Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 1 | -0/+41 |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | ||||
* | File extra test folders into controller, dispatch, or template | Joshua Peek | 2009-10-03 | 1 | -172/+0 |
| | |||||
* | Add custom "with_routing" to internal tests to fix reseting session after using | Joshua Peek | 2009-10-03 | 1 | -0/+1 |
| | | | | with_routing. This only affects our internal AP tests. | ||||
* | Ported the new ActionView::TestCase from 2-3-stable to master [#3260 | Erik Ostrom | 2009-09-28 | 1 | -4/+167 |
| | | | | | | | | | | | | | | | | | state:resolved] The test case now mimicks the template environment more closely, so it's possible to use render, load helper dependencies. This also fixes assert_select, and similar assertions. Because view tests and helpers generally don't render full templates assert_select looks first in rendered and then in output_buffer to find the rendered output. Additional `master'-only changes: Made the Action Pack Rakefile run the ActionView::TestCase tests, and made ActionView::Rendering#_render_text always return a string. Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | Fixed ActionView::TestCase current url context [#1561 state:resolved] | Dan Pickett | 2008-12-15 | 1 | -0/+8 |
Signed-off-by: Joshua Peek <josh@joshpeek.com> |