aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #10971 from dtaniwaki/escape_link_to_unlessRafael Mendonça França2013-06-241-0/+5
| | | | Always escape the result of link_to_unless method
* Compare host scheme using case-insensitive regexpRafael Mendonça França2013-06-161-10/+30
| | | | | | | | | | | | | | | | | | Before: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" After: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" Backport of #10969
* So not make Fixnum#/ private on Ruby verions less than 1.9.3Rafael Mendonça França2013-05-101-4/+3
| | | | In those version to_date call Fixnum#/, what will cause a failure
* Merging in fix from #8222Ben Tucker2013-05-061-0/+5
|
* Fix explicit names on multiple file fieldsRyan McGeary2013-04-051-0/+10
| | | | | | | | If a file field tag is passed the multiple option, it is turned into an array field (appending "[]"), but if the file field is passed an explicit name as an option, leave the name alone (do not append "[]"). Fixes #9830
* Fix typo in view nameCarlos Antonio da Silva2013-04-031-1/+1
| | | | Introduced in 2c22376fe04b89e8f34620139720b85a85ce3428
* Common behavior with adding formats to lookup_context for TemplateRenderer ↵Dmitry Vorotilin2013-04-021-0/+10
| | | | and PartialRenderer
* Fix test to Ruby 1.8Rafael Mendonça França2013-03-211-1/+1
| | | | Pathname doesn't respond to to_path
* Fixed assets loading performance in 3.2.13Fred Wu2013-03-201-0/+9
| | | | | The PR #8756 uses Sprockets for resolving files that already exists on disk, for those files their extensions don't need to be rewritten. Fixes #9803
* Backport #9347 to rails 3.2hoffm2013-03-191-0/+5
|
* fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-151-0/+10
| | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
* fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-151-0/+5
|
* Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-121-0/+8
| | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
* Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a ↵Jeremy Kemper2013-02-241-1/+1
| | | | few times, so fix up the test to work with however it chooses to escape.
* Ruby 2.0.0 defaults source encoding to utf-8 so we need to specifically tag ↵Aaron Patterson2013-02-241-0/+1
| | | | this file with us-ascii
* Merge pull request #8756 from causes/js_include_tag_fixGuillermo Iguaran2013-01-101-0/+7
|\ | | | | Fix javascript_include_tag when no js runtime is available
| * Fix javascript_include_tag when no js runtime is availableNoah Silas2013-01-071-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a production environment where the assets have been precompiled, we don't want an assets compile step to happen on the application server at all. To ensure this, a js runtime may not be available on the app servers. In this environment, pages using javascript_include_tag for assets with non-standard or chained extensions were throwing 500 errors. For instance, `javascript_include_tag('jquery.min')` would blow up. Sprockets was attempting to build the assets being included during the rewrite_extension step (responsible for appending a '.js' extension to assets being included by the basename rather than a fully qualified name). This was happening as a step to resolve #6310, which required checking for the presence of an asset with a non-standard extension before appending the extension. We can check for the presence of an asset without invoking the asset build step by using Sprockets' resolve method, which will search for the base file without building it (and is the method that find_asset uses internally to get the path to the asset before attempting to build it). When rewriting the extension on an asset, these are the steps: - If the source does not have an extension, assume that the default extension is desired and append it. - If there is an extension and it doesn't match the default extension, check to see if a file with the precise name specified exists amongst the assets; if it is present, do not append the default extension. (This is the step that resolves #6310).
* | Fixes issue where duplicate assets can be required with sprockets.jejacks0n2013-01-101-0/+5
| | | | | | | | | | - addresses the problem by calling flatten on asset array before calling uniq. - adds note to CHANGELOG.
* | Do not call fields_for from form_for, to avoid instantiating two buildersCarlos Antonio da Silva2013-01-061-1/+13
|/ | | | | | Conflicts: actionpack/lib/action_view/helpers/form_helper.rb actionpack/test/template/form_helper_test.rb
* fix block.arity raise nil error when not given a block to "content_tag_for"jasl2013-01-021-0/+8
|
* Make distance_of_time_in_words work with DateTime offsetsAndrew White2012-12-041-0/+10
| | | | | | | | | | | | | | | Because DateTime#to_time returns self when it has a non-zero offset and subtracting two DateTime instances returns a Rational then the distance_of_time_in_words methods outputs an incorrect value. This is fixed in master because we can rely on Ruby 1.9.3's implementation of to_time but it can't be fixed on Ruby 1.8.7 as there is no way to map the DateTime to a Time with a non-zero offset. We can workaround the problem by casting to Float before doing the subtraction in the distance_of_time_in_words method. Closes #8390
* Make output of distance_of_time_in_words consistentAndrew White2012-12-041-2/+19
| | | | | | | | | | This commit fixes the output of distance_of_time_in_words when using integer or duration arguments. Previously a distance of more than 30 seconds would be output as 'Less than 1 minute' when using integer arguments and '1 minute' when using two Time instances more than 30 seconds apart. Cherry picked from 5fdd4cd9e47be972f146a8a17a74c8f4700e2ac0
* Override <%== to always behave as literal text rather than toggling based on ↵Jeremy Kemper2012-12-031-2/+2
| | | | | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. Conflicts: actionpack/test/template/template_test.rb
* Merge pull request #8402 from ↵Rafael Mendonça França2012-12-021-1/+6
| | | | | | | | | senny/8376_descriptive_error_message_for_partial_layout_true More descriptive error when rendering a partial with `:layout => true` Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/renderer/partial_renderer.rb
* Add i18n scope to disance_of_time_in_words.Steve Klabnik2012-11-261-3/+12
| | | | This is a backport of rails/rails#7997.
