aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/url_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Prepare the context in URLHelperTest so that there are no required ↵wycats2011-05-221-0/+2
| | | | uninitialized instance variables
* Remove dependency from _template.José Valim2011-05-011-1/+1
|
* Be sure to javascript_escape the email address to prevent apostrophes ↵Michael Koziarski2011-02-081-4/+5
| | | | | | inadvertently causing javascript errors. This fixes CVE-2011-0446
* add test to check class is being escaped in form_classSantiago Pastorino2011-02-011-0/+4
|
* Allow customization of form class for button_toAndrei Bocan2011-02-011-0/+4
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Make sure capture's output gets html_escaped [#5545 state:resolved]Jeff Kreeftmeijer2010-11-021-6/+1
| | | | | | | Also remove a duplicate test_link_to_unless assertion and add .html_safe to the remaining one. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Allow generated url helpers to be overriden [#5243 state:resolved]Andrew White2010-10-261-0/+18
|
* data-disable-with in button_to helperPaco Guzman2010-10-111-0/+21
| | | | | | [#4993 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Clean up unused methods from AV::Base and pass in the template object on ↵José Valim2010-10-101-1/+1
| | | | rendering.
* delete repeated codeAaron Patterson2010-10-011-18/+0
|
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-051-3/+2
|
* Removing unnecessary codeThiago Pradi2010-09-021-7/+0
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-2/+2
| | | | 's/[ \t]*$//' -i {} \;)
* These tests are trusting in the order of the elements so use OrderedHash ↵Santiago Pastorino2010-07-211-13/+9
| | | | instead of Hash
* Refactor recall parameter normalization [#5021 state:resolved]Andrew White2010-07-031-2/+27
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* We are trying to test that & escapes here not that &amp; is being escaped, ↵Santiago Pastorino2010-06-291-3/+2
| | | | | | also added a cosmetic change to test_link_tag_with_query_and_no_name Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* s/escape_once/html_escape/, since html safety is the contract that now says ↵Xavier Noria2010-06-301-2/+2
| | | | whether something has to be escaped
* url_for no longer escapes HTML, the :escape option is also goneXavier Noria2010-06-301-16/+4
| | | | Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
* Restores the escaping of urls generated from hashes. [#4765 state:resolved]Andrew White2010-06-281-8/+4
| | | | | | | | | | | | | | HTML specifications recommend the escaping of urls in web pages, which url_for does by default for string urls and consquently urls generated by path helpers as these return strings. Hashes passed to url_for are not escaped by default and this commit reverses this default so that they are escaped. Undoes the changes of this commit: http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944 Signed-off-by: José Valim <jose.valim@gmail.com>
* Normalize recall params when the route is not a standard route otherwise ↵Andrew White2010-06-271-0/+22
| | | | | | :controller and :action may appear in the generated url [#4326 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* Allow :remote => false to be passed to link_toNicolas Sanguinetti2010-04-221-0/+14
| | | | | | | And add tests for `button_to` and `form_tag` which currently behave as expected, so we avoid a regression. Signed-off-by: wycats <wycats@gmail.com>
* params already has a setted controller and action hereSantiago Pastorino2010-04-211-1/+0
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* url_for now works with HashWithIndifferentAccess ht jay [#4391 state:committed]Santiago Pastorino2010-04-211-0/+10
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* mail_to with :encode => :javascript now outputs safe htmlSam Elliott2010-04-161-2/+6
| | | | Signed-off-by: Carl Lerche <carllerche@mac.com>
* Consistently use lowercase instead of camelCase for all JS class names in RailsDavid Heinemeier Hansson2010-04-081-10/+10
|
* Refactored url_for in AV to have its own instances of the helpers instead of ↵wycats2010-04-031-215/+204
| | | | proxying back to the controller. This potentially allows for more standalone usage of AV. It also kicked up a lot of dust in the tests, which were mocking out controllers to get this behavior. By moving it to the view, it made a lot of the tests more standalone (a win)
* Fix link_to with blockJeremy Kemper2010-03-151-4/+1
|
* Get rid of the instance-level URL rewriterwycats2010-03-091-2/+0
|
* Reinstate default_url_options and remove url_options= writerJeremy Kemper2010-03-081-1/+1
|
* Start refactoring the method of configuring ActionViewCarlhuda2010-03-031-7/+2
|
* Fix tests for the request refactorCarl Lerche2010-03-031-18/+34
|
* Tweak the semantic of various URL related methods of ActionDispatch::RequestCarlhuda2010-03-031-3/+0
|
* Silence test deprecation warningsCarlhuda2010-02-261-1/+1
|
* Require persisted? in ActiveModel::Lint and remove new_record? and ↵José Valim2010-02-211-18/+18
| | | | destroyed? methods. ActionPack does not care if the resource is new or if it was destroyed, it cares only if it's persisted somewhere or not.
* content_tag should escape its inputBruno Michel2010-02-141-1/+1
| | | | Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
* data-remote needs to be on the form and not the submit when using button_to ↵Erik St. Martin2010-01-311-0/+7
| | | | :remote=>true
* Add rel=nofollow on non get remote linksJoshua Peek2010-01-301-2/+2
|
* updating link_to and button_to to support :remote => true and other options ↵Erik St. Martin2010-01-301-9/+16
| | | | | | such as :confirm in a unobtrusive manor Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Revert "Merge branch 'rails/master' into ujs"Joshua Peek2010-01-301-9/+9
| | | | | | | | | | | This reverts commit 3aa1ea1ae4baa4a03d03644e798eeb98a4745785, reversing changes made to 2c12a71378d2146c822acb389b00b866f6420ff5. Conflicts: actionpack/lib/action_view/helpers/javascript_helper.rb actionpack/lib/action_view/helpers/url_helper.rb actionpack/test/template/url_helper_test.rb
* Deprecate link_to :popupJoshua Peek2010-01-291-30/+0
|
* modified helper that adds attributes for :method to include rel='nofollow' ↵Erik St. Martin2010-01-271-3/+3
| | | | if :method => :delete, same as its remote_ equivalent
* making non remote versions of link_to, button_to, submit_tag and ↵Erik St. Martin2010-01-271-14/+14
| | | | image_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with
* Use new routing dsl in testsJoshua Peek2009-12-081-4/+4
|
* Privatize Routing.possible_controllers and fix brittle url helperJoshua Peek2009-11-231-26/+19
| | | | controller test loading.
* Fix brittle query string comparisonsJoshua Peek2009-10-191-6/+13
|
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-151-0/+5
|
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-151-3/+13
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-141-0/+3
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-1/+1
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Move helpers specific to functional tests out of TestProcess into AC::TestCaseJoshua Peek2009-09-231-11/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 06:32:17 +0000