| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Routing::UrlFor was always required in UrlHelpers. This
was changed by splitting previous implementation of UrlHelper into 2
modules: ActionView::Helpers::UrlHelper and
ActionView::Routing::UrlHelper. The former one keeps only basic
implementation of url_for. The latter adds features that allow to use
routes and is only required when url_helpers or mounted_helpers are
required.
|
|
|
|
|
|
|
|
| |
default_formats array is used by LookupContext in order to allow
rendering templates when :formats option is not passed. Previously it
was always set to Mime::SET, which created dependency on Action Pack. In
order to remove this dependency, Mime::SET is used only if
ActionController is loaded.
|
|
|
|
|
|
| |
Automatically handling mime types for things other than :rss and :atom
is not functionality that justifies dependency on Mime::Type from
actionpack.
|
|
|
|
|
|
|
| |
We can use another way to instantiate ActionView::Base, by passing
renderer as a first option. Thanks to that we can just pass prefixes to
LookupContext instead stubbing them on the controller. This is also good,
because that kind of API is used in Rails code.
|
|
|
|
|
|
|
| |
Since it's more about DOM classes and ids it belongs to Action View
better. What's more, it's more convenient to make it part of Action View
to follow the rule that Action Pack can depend on Action View, but not
the other way round.
|
|
|
|
|
| |
Instead of building a Blog::Post instance for every test in form helper
tests, just build it in the test that uses it.
|
|
|
|
|
|
|
|
|
|
|
|
| |
we should take disabled option not only from `html_options` hash but from
`options` hash too like `build_select` method does it. So
datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true })
datetime_select("post", "updated_at", :discard_minute => true , :disabled => true)
both these variants work now
closes #7431
|
| |
|
| |
|
|
|
|
| |
Updated documentation to demonstrate start_hour and end_hour options
|
|
|
|
| |
We can avoid creating extra hashes with #merge, and use #merge! instead.
|
|
|
|
|
|
|
| |
Further simplify the option_html_attributes method after the changes
introduced in dacbcbe55745aa9e5484b10b11f65ccca7db1c54 to not escape the
html options here (since they're going to be escaped down the chain in
content tag).
|
|
|
|
| |
if nil or an empty array is passed into form_for you get a horrible error message, this one is much more indicative of what the programmer needs to know to fix the problem.
|
|
|
|
|
|
| |
Thanks to Marek Labos & Nethemba
CVE-2012-3465
|
|
|
|
| |
can write `form_for @record, data: { behavior: 'autosave' }` instead of `form_for @record, html: { data: { behavior: 'autosave' } }` *DHH*
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We recommend the use of Unobtrusive JavaScript instead. For example:
link_to "Greeting", "#", :class => "nav_link"
$(function() {
$('.nav_link').click(function() {
// Some complex code
return false;
});
});
or
link_to "Greeting", '#', onclick: "alert('Hello world!'); return false", class: "nav_link"
for simple cases.
This reverts commit 3acdd652e9fe99481c879c84c5807a84eb9ad724.
|
|
|
|
|
|
|
| |
what this makes ERB files look like.
This reverts commit 46b8bceedd3e47169c50a04c93161424909c75fb, reversing
changes made to 2f58795e783150f2e1b1f6c64e305703f0061129.
|
|
|
|
| |
percent sign on a line to indicate non-inserted Ruby code.
|
|
|
|
|
|
| |
Rails were including 'application.js' to the pack when using
`javascript_include_tag :all` even there's no application.js in the
public directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by Active Support)
Selecting which key extensions to include in active_support/rails
made apparent the systematic usage of Object#in? in the code base.
After some discussion in
https://github.com/rails/rails/commit/5ea6b0df9a36d033f21b52049426257a4637028d
we decided to remove it and use plain Ruby, which seems enough
for this particular idiom.
In this commit the refactor has been made case by case. Sometimes
include? is the natural alternative, others a simple || is the
way you actually spell the condition in your head, others a case
statement seems more appropriate. I have chosen the one I liked
the most in each case.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
|
| |
|
|
|
|
| |
escaped
|
|\
| |
| | |
don't escape options in option_html_attributes method
|
| |
| |
| |
| |
| |
| |
| |
| | |
we don't need to escape values in this method as we pass
these html attributes to `tag_options` method that handle escaping as
well.
it fixes the case when we want to pass html5 data options
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
| |
This applies to the following helpers:
`button_to`
`button_tag`
`image_submit_tag`
`link_to`
`submit_tag`
|
|
|
|
| |
and PartialRenderer
|
|
|
|
|
|
| |
When a select tag is created for a field with errors, then the inserted
options will errantly have a <div class="field_with_errors"> wrapping
them.
|
|
|
|
|
| |
The extension was removed in 22bc12ec374b8bdeb3818ca0a3eb787dd3ce39d8,
making "test" an alias for minitest's "it".
|
| |
|
|
|
|
|
| |
They also make more sense here since all the related logic with I18n is
handled by AS::NumberHelper, and not by AV anymore.
|
|
|
|
|
|
| |
Just make use of the returning exception from assert_raise, instead of
calling the method again with a rescue clause to test the saved
exception number.
|
|\
| |
| | |
Make the Resolver template cache threadsafe
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Template cache in the Resolver can be accessed by multiple threads
similtaneously in multi-threaded environments. The cache is implemented
using a Hash, which isn't threadsafe in all VMs (notably JRuby).
This commit extracts the cache to a new Cache class and adds mutexes to
prevent concurrent access.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using compute_source_path to determine the full path of an
asset, if our source begins with '/', we don't want to include
the directory. Examples are illustrative:
> compute_source_path("foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/stylesheets/foo.css"
> compute_source_path("/foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/foo.css"
Before this patch, the second example would return the same as the
first.
Fixes #5680.
|
| |
| |
| |
| |
| | |
Module#instance_methods returns an Array of Symbols in Ruby >= 1.9
So this was not actually testing anything
|
| | |
|
| |
| |
| |
| |
| | |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
| |
| |
| |
| | |
Add some tests for link_to with blocks and escaping content.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make possible to use a block in button_to helper if button text is hard
to fit into the name parameter, e.g.:
<%= button_to [:make_happy, @user] do %>
Make happy <strong><%= @user.name %></strong>
<% end %>
# => "<form method="post" action="/users/1/make_happy" class="button_to">
# <div>
# <button type="submit">
# Make happy <strong>Name</strong>
# </button>
# </div>
# </form>"
|
| | |
|
| |
| |
| |
| | |
This options can be used to not escape the result by default.
|
| |
| |
| |
| | |
Refactoring the truncate method to not do a sort-circuit return
|