| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
's/[ \t]*$//' -i {} \;)
|
|
|
|
| |
instead of Hash
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
also added a cosmetic change to test_link_tag_with_query_and_no_name
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
whether something has to be escaped
|
|
|
|
| |
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.
Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.
Undoes the changes of this commit:
http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
:controller and :action may appear in the generated url [#4326 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
| |
And add tests for `button_to` and `form_tag` which currently behave as
expected, so we avoid a regression.
Signed-off-by: wycats <wycats@gmail.com>
|
|
|
|
| |
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
Signed-off-by: Carl Lerche <carllerche@mac.com>
|
| |
|
|
|
|
| |
proxying back to the controller. This potentially allows for more standalone usage of AV. It also kicked up a lot of dust in the tests, which were mocking out controllers to get this behavior. By moving it to the view, it made a lot of the tests more standalone (a win)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
destroyed? methods. ActionPack does not care if the resource is new or if it was destroyed, it cares only if it's persisted somewhere or not.
|
|
|
|
| |
Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
|
|
|
|
| |
:remote=>true
|
| |
|
|
|
|
|
|
| |
such as :confirm in a unobtrusive manor
Signed-off-by: Joshua Peek <josh@joshpeek.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 3aa1ea1ae4baa4a03d03644e798eeb98a4745785, reversing
changes made to 2c12a71378d2146c822acb389b00b866f6420ff5.
Conflicts:
actionpack/lib/action_view/helpers/javascript_helper.rb
actionpack/lib/action_view/helpers/url_helper.rb
actionpack/test/template/url_helper_test.rb
|
| |
|
|
|
|
| |
if :method => :delete, same as its remote_ equivalent
|
|
|
|
| |
image_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with
|
| |
|
|
|
|
| |
controller test loading.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by
default. This was most commonly seen when generating a path with multiple
query parameters, e.g.
url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456)
would return
http://example.com/foo/bar?that=456&this=123
escaping an ampersand that shouldn't be escaped. This is both wrong and
inconsistent with the behavior of ActionController#url_for, and is changed.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
|
|
|
|
|
|
|
| |
By using config rather than hardcoded constants, we can evolve the
configuration system over time (we'd just need to update the config
method with more robust capabilities and all consumers would get
the capabilities with no code changes)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|
| |
|
| |
|
|
|
|
| |
work in real life anyway.
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
|
| |
|
|
|
|
|
|
| |
- Define to_model on AR
- Define to_model on ActiveModel::APICompliant
- Update test fixtures to be API Compliant
- Start using to_model in AP
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Resolved all the conflicts since 2.3.0 -> HEAD. Following is a list
of commits that could not be applied cleanly or are obviated with the
abstract_controller refactor. They all need to be revisited to ensure
that fixes made in 2.3 do not reappear in 3.0:
2259ecf368e6a6715966f69216e3ee86bf1a82a7
AR not available
* This will be reimplemented with ActionORM or equivalent
06182ea02e92afad579998aa80144588e8865ac3
implicitly rendering a js response should not use the default layout
[#1844 state:resolved]
* This will be handled generically
893e9eb99504705419ad6edac14d00e71cef5f12
Improve view rendering performance in development mode and reinstate
template recompiling in production [#1909 state:resolved]
* We will need to reimplement rails-dev-boost on top of the refactor;
the changes here are very implementation specific and cannot be
cleanly applied. The following commits are implicated:
199e750d46c04970b5e7684998d09405648ecbd4
3942cb406e1d5db0ac00e03153809cc8dc4cc4db
f8ea9f85d4f1e3e6f3b5d895bef6b013aa4b0690
e3b166aab37ddc2fbab030b146eb61713b91bf55
ae9f258e03c9fd5088da12c1c6cd216cc89a01f7
44423126c6f6133a1d9cf1d0832b527e8711d40f
0cb020b4d6d838025859bd60fb8151c8e21b8e84
workaround for picking layouts based on wrong view_paths
[#1974 state:resolved]
* The specifics of this commit no longer apply. Since it is a two-line
commit, we will reimplement this change.
8c5cc66a831aadb159f3daaffa4208064c30af0e
make action_controller/layouts pick templates from the current instance's
view_paths instead of the class view_paths [#1974 state:resolved]
* This does not apply at all. It should be trivial to apply the feature
to the reimplemented ActionController::Base.
87e8b162463f13bd50d27398f020769460a770e3
fix HTML fallback for explicit templates [#2052 state:resolved]
* There were a number of patches related to this that simply compounded
each other. Basically none of them apply cleanly, and the underlying
issue needs to be revisited. After discussing the underlying problem
with Koz, we will defer these fixes for further discussion.
|
| |
| |
| |
| | |
[#1617 state:resolved]
|
| | |
|
| |
| |
| |
| |
| |
| | |
with multiple query parameters [#1868 state:committed]
Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
|