aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/javascript_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* html_escape should escape single quotesSantiago Pastorino2012-08-021-5/+5
| | | | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb
* Revert "Deprecate link_to_function and button_to_function helpers"Rafael Mendonça França2012-08-011-24/+12
| | | | This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
* Deprecate link_to_function and button_to_function helpersRafael Mendonça França2012-04-301-12/+24
|
* Ensure regexp and hash key are UTF-8Andrew White2011-08-231-1/+6
|
* fix escape_javascript for unicode character \u2028.Teng Siong Ong2011-08-211-0/+1
|
* Make sure `escape_javascript` return `SafeBuffer` if the incoming argument ↵Prem Sichanugrist2011-06-091-0/+2
| | | | is already html_safe
* Make escape_javascript happy to handle SafeBuffersPaul Gallagher2011-06-081-0/+7
| | | | | * see GH#1553 * allow for the fact that gsub on SafeBuffer does not pass match variables $1, $2 etc to a block
* fixes the name of a testXavier Noria2011-04-131-1/+1
|
* removes support for RJS in button_to_functionXavier Noria2011-04-131-14/+0
|
* removes support for RJS in link_to_functionXavier Noria2011-04-131-24/+1
|
* Fix alias_method, add testDavid Heinemeier Hansson2011-03-271-0/+1
|
* Remove duplicated method.Emilio Tagua2010-09-281-2/+0
|
* link_to_function now expects a piece of javascript code for the onclick ↵Rodrigo Dominguez2010-07-291-4/+5
| | | | | | | | parameter [#5179] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Add assertion to link_to_function test with block and capture, and more ↵Carlos Antonio da Silva2010-07-251-5/+4
| | | | | | expressive test name [#5179 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Fixed output_buffer encoding problem [#5179]Sebastian A. Espindola2010-07-251-0/+9
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> Signed-off-by: José Valim <jose.valim@gmail.com>
* link_to_function is here to stayJoshua Peek2010-03-161-1/+30
|
* Deprecate block_called_from_erb? pending a solution for getting it into appsCarlhuda2010-03-091-12/+0
|
* Added template lookup responsible to hold all information used in template ↵José Valim2010-03-071-2/+2
| | | | lookup.
* Change AV formats so they can delegate to the controller. Now users (or ↵Carlhuda2010-03-011-0/+1
| | | | plugins) can override details_for_render in their controllers and add appropriate additional details. Now if only they could *do* something with those details...
* Move link_to_function and link_to_remote into prototype_legacy_helperJoshua Peek2010-01-301-29/+0
| | | | plugin
* Javascript tests expects the old default of escaping HTML, make it so for nowDavid Heinemeier Hansson2010-01-101-0/+5
|
* Got tests to pass with some more changes.Yehuda Katz2009-08-151-0/+4
| | | | | | | | | | | | | | | | * request.formats is much simpler now * For XHRs or Accept headers with a single item, we use the Accept header * For other requests, we use params[:format] or fallback to HTML * This is primarily to work around the fact that browsers provide completely broken Accept headers, so we have to whitelist the few cases we can specifically isolate and treat other requests as coming from the browser * For APIs, we can support single-item Accept headers, which disambiguates from the browsers * Requests to an action that only has an XML template from the browser will no longer find the template. This worked previously because most browsers provide a catch-all */*, but this was mostly accidental behavior. If you want to serve XML, either use the :xml format in links, or explicitly specify the XML template: render "template.xml".
* Added the :rjs render optionYehuda Katz + Carl Lerche2009-05-211-0/+4
|
* Bring abstract_controller up to date with rails/masterCarl Lerche & Yehuda Katz2009-04-131-5/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolved all the conflicts since 2.3.0 -> HEAD. Following is a list of commits that could not be applied cleanly or are obviated with the abstract_controller refactor. They all need to be revisited to ensure that fixes made in 2.3 do not reappear in 3.0: 2259ecf368e6a6715966f69216e3ee86bf1a82a7 AR not available * This will be reimplemented with ActionORM or equivalent 06182ea02e92afad579998aa80144588e8865ac3 implicitly rendering a js response should not use the default layout [#1844 state:resolved] * This will be handled generically 893e9eb99504705419ad6edac14d00e71cef5f12 Improve view rendering performance in development mode and reinstate template recompiling in production [#1909 state:resolved] * We will need to reimplement rails-dev-boost on top of the refactor; the changes here are very implementation specific and cannot be cleanly applied. The following commits are implicated: 199e750d46c04970b5e7684998d09405648ecbd4 3942cb406e1d5db0ac00e03153809cc8dc4cc4db f8ea9f85d4f1e3e6f3b5d895bef6b013aa4b0690 e3b166aab37ddc2fbab030b146eb61713b91bf55 ae9f258e03c9fd5088da12c1c6cd216cc89a01f7 44423126c6f6133a1d9cf1d0832b527e8711d40f 0cb020b4d6d838025859bd60fb8151c8e21b8e84 workaround for picking layouts based on wrong view_paths [#1974 state:resolved] * The specifics of this commit no longer apply. Since it is a two-line commit, we will reimplement this change. 8c5cc66a831aadb159f3daaffa4208064c30af0e make action_controller/layouts pick templates from the current instance's view_paths instead of the class view_paths [#1974 state:resolved] * This does not apply at all. It should be trivial to apply the feature to the reimplemented ActionController::Base. 87e8b162463f13bd50d27398f020769460a770e3 fix HTML fallback for explicit templates [#2052 state:resolved] * There were a number of patches related to this that simply compounded each other. Basically none of them apply cleanly, and the underlying issue needs to be revisited. After discussing the underlying problem with Koz, we will defer these fixes for further discussion.
