Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add test to ensure data attributes are properly escaped with tag helpers | Carlos Antonio da Silva | 2012-11-01 | 1 | -2/+7 |
| | | | | Closes #8091 | ||||
* | Fixed tag_helper data-attribute bug with BigDecimals | Bodacious | 2012-05-17 | 1 | -2/+2 |
| | |||||
* | split CDATA end token in cdata_section helper | Sergey Nartimov | 2012-04-30 | 1 | -0/+5 |
| | |||||
* | Adding itemscope to list of boolean attributes. | Frankie Roberto | 2012-04-09 | 1 | -2/+2 |
| | | | | | | 'itemscope' is defined within HTML5 for use in microdata markup. See http://www.whatwg.org/specs/web-apps/current-work/multipage/microdata.ht ml#attr-itemscope | ||||
* | test helpers in erb using erb | lest | 2011-11-30 | 1 | -5/+5 |
| | |||||
* | HTML5 data attribute helpers [#5825 state:resolved]. | Stephen Celis | 2010-10-18 | 1 | -0/+7 |
| | |||||
* | Add parenthesis to avoid syntax warnings. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | |||||
* | Use parentheses when using assert_match followed by a regexp to avoid warnings. | Emilio Tagua | 2010-09-27 | 1 | -2/+2 |
| | |||||
* | Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵ | Santiago Pastorino | 2010-08-14 | 1 | -3/+3 |
| | | | | 's/[ \t]*$//' -i {} \;) | ||||
* | s/escape_once/html_escape/, since html safety is the contract that now says ↵ | Xavier Noria | 2010-06-30 | 1 | -2/+2 |
| | | | | whether something has to be escaped | ||||
* | content_tag_string shouldn't escape_html if escape param is false | Santiago Pastorino | 2010-06-07 | 1 | -0/+2 |
| | |||||
* | Deprecate block_called_from_erb? pending a solution for getting it into apps | Carlhuda | 2010-03-09 | 1 | -9/+7 |
| | |||||
* | content_tag should escape its input | Bruno Michel | 2010-02-14 | 1 | -0/+2 |
| | | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local> | ||||
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 1 | -0/+1 |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | ||||
* | Allow content_tag options to take an array [#1741 state:resolved] ↵ | rizwanreza | 2009-08-08 | 1 | -0/+13 |
| | | | | | | | | | | [rizwanreza, Nick Quaranto] Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: Pratik Naik <pratiknaik@gmail.com> | ||||
* | Tag helper should output an attribute with the value 'false' instead of ↵ | Hongli Lai (Phusion) | 2008-11-13 | 1 | -0/+4 |
| | | | | omitting the attribute, if the associated option is false but not nil. | ||||
* | Check whether blocks are called from erb using a special __in_erb_template ↵ | Jeremy Kemper | 2008-06-19 | 1 | -9/+26 |
| | | | | variable visible in block binding. | ||||
* | with_output_buffer returns the temporary buffer instead of the result of the ↵ | Jeremy Kemper | 2008-06-08 | 1 | -0/+1 |
| | | | | block | ||||
* | Use output_buffer reader and writer methods exclusively instead of hitting ↵ | Jeremy Kemper | 2008-06-08 | 1 | -6/+4 |
| | | | | the instance variable so others can override the methods. | ||||
* | Work with @output_buffer instead of _erbout | Jeremy Kemper | 2008-06-02 | 1 | -6/+6 |
| | |||||
* | Introduce ActionView::TestCase for testing view helpers. | Joshua Peek | 2008-04-19 | 1 | -5/+2 |
| | |||||
* | require abstract_unit directly since test is in load path | Jeremy Kemper | 2008-01-05 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | The tag helper may bypass escaping. | Jeremy Kemper | 2007-09-24 | 1 | -0/+4 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | tag_options creates fewer objects | Jeremy Kemper | 2007-09-18 | 1 | -1/+3 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed that content_tag with a block will just return the result instead of ↵ | David Heinemeier Hansson | 2007-05-02 | 1 | -0/+5 |
| | | | | | | concate it if not used in a ERb view #7857, #7432 [michael.niessner] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵ | Jeremy Kemper | 2007-01-28 | 1 | -1/+1 |
| | | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Clean up multiple calls to #stringify_keys in TagHelper, add better ↵ | Rick Olson | 2007-01-05 | 1 | -2/+3 |
| | | | | | | documentation and testing for TagHelper. Closes #6394 [Bob Silva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Added block-usage to TagHelper#content_tag [DHH] | David Heinemeier Hansson | 2006-10-23 | 1 | -3/+14 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5344 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Add <%= escape_once html %> to escape html while leaving any currently ↵ | Rick Olson | 2006-10-18 | 1 | -0/+4 |
| | | | | | | escaped entities alone. Fix button_to double-escaping issue. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix double-escaped entities, such as &amp;, &#123;, etc. [Rick] | Rick Olson | 2006-10-18 | 1 | -0/+12 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5321 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Make test_tag_options pass (closes #5600) [shugo] | David Heinemeier Hansson | 2006-08-05 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4675 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Wrap javascript_tag contents in a CDATA section and add a cdata_section ↵ | Sam Stephenson | 2005-10-12 | 1 | -0/+4 |
| | | | | | | method to TagHelper. Closes #1691. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Convert boolean form options form the tag_helper. Recloses #809. | Marcel Molina | 2005-10-10 | 1 | -0/+5 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Added that nil options are not included in tags, so tag("p", :ignore => nil) ↵ | David Heinemeier Hansson | 2005-07-09 | 1 | -0/+8 |
| | | | | | | now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [michael@schuerig.de] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1789 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed TagHelper such that :name and 'name' keys in the options doesn't ↵ | David Heinemeier Hansson | 2005-06-16 | 1 | -0/+4 |
| | | | | | | result in two attributes #1455 [take_tk] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1426 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Moved image_tag to AssetTagHelper | David Heinemeier Hansson | 2005-03-14 | 1 | -4/+0 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@899 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Added TagHelper#image_tag and deprecated UrlHelper#link_image_to ↵ | David Heinemeier Hansson | 2005-03-09 | 1 | -13/+4 |
| | | | | | | (recommended approach is to combine image_tag and link_to instead) git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@879 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed that form helpers would treat string and symbol keys differently in ↵ | David Heinemeier Hansson | 2005-03-06 | 1 | -5/+8 |
| | | | | | | html_options (and possibly create duplicate entries) #112 [bitsweat] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@833 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Added :encode option to mail_to that'll allow you to masquarede the email ↵ | David Heinemeier Hansson | 2005-01-24 | 1 | -0/+12 |
| | | | | | | address behind javascript or hex encoding #494 [Lucas Carlson] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@493 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Initial | David Heinemeier Hansson | 2004-11-24 | 1 | -0/+18 |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |