| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
The PR #8756 uses Sprockets for resolving files that already exists on disk, for those files their extensions don't need to be rewritten.
Fixes #9803
|
| |
|
|
|
|
|
| |
Conflicts:
actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix incorrectly appended square brackets to a multiple select box
Before:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][][]" ...>
After:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][]" ...>
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/helpers/tags/base.rb
actionpack/test/template/form_options_helper_test.rb
|
|
|
|
| |
few times, so fix up the test to work with however it chooses to escape.
|
|
|
|
| |
this file with us-ascii
|
|\
| |
| | |
Fix javascript_include_tag when no js runtime is available
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a production environment where the assets have been precompiled, we
don't want an assets compile step to happen on the application server at
all. To ensure this, a js runtime may not be available on the app
servers. In this environment, pages using javascript_include_tag for
assets with non-standard or chained extensions were throwing 500 errors.
For instance, `javascript_include_tag('jquery.min')` would blow up.
Sprockets was attempting to build the assets being included during the
rewrite_extension step (responsible for appending a '.js' extension to
assets being included by the basename rather than a fully qualified
name). This was happening as a step to resolve #6310, which required
checking for the presence of an asset with a non-standard extension
before appending the extension.
We can check for the presence of an asset without invoking the asset
build step by using Sprockets' resolve method, which will search for the
base file without building it (and is the method that find_asset uses
internally to get the path to the asset before attempting to build it).
When rewriting the extension on an asset, these are the steps:
- If the source does not have an extension, assume that the default
extension is desired and append it.
- If there is an extension and it doesn't match the default extension,
check to see if a file with the precise name specified exists amongst
the assets; if it is present, do not append the default extension.
(This is the step that resolves #6310).
|
| |
| |
| |
| |
| | |
- addresses the problem by calling flatten on asset array before calling uniq.
- adds note to CHANGELOG.
|
|/
|
|
|
|
| |
Conflicts:
actionpack/lib/action_view/helpers/form_helper.rb
actionpack/test/template/form_helper_test.rb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because DateTime#to_time returns self when it has a non-zero offset
and subtracting two DateTime instances returns a Rational then the
distance_of_time_in_words methods outputs an incorrect value.
This is fixed in master because we can rely on Ruby 1.9.3's
implementation of to_time but it can't be fixed on Ruby 1.8.7 as
there is no way to map the DateTime to a Time with a non-zero offset.
We can workaround the problem by casting to Float before doing
the subtraction in the distance_of_time_in_words method.
Closes #8390
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes the output of distance_of_time_in_words when
using integer or duration arguments. Previously a distance of
more than 30 seconds would be output as 'Less than 1 minute'
when using integer arguments and '1 minute' when using two
Time instances more than 30 seconds apart.
Cherry picked from 5fdd4cd9e47be972f146a8a17a74c8f4700e2ac0
|
|
|
|
|
|
|
| |
whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
Conflicts:
actionpack/test/template/template_test.rb
|
|
|
|
|
|
|
|
|
| |
senny/8376_descriptive_error_message_for_partial_layout_true
More descriptive error when rendering a partial with `:layout => true`
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/renderer/partial_renderer.rb
|
|
|
|
| |
This is a backport of rails/rails#7997.
|
|
|
|
|
|
|
|
| |
Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/template/template_test.rb
|
| |
|
|
|
|
|
|
|
| |
Support :multiple option on input tags that also have :index
Conflicts:
actionpack/lib/action_view/helpers/tags/base.rb
actionpack/lib/action_view/helpers/tags/collection_check_boxes.rb
|
|
|
|
|
| |
Accept either :remote or 'remote' in both the html_options and
(url_)options hash arguments to link_to.
|
|
|
|
|
|
| |
This reverts commit 54f55746a70a7091341e84236498203118a7fbb4.
Reason: the last commit fixed the failing case
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1ac19c11792a745cd654f02dfaed8e93f95b3c70.
Conflicts:
actionpack/CHANGELOG.md
Reason: This is causing failures in the railties build.
See http://travis-ci.org/#!/rails/rails/jobs/2491787
Related with #7672
|
|
|
|
|
|
|
| |
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
|
|
|
|
|
|
|
|
|
|
|
|
| |
we should take disabled option not only from `html_options` hash but from
`options` hash too like `build_select` method does it. So
datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true })
datetime_select("post", "updated_at", :discard_minute => true , :disabled => true)
both these variants work now
closes #7431
|
|
|
|
|
|
| |
option_tags coerced to "" instead of nil
Closes #7404
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Thanks to Marek Labos & Nethemba
CVE-2012-3465
|
| |
| |
| |
| | |
CVE-2012-3463
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
| |
| |
| |
| |
| |
| | |
Rails were including 'application.js' to the pack when using
`javascript_include_tag :all` even there's no application.js in the
public directory.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
| |
This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
|
|
|
|
|
|
|
| |
This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a.
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
|
|
| |
option"
Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
This reverts commit fc092a9cba5fceec38358072e50e09250cf58840.
This reverts commit e9051e20aeb2c666db06b6217954737665878db7.
This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1.
This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
|
|
|
|
|
|
|
|
|
| |
When a select tag is created for a field with errors, and that select
tag has :prompt or :include_blank options, then the inserted first
option will errantly have a <div class="field_with_errors"> wrapping
it.
See https://github.com/rails/rails/issues/7017
|
| |
|
|
|
|
| |
Respect absolute paths in compute_source_path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the fix done in 39f9f02a, there are cases that will not work
correctly. If you have file with "2 extensions", like foo.min.js and you
reference the file without extension, like:
javascript_include_tag "foo.min"
it will fail because sprockets finds foo.min.js with foo.min argument.
This commit fixes this case and will get the right file even when
referrencing it without extension.
(closes #6598)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This deprecation applies to:
`button_to`
`button_tag`
`image_submit_tag`
`link_to`
`submit_tag`
As :confirm is an UI specific option is better to use the data attributes,
teaching users about unobtrusive JavaScript and how Rails works with it.
|
|
|
|
|
| |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should lookup if asset without appended extension exists.
When sprockets are disabled the asset tag helpers incorporate
this logic. When sprockets are enabled we should have the same
logic.
For example, we have style.ext file in app/assets/stylesheets and
we use stylesheet_link_tag in the layout. In this case we should
have /assets/style.ext instead of /assets/style.ext.css in the
output.
Closes #6310
|
| |
|
|
|
|
|
|
|
| |
`excerpt` text helper uses `:radius`, not `line_width` (that is used by
`word_wrap` helper).
Also cleanup some whitespaces.
|
|
|
|
| |
Render img tag with empty src if empty string is passed to image_tag.
|
| |
|
| |
|
| |
|
|
|
|
| |
`button_to` and `submit_tag` helpers.
|