aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/tag_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix failing tests on 3-2-stable branch:Johnny Shields2016-09-151-2/+2
| | | | | | | | - Set sudo: false in .travis.yml which uses latest travis engine and fixes some failing specs - Use older version of gems in Gemfile if RUBY_VERSION < '1.9.3' (no change to .gemspec) - Fix two cases of hash rockets in tests (required for Ruby 1.8.7) - Skip failing test "test_ensure_that_migration_tasks_work_with_mountable_option" which breaks due to Bundler no longer accepting the default generated .gemspec format. - Skip railties specs on Ruby 1.8.7 (mark as an allowed failure.)
* Remove dead code and ensure values are strings before calling gsubMike Virata-Stone2016-08-111-0/+8
|
* ensure tag/content_tag escapes " in attribute valsAndrew Carpenter2016-08-101-0/+10
| | | | | | Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))` CVE-2016-6316
* Fixed tag_helper data-attribute bug with BigDecimalsBodacious2012-05-201-2/+2
|
* test helpers in erb using erblest2011-11-301-5/+5
|
* HTML5 data attribute helpers [#5825 state:resolved].Stephen Celis2010-10-181-0/+7
|
* Add parenthesis to avoid syntax warnings.Emilio Tagua2010-09-281-1/+1
|
* Use parentheses when using assert_match followed by a regexp to avoid warnings.Emilio Tagua2010-09-271-2/+2
|
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-3/+3
| | | | 's/[ \t]*$//' -i {} \;)
* s/escape_once/html_escape/, since html safety is the contract that now says ↵Xavier Noria2010-06-301-2/+2
| | | | whether something has to be escaped
* content_tag_string shouldn't escape_html if escape param is falseSantiago Pastorino2010-06-071-0/+2
|
* Deprecate block_called_from_erb? pending a solution for getting it into appsCarlhuda2010-03-091-9/+7
|
* content_tag should escape its inputBruno Michel2010-02-141-0/+2
| | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-0/+1
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Allow content_tag options to take an array [#1741 state:resolved] ↵rizwanreza2009-08-081-0/+13
| | | | | | | | | | [rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Tag helper should output an attribute with the value 'false' instead of ↵Hongli Lai (Phusion)2008-11-131-0/+4
| | | | omitting the attribute, if the associated option is false but not nil.
* Check whether blocks are called from erb using a special __in_erb_template ↵Jeremy Kemper2008-06-191-9/+26
| | | | variable visible in block binding.
* with_output_buffer returns the temporary buffer instead of the result of the ↵Jeremy Kemper2008-06-081-0/+1
| | | | block
* Use output_buffer reader and writer methods exclusively instead of hitting ↵Jeremy Kemper2008-06-081-6/+4
| | | | the instance variable so others can override the methods.
* Work with @output_buffer instead of _erboutJeremy Kemper2008-06-021-6/+6
|
* Introduce ActionView::TestCase for testing view helpers.Joshua Peek2008-04-191-5/+2
|
* require abstract_unit directly since test is in load pathJeremy Kemper2008-01-051-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* The tag helper may bypass escaping.Jeremy Kemper2007-09-241-0/+4
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* tag_options creates fewer objectsJeremy Kemper2007-09-181-1/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that content_tag with a block will just return the result instead of ↵David Heinemeier Hansson2007-05-021-0/+5
| | | | | | concate it if not used in a ERb view #7857, #7432 [michael.niessner] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵Jeremy Kemper2007-01-281-1/+1
| | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Clean up multiple calls to #stringify_keys in TagHelper, add better ↵Rick Olson2007-01-051-2/+3
| | | | | | documentation and testing for TagHelper. Closes #6394 [Bob Silva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added block-usage to TagHelper#content_tag [DHH]David Heinemeier Hansson2006-10-231-3/+14
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5344 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add <%= escape_once html %> to escape html while leaving any currently ↵Rick Olson2006-10-181-0/+4
| | | | | | escaped entities alone. Fix button_to double-escaping issue. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. [Rick]Rick Olson2006-10-181-0/+12
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5321 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Make test_tag_options pass (closes #5600) [shugo]David Heinemeier Hansson2006-08-051-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4675 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Wrap javascript_tag contents in a CDATA section and add a cdata_section ↵Sam Stephenson2005-10-121-0/+4
| | | | | | method to TagHelper. Closes #1691. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Convert boolean form options form the tag_helper. Recloses #809.Marcel Molina2005-10-101-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added that nil options are not included in tags, so tag("p", :ignore => nil) ↵David Heinemeier Hansson2005-07-091-0/+8
| | | | | | now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [michael@schuerig.de] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1789 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed TagHelper such that :name and 'name' keys in the options doesn't ↵David Heinemeier Hansson2005-06-161-0/+4
| | | | | | result in two attributes #1455 [take_tk] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1426 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Moved image_tag to AssetTagHelperDavid Heinemeier Hansson2005-03-141-4/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@899 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added TagHelper#image_tag and deprecated UrlHelper#link_image_to ↵David Heinemeier Hansson2005-03-091-13/+4
| | | | | | (recommended approach is to combine image_tag and link_to instead) git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@879 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that form helpers would treat string and symbol keys differently in ↵David Heinemeier Hansson2005-03-061-5/+8
| | | | | | html_options (and possibly create duplicate entries) #112 [bitsweat] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@833 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added :encode option to mail_to that'll allow you to masquarede the email ↵David Heinemeier Hansson2005-01-241-0/+12
| | | | | | address behind javascript or hex encoding #494 [Lucas Carlson] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@493 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* InitialDavid Heinemeier Hansson2004-11-241-0/+18
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 23:34:10 +0000