aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/url_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
...
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-151-0/+5
|
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-151-3/+13
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-141-0/+3
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-081-1/+1
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Move helpers specific to functional tests out of TestProcess into AC::TestCaseJoshua Peek2009-09-231-11/+3
|
* Define weblog controller for url helper testJoshua Peek2009-09-131-0/+1
|
* Cleanup hacky routing with controller_path in url helper tests. This doesn't ↵Joshua Peek2009-09-061-62/+56
| | | | work in real life anyway.
* Make sure link_to generates the form with the specified :href if any [#2254 ↵Max Lapshin2009-08-101-0/+8
| | | | | | state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* AMo conversion helperJoshua Peek2009-07-211-2/+4
|
* Define ActiveModel API ComplianceYehuda Katz2009-07-201-2/+2
| | | | | | - Define to_model on AR - Define to_model on ActiveModel::APICompliant - Update test fixtures to be API Compliant - Start using to_model in AP
* Move model naming into ActiveModelJoshua Peek2009-06-171-0/+2
|
* Bring abstract_controller up to date with rails/masterCarl Lerche & Yehuda Katz2009-04-131-2/+35
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolved all the conflicts since 2.3.0 -> HEAD. Following is a list of commits that could not be applied cleanly or are obviated with the abstract_controller refactor. They all need to be revisited to ensure that fixes made in 2.3 do not reappear in 3.0: 2259ecf368e6a6715966f69216e3ee86bf1a82a7 AR not available * This will be reimplemented with ActionORM or equivalent 06182ea02e92afad579998aa80144588e8865ac3 implicitly rendering a js response should not use the default layout [#1844 state:resolved] * This will be handled generically 893e9eb99504705419ad6edac14d00e71cef5f12 Improve view rendering performance in development mode and reinstate template recompiling in production [#1909 state:resolved] * We will need to reimplement rails-dev-boost on top of the refactor; the changes here are very implementation specific and cannot be cleanly applied. The following commits are implicated: 199e750d46c04970b5e7684998d09405648ecbd4 3942cb406e1d5db0ac00e03153809cc8dc4cc4db f8ea9f85d4f1e3e6f3b5d895bef6b013aa4b0690 e3b166aab37ddc2fbab030b146eb61713b91bf55 ae9f258e03c9fd5088da12c1c6cd216cc89a01f7 44423126c6f6133a1d9cf1d0832b527e8711d40f 0cb020b4d6d838025859bd60fb8151c8e21b8e84 workaround for picking layouts based on wrong view_paths [#1974 state:resolved] * The specifics of this commit no longer apply. Since it is a two-line commit, we will reimplement this change. 8c5cc66a831aadb159f3daaffa4208064c30af0e make action_controller/layouts pick templates from the current instance's view_paths instead of the class view_paths [#1974 state:resolved] * This does not apply at all. It should be trivial to apply the feature to the reimplemented ActionController::Base. 87e8b162463f13bd50d27398f020769460a770e3 fix HTML fallback for explicit templates [#2052 state:resolved] * There were a number of patches related to this that simply compounded each other. Basically none of them apply cleanly, and the underlying issue needs to be revisited. After discussing the underlying problem with Koz, we will defer these fixes for further discussion.
| * Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.Jeremy Kemper2009-03-081-1/+1
| | | | | | | | [#1617 state:resolved]
| * Added tests from Andrew Whites fix [#1385 state:committed]David Heinemeier Hansson2009-02-051-0/+21
| |
| * Fix a syntax error in current_page?() that was prevent matches against URL's ↵chris finne2009-02-051-1/+13
| | | | | | | | | | | | with multiple query parameters [#1868 state:committed] Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
* | Temporarily modifies setup to call super directly. This can support more ↵Yehuda Katz and Carl Lerche2009-04-081-0/+4
|/ | | | T::U runners.