* Merge pull request #8235 from tilsammans/dont_escape_actionmailer_when_plaintextJosé Valim2012-11-161-1/+15
| | | | | | | | Introduce `ActionView::Template::Handlers::ERB.escape_whitelist` Conflicts: actionpack/CHANGELOG.md actionpack/test/template/template_test.rb
* Update mocha version to 0.13.0 and change requiresCarlos Antonio da Silva2012-11-132-3/+3
|
* Merge pull request #8108 from Casecommons/fix-multiple-and-index-in-instance-tagRafael Mendonça França2012-11-081-0/+13
| | | | | | | Support :multiple option on input tags that also have :index Conflicts: actionpack/lib/action_view/helpers/tags/base.rb actionpack/lib/action_view/helpers/tags/collection_check_boxes.rb
* Accept :remote as symbol in link_to optionsRiley2012-10-061-0/+7
| | | | | Accept either :remote or 'remote' in both the html_options and (url_)options hash arguments to link_to.
* Revert "Revert "Respect `config.digest = false` for `asset_path`""Rafael Mendonça França2012-09-201-0/+8
| | | | | | This reverts commit 54f55746a70a7091341e84236498203118a7fbb4. Reason: the last commit fixed the failing case
* Revert "Respect `config.digest = false` for `asset_path`"Rafael Mendonça França2012-09-201-8/+0
| | | | | | | | | | | | This reverts commit 1ac19c11792a745cd654f02dfaed8e93f95b3c70. Conflicts: actionpack/CHANGELOG.md Reason: This is causing failures in the railties build. See http://travis-ci.org/#!/rails/rails/jobs/2491787 Related with #7672
* Respect `config.digest = false` for `asset_path`Peter Wagenet2012-09-171-0/+8
| | | | | | | Previously, the `asset_path` internals only respected the `:digest` option, but ignored the global config setting. This meant that `config.digest = false` could not be used in conjunction with `config.compile = false` this corrects the behavior.
* correct handling of date selects when using both disabled and discard optionsVasiliy Ermolovich2012-08-251-0/+24
| | | | | | | | | | | | we should take disabled option not only from `html_options` hash but from `options` hash too like `build_select` method does it. So datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true }) datetime_select("post", "updated_at", :discard_minute => true , :disabled => true) both these variants work now closes #7431
* Merge pull request #7410 from sandeepravi/default_options_helper_valueRafael Mendonça França2012-08-211-0/+12
| | | | | | option_tags coerced to "" instead of nil Closes #7404
* Merge branch '3-2-8' into 3-2-stableSantiago Pastorino2012-08-092-2/+8
|\
| * Do not mark strip_tags result as html_safeSantiago Pastorino2012-08-091-2/+2
| | | | | | | | | | | | Thanks to Marek Labos & Nethemba CVE-2012-3465
| * escape select_tag :prompt valuesSantiago Pastorino2012-08-091-0/+6
| | | | | | | | CVE-2012-3463
| * html_escape should escape single quotesSantiago Pastorino2012-08-027-28/+28
| | | | | | | | | | | | | | | | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb
* | Do not include application.js if it doesn't existsPrem Sichanugrist2012-08-061-0/+9
| | | | | | | | | | | | Rails were including 'application.js' to the pack when using `javascript_include_tag :all` even there's no application.js in the public directory.
* | html_escape should escape single quotesSantiago Pastorino2012-08-027-28/+28
|/ | | | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb
* Revert "Deprecate link_to_function and button_to_function helpers"Rafael Mendonça França2012-08-011-24/+12
| | | | This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
* Revert "Deprecate `:mouseover` options for `image_tag` helper."Rafael Mendonça França2012-08-011-40/+8
| | | | | | | This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a. Conflicts: actionpack/CHANGELOG.md
* Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` ↵Rafael Mendonça França2012-08-013-149/+52
| | | | | | | | | | | option" Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers." This reverts commit fc092a9cba5fceec38358072e50e09250cf58840. This reverts commit e9051e20aeb2c666db06b6217954737665878db7. This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1. This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
* Fixed bug creating invalid HTML in select optionsRusty Geldmacher2012-07-101-0/+13
| | | | | | | | | When a select tag is created for a field with errors, and that select tag has :prompt or :include_blank options, then the inserted first option will errantly have a <div class="field_with_errors"> wrapping it. See https://github.com/rails/rails/issues/7017
* It should also include text/css => Build FixArun Agrawal2012-06-161-1/+1
|
* Merge pull request #6752 from steveklabnik/fix_5680Rafael Mendonça França2012-06-161-3/+11
| | | | Respect absolute paths in compute_source_path.
* Duplicate tests removed.Arun Agrawal2012-06-091-16/+0
|
* Fix asset tags for files with more than one dotPiotr Sarnacki2012-06-071-0/+6
| | | | | | | | | | | | | | | After the fix done in 39f9f02a, there are cases that will not work correctly. If you have file with "2 extensions", like foo.min.js and you reference the file without extension, like: javascript_include_tag "foo.min" it will fail because sprockets finds foo.min.js with foo.min argument. This commit fixes this case and will get the right file even when referrencing it without extension. (closes #6598)
* Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` optionCarlos Galdino2012-06-052-19/+110
| | | | | | | | | | | | This deprecation applies to: `button_to` `button_tag` `image_submit_tag` `link_to` `submit_tag` As :confirm is an UI specific option is better to use the data attributes, teaching users about unobtrusive JavaScript and how Rails works with it.
* Allow to use mounted helpers in ActionView::TestCasePiotr Sarnacki2012-06-011-0/+19
| | | | | Similarly to 6525002, this allows to use routes helpers for mounted helpers, but this time in ActionView::TestCase