| * Remove duplicate test [#2136 state:resolved]Yury Kotlyarov2009-03-081-5/+0
| | | | | | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* | Temporarily modifies setup to call super directly. This can support more ↵Yehuda Katz and Carl Lerche2009-04-081-0/+1
| | | | | | | | T::U runners.
* | Begin unifying the interface between ActionController and ActionViewYehuda Katz2009-01-221-1/+1
|/
* Cache JavaScriptGenerator's helper module set on the templateJoshua Peek2008-08-261-5/+0
|
* Performance: Cache modules that extend the view context for JavaScriptGeneratorJoshua Peek2008-08-251-0/+5
|
* JavaScriptGenerator should only sets output_buffer for the duration of the ↵Jeremy Kemper2008-07-151-1/+5
| | | | update block
* Get buffer for fragment cache from template's @output_bufferJoshua Peek2008-07-151-0/+2
|
* Remove old method of including javascripts define_javascript_functions.Michael Koziarski2008-07-031-8/+0
| | | | javascript_include_tag and friends do a much better job.
* Check whether blocks are called from erb using a special __in_erb_template ↵Jeremy Kemper2008-06-191-3/+5
| | | | variable visible in block binding.
* Use output_buffer reader and writer methods exclusively instead of hitting ↵Jeremy Kemper2008-06-081-8/+6
| | | | the instance variable so others can override the methods.
* javascript_tag should only concat when block_given?Jeremy Kemper2008-06-061-0/+4
|
* Work with @output_buffer instead of _erboutJeremy Kemper2008-06-021-6/+6
|
* Introduce ActionView::TestCase for testing view helpers.Joshua Peek2008-04-191-8/+2
|
* require abstract_unit directly since test is in load pathJeremy Kemper2008-01-051-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Don't escape forward slashes with String#to_json, our unicode encoding of < ↵Michael Koziarski2007-12-021-4/+4
| | | | | | and > prevent the XSS problems. [tpope] Closes #10273 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8255 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Change JSON to encode %w(< > &) as 4 digit hex codes to be in compliance ↵Rick Olson2007-10-291-4/+4
| | | | | | with the JSON spec. Closes #9975 [josh, chuyeow, tpope] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8050 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Update tests for ActiveSupport's JSON escaping change. [rick]Rick Olson2007-10-261-4/+4
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8034 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve tests (closes #7240) [josh]David Heinemeier Hansson2007-09-221-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7581 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed JavaScriptHelper#escape_javascript to also escape closing tags (closes ↵David Heinemeier Hansson2007-09-221-0/+1
| | | | | | #8023) [rubyruy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added block-acceptance to JavaScriptHelper#javascript_tag (closes #7527) ↵David Heinemeier Hansson2007-09-151-0/+12
| | | | | | [BobSilva/tarmo/rmm5t] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve helper test coverage. Closes #7215, #7233, #7234, #7235, #7236, ↵Jeremy Kemper2007-06-131-9/+24
| | | | | | #7237, #7238. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7011 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Test javascript_tag. Closes #7239.Jeremy Kemper2007-06-081-0/+10
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6977 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve Action View test coverage. Closes #7241, #7243, #7244.Jeremy Kemper2007-06-081-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6967 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* fix test cases to match new json output. Closes #8371Rick Olson2007-05-291-4/+4
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6894 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵Jeremy Kemper2007-01-281-1/+1
| | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed escaping of backslashes in JavaScriptHelper#escape_javascript (closes ↵David Heinemeier Hansson2006-10-091-0/+1
| | | | | | #6302) [sven@c3d2.de] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5242 5ecf4fe2-1ee6-0310-87b1-e25e094e27de