* Cleaned up route optimisation guard condition generation code as it was ↵Tom Lea2008-11-011-0/+13
| | | | | | | | getting a little messy. Add additional condition to handle the case where default_url_options is only defined in the controller, not the view. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* modified current_page? to ignore extra parameters unless specified in optionsErik Andrejko2008-10-261-0/+10
| | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> [#805 state:committed]
* Ruby 1.9 compat: set source encodingJeremy Kemper2008-08-231-0/+1
|
* mail_to should use decodeURIcomponent instead of unescape to be utf friendly.miloops2008-08-081-3/+7
| | | | Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Removed handling of string parameter in link_to to have all URL generation ↵Clemens Kofler2008-07-191-1/+10
| | | | | | done by url_for Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Set global ActionController::Base.view_paths for test casesJoshua Peek2008-07-121-8/+0
|
* Ensure mail_to label is obfuscated for javascript encoding. [#294 ↵Johan Sørensen2008-07-121-0/+1
| | | | | | state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Ensure url_for(nil) falls back to url_for({}). [#472 state:resolved]Cheah Chu Yeow2008-07-091-1/+10
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Set precompiled fixture load path constant to speed up testsJoshua Peek2008-06-251-4/+4
|
* Check whether blocks are called from erb using a special __in_erb_template ↵Jeremy Kemper2008-06-191-8/+8
| | | | variable visible in block binding.
* Added block-call style to link_to [Sam Stephenson/DHH]David Heinemeier Hansson2008-06-171-0/+8
|
* Introduce ActionView::TestCase for testing view helpers.Joshua Peek2008-04-191-10/+8
|
* Ruby 1.9 compat: text helperJeremy Kemper2007-12-211-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8464 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Test link_to 'back', :backJeremy Kemper2007-10-161-0/+10
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7933 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add link_to :back which uses your referrer with a fallback to a javascript ↵Michael Koziarski2007-10-081-1/+11
| | | | | | link. #7366 [eventualbuddha, tarmo] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7791 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Allow ability to disable request forgery protection, disable it in test mode ↵Rick Olson2007-09-281-2/+2
| | | | | | by default. Closes #9693 [lifofifo] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model ↵Rick Olson2007-09-231-0/+4
| | | | | | that verifies session-specific _tokens for non-GET requests. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Roll back #7578, tests failedDavid Heinemeier Hansson2007-09-221-10/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7580 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve the error message for assert_redirected_to (closes #7337) [sandofsky]David Heinemeier Hansson2007-09-221-0/+10
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7578 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that setting the :host option in url_for would automatically turn off ↵David Heinemeier Hansson2007-09-221-1/+19
| | | | | | :only_path (since :host would otherwise not be shown) (closes #9586) [Bounga] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7542 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that link_to with an href of # when using :method will not allow for ↵David Heinemeier Hansson2007-06-231-0/+7
| | | | | | click-through without JavaScript (closes #7037) [stevenbristol/josh] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7096 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Resources: url_for([parent, child]) generates /parents/1/children/2 for the ↵Jeremy Kemper2007-06-051-3/+62
| | | | | | nested resource. Likewise with the other simply helpful methods like form_for and link_to. Closes #6432. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6951 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Don't double-escape url_for in views. Closes #8144.Jeremy Kemper2007-06-051-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6942 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Removed deprecated parameters_for_method_reference concept (legacy from ↵David Heinemeier Hansson2007-05-121-2/+71
| | | | | | before named routes) [DHH] Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6729 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Deprecation: remove deprecated link_to_image and link_image_to methods. Use ↵Jeremy Kemper2007-03-131-33/+24
| | | | | | link_to(image_path(...), url). git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6405 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Allow Controllers to have multiple view_paths instead of a single ↵Rick Olson2007-02-041-2/+2
| | | | | | template_root. Closes #2754 [John Long] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6120 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* mail_to :encode => 'hex' also encodes the mailto: part of the href attribute ↵Jeremy Kemper2007-01-281-4/+5
| | | | | | as well as the linked email when no name is given. Closes #2061. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6070 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵Jeremy Kemper2007-01-281-5/+1
| | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* link_to_unless_current works with full URLs as well as paths. Closes #6891.Jeremy Kemper2007-01-121-3/+66
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5896 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true ↵David Heinemeier Hansson2006-10-221-11/+20
| | | | | | (closes #6409) [BobSilva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5338 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Force *_url named routes to show the host in ActionView [Rick]Rick Olson2006-10-201-1/+56
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5325 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add <%= escape_once html %> to escape html while leaving any currently ↵Rick Olson2006-10-181-0/+4
| | | | | | escaped entities alone. Fix button_to double-escaping issue. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* button_to accepts :method so you can PUT and DELETE with it. Closes #6005.Jeremy Kemper2006-09-031-0/+14
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4914 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added :method option to UrlHelper#link_to, which allows for using other ↵David Heinemeier Hansson2006-05-281-2/+9
| | | | | | verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4370 5ecf4fe2-1ee6-0310-87b1-e25e094e27de