| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
|
|
|
|
|
|
|
|
|
|
|
|
| |
we should take disabled option not only from `html_options` hash but from
`options` hash too like `build_select` method does it. So
datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true })
datetime_select("post", "updated_at", :discard_minute => true , :disabled => true)
both these variants work now
closes #7431
|
|
|
|
|
|
| |
option_tags coerced to "" instead of nil
Closes #7404
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Thanks to Marek Labos & Nethemba
CVE-2012-3465
|
| |
| |
| |
| | |
CVE-2012-3463
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
| |
| |
| |
| |
| |
| | |
Rails were including 'application.js' to the pack when using
`javascript_include_tag :all` even there's no application.js in the
public directory.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
| |
This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
|
|
|
|
|
|
|
| |
This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a.
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
|
|
| |
option"
Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
This reverts commit fc092a9cba5fceec38358072e50e09250cf58840.
This reverts commit e9051e20aeb2c666db06b6217954737665878db7.
This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1.
This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
|
|
|
|
|
|
|
|
|
| |
When a select tag is created for a field with errors, and that select
tag has :prompt or :include_blank options, then the inserted first
option will errantly have a <div class="field_with_errors"> wrapping
it.
See https://github.com/rails/rails/issues/7017
|
| |
|
|
|
|
| |
Respect absolute paths in compute_source_path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the fix done in 39f9f02a, there are cases that will not work
correctly. If you have file with "2 extensions", like foo.min.js and you
reference the file without extension, like:
javascript_include_tag "foo.min"
it will fail because sprockets finds foo.min.js with foo.min argument.
This commit fixes this case and will get the right file even when
referrencing it without extension.
(closes #6598)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This deprecation applies to:
`button_to`
`button_tag`
`image_submit_tag`
`link_to`
`submit_tag`
As :confirm is an UI specific option is better to use the data attributes,
teaching users about unobtrusive JavaScript and how Rails works with it.
|
|
|
|
|
| |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should lookup if asset without appended extension exists.
When sprockets are disabled the asset tag helpers incorporate
this logic. When sprockets are enabled we should have the same
logic.
For example, we have style.ext file in app/assets/stylesheets and
we use stylesheet_link_tag in the layout. In this case we should
have /assets/style.ext instead of /assets/style.ext.css in the
output.
Closes #6310
|
| |
|
|
|
|
|
|
|
| |
`excerpt` text helper uses `:radius`, not `line_width` (that is used by
`word_wrap` helper).
Also cleanup some whitespaces.
|
|
|
|
| |
Render img tag with empty src if empty string is passed to image_tag.
|
| |
|
| |
|
| |
|
|
|
|
| |
`button_to` and `submit_tag` helpers.
|
| |
|
|
|
|
| |
Support data: url scheme
|
|
|
|
| |
sprockets/helpers/rails_helper.rb discard duplicated assets
|
| |
|
| |
|
|
|
|
|
| |
* The method for persisted records in 3-2-branch is 'PUT'
* size is generated by default in inputs
|
|
|
|
| |
closes #3341
|
| |
|
|
|
|
| |
Seriously people, please run the test before submitting pull request.
|
|
|
|
|
|
| |
Conflicts:
actionpack/test/template/render_test.rb
|
| |
|
| |
|
|\
| |
| | |
[3-2-stable] Fix label_tag to merge the options hash with the object hash
|
| |
| |
| |
| |
| |
| | |
hash.
Closes #2492 and #5614
|
| |
| |
| |
| |
| |
| | |
objectify_options method should be applied to the proper options arg.
See explanation and example of the bug - https://github.com/kryzhovnik/rails_field_error_proc_bug_example
|
|/
|
|
|
|
| |
See issue #393, issue #4000, issue #5190, and issue #5191. Adds a newline after the textarea opening tag based on @codykrieger's original patch so that we don't cause regressions in Haml-using apps. The regression caused textarea tags to add newlines to the field unintentionally (each update/save added an extra newline.)
Also fix 6 more tests that didn't yet have the newline expectation.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-2:
bumping to 3.2.2
Ensure [] respects the status of the buffer.
Merge pull request #4834 from sskirby/fix_usage_of_psql_in_db_test_prepare
Merge pull request #5084 from johndouthat/patch-1
updating RAILS_VERSION
delete vulnerable AS::SafeBuffer#[]
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-stable-security:
Ensure [] respects the status of the buffer.
delete vulnerable AS::SafeBuffer#[]
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
|
| | | |
|
|/ /
| |
| |
| | |
Closes #393
|
| |
| |
| |
| |
| |
| | |
is being rendered
Closes #5025 part 2
|