the controller. This potentially allows for more standalone usage of AV. It also kicked up a lot of dust in the tests, which were mocking out controllers to get this behavior. By moving it to the view, it made a lot of the tests more standalone (a win)
|
|
|
|
| |
[#4247 state:resolved]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set config.action_controller.asset_path_template to a proc that takes one
argument - the direct, unchanged asset path - and returns a path to that asset
using the scheme that your assets require.
This is useful if you have a setup which scales by introducing new application
servers where the mtime of the asset files may not be the same as those of the
asset files on your previous servers, but it does require your web servers to
have knowledge of the asset template paths that you rewrite to so it's not
suitable for out-of-the-box use. An example of configuring asset path
generation and rewriting these paths using Apache is included in
actionpack/lib/action_view/helpers/asset_tag_helper.rb.
Signed-off-by: wycats <wycats@gmail.com>
|