| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
expressive test name [#5179 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
instead of Hash
|
|
|
|
| |
Signed-off-by: wycats <wycats@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
also added a cosmetic change to test_link_tag_with_query_and_no_name
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
whether something has to be escaped
|
|
|
|
| |
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.
Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.
Undoes the changes of this commit:
http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Specify accept-charset on all forms. All recent browsers,
as well as IE5+, will use the encoding specified for form
parameters
* Unfortunately, IE5+ will not look at accept-charset unless
at least one character in the form's values is not in the
page's charset. Since the user can override the default
charset (which Rails sets to UTF-8), we provide a hidden
input containing a unicode character, forcing IE to look
at the accept-charset.
* Now that the vast majority of web input is UTF-8, we set
the inbound parameters to UTF-8. This will eliminate many
cases of incompatible encodings between ASCII-8BIT and
UTF-8.
* You can safely ignore params[:_snowman_]
TODO:
* Validate inbound text to confirm it is UTF-8
* Combine the whole_form implementations in form_helper_test
and form_tag_helper_test
|
|
|
|
|
|
| |
:controller and :action may appear in the generated url [#4326 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
ActiveSupport::TestCase::Assertion [#4987 state:commited]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
frameworks like ActiveRecord and ActiveResource to log outsude Rails::Application [#4816 state:resolved]
|
|
|
|
|
|
|
|
|
|
| |
- was exposed as _view, which suggested it was private
- left _view as an alias of view as not to break any extensions that are
relying on _view
[#4932 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
rendering the view.
- Previously, _assigns were locked down the first time _view was
referenced.
[#4931 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
explicitly passes in :value => nil [#4839 state:resolved]
Signed-off-by: Michael Koziarski <michael@koziarski.com>
|
| |
|
|
|
|
|
|
| |
setup within the railtie
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
true [#4856 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
partials are rendered under different conditions.
[#4903 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
[#4879 state:resolved]
Signed-off-by: Xavier Noria <fxn@hashref.com>
|
|
|
|
|
|
| |
[#4902 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
| |
sanitize the input always unless :sanitize => false is set
[#4825 state:committed]
Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
|
|
|
|
|
|
| |
[#4878]
Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
|
|
|
|
|
|
|
|
|
|
| |
As discussed in Lighthouse ticket #4825 and ticket #4878, the truncate()
method cannot guarantee safe output for all possible inputs/offsets, so
it is best to leave the output unsafe so that it gets escaped when used
in a view.
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
|
|
|
|
|
|
| |
[#4777 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
state:resolved]
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
[#4799 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
markdown.
[#4794 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
| |
:safe => true option is not provided
|
| |
|
|
|
|
| |
lookup for some cases.
|
| |
|
|
|
|
| |
coming back from AS are UTF-8.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
References #1523 [#1862 state:resolved] [#3591 state:resolved]
Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination with `raw`.
Let link text be automatically HTML-escaped
[#2017 state:resolved]
|