Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Kill rake bundle | Jeremy Kemper | 2009-10-15 | 1 | -10/+0 |
| | |||||
* | AP tests depend on AR | Jeremy Kemper | 2009-10-15 | 1 | -0/+1 |
| | |||||
* | Make the erubis implementation easier for plugins to change. | Michael Koziarski | 2009-10-15 | 1 | -1/+4 |
| | |||||
* | Add a read-only method which plugin authors can use to determine if xss ↵ | Michael Koziarski | 2009-10-15 | 1 | -0/+5 |
| | | | | | | | escaping. This doesn't provide a way to turn off the escaping, but alternative template engine authors can figure out what their default should be by calling this. Avoids a messy version + plugin check. | ||||
* | Don't push siblings on load path if using bundled env | Jeremy Kemper | 2009-10-14 | 1 | -5/+8 |
| | |||||
* | Merge branch 'arel' | Jeremy Kemper | 2009-10-14 | 1 | -6/+10 |
|\ | |||||
| * | Clarify AR dependency | Jeremy Kemper | 2009-10-14 | 1 | -6/+10 |
| | | |||||
* | | Punt on ConcurrentHash [#3322 state:resolved] | Joshua Peek | 2009-10-14 | 1 | -5/+5 |
| | | |||||
* | | Rename Orchestra to Notifications [#3321 state:resolved] | Joshua Peek | 2009-10-14 | 5 | -10/+10 |
|/ | |||||
* | Make IntegrationTest::Runner propagate method_missing to ancestors. | George Ogata | 2009-10-15 | 2 | -2/+24 |
| | | | | | | | Fixes RSpec integration example groups, which mixes its Matchers module into ActiveSupport::TestCase. Signed-off-by: Michael Koziarski <michael@koziarski.com> | ||||
* | Test cases should see all the cookies, not just cookies that have been set ↵ | Craig Smith | 2009-10-15 | 2 | -1/+18 |
| | | | | | | | | | | | | | in the controller. Previously this example would always pass, even when cookies.delete was not called. @request.cookies['foo'] = 'bar' get :delete_cookie assert_nil cookies['foo'] Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2768 state:committed] | ||||
* | Make sure non-escaped urls aren't considered safe | Michael Koziarski | 2009-10-15 | 2 | -1/+6 |
| | |||||
* | Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the ↵ | Michael Koziarski | 2009-10-15 | 2 | -2/+2 |
| | | | | latter isn't | ||||
* | ActionView.url_for doesn't escape by default | Phil Darnowsky | 2009-10-15 | 2 | -4/+14 |
| | | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com> | ||||
* | Start adding configuration to ActionView instead of using constants. | Yehuda Katz | 2009-10-14 | 5 | -13/+33 |
| | | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes) | ||||
* | CookieJar#delete should return the key's value, consistent with a Hash | Jeffrey Hardy | 2009-10-14 | 3 | -3/+11 |
| | | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Callbacks, DeprecatedCallbacks = NewCallbacks, Callbacks | Joshua Peek | 2009-10-12 | 2 | -6/+4 |
| | |||||
* | Use "run_callbacks :foo" since it is the public api for callbacks [#3329 | Joshua Peek | 2009-10-12 | 2 | -4/+4 |
| | | | | state:resolved] | ||||
* | Bundle with system gem sources rather than gems.rubyforge.org default | Jeremy Kemper | 2009-10-11 | 1 | -0/+2 |
| | |||||
* | Kill mock routing assertion that tests router implementation | Joshua Peek | 2009-10-10 | 1 | -13/+0 |
| | |||||
* | Fix failing safe buffer test. We don't patch CGI.escapeHTML, only ERB:Util. | Joshua Peek | 2009-10-10 | 1 | -1/+1 |
| | |||||
* | Move safe buffer into test/template | Joshua Peek | 2009-10-10 | 1 | -0/+0 |
| | |||||
* | Relative url generations are covered more thoroughly by url rewriter tests | Joshua Peek | 2009-10-10 | 1 | -12/+0 |
| | |||||
* | Add define another "stuff" controller to support routing tests | Joshua Peek | 2009-10-10 | 1 | -0/+1 |
| | |||||
* | Drop implementation specific routing test assertions | Joshua Peek | 2009-10-10 | 1 | -3/+0 |
| | |||||
* | Add define a "stuff" controller in fixtures to support routing tests | Joshua Peek | 2009-10-10 | 1 | -0/+1 |
| | |||||
* | Fix a bug where render :text could not handle yield :symbol. Fixes guides ↵ | Yehuda Katz | 2009-10-10 | 1 | -9/+13 |
| | | | | generation | ||||
* | Fix issue with standalone ActionView | Yehuda Katz | 2009-10-09 | 1 | -1/+4 |
| | |||||
* | Avoid super in define_method for Rubinius | Yehuda Katz | 2009-10-09 | 1 | -1/+6 |
| | |||||
* | Get rid of constant name usage for stack trace help in favor of overriding ↵ | Yehuda Katz | 2009-10-09 | 1 | -9/+9 |
| | | | | #inspect and .name. | ||||
* | Finish porting over the initializers to the app object and fix all the tests | Carl Lerche | 2009-10-08 | 2 | -3/+6 |
| | |||||
* | API change: content_tag_for outputs prefixed class name | Joshua Peek | 2009-10-08 | 2 | -4/+4 |
| | |||||
* | Fix warning spew for 1.9 | Carl Lerche | 2009-10-08 | 1 | -1/+5 |
| | |||||
* | error procs have to be safe too | Michael Koziarski | 2009-10-08 | 1 | -1/+1 |
| | |||||
* | Switch to on-by-default XSS escaping for rails. | Michael Koziarski | 2009-10-08 | 33 | -41/+237 |
| | | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration. | ||||
* | Not calling a private method anymore | Yehuda Katz | 2009-10-07 | 1 | -2/+5 |
| | |||||
* | Fix warning spew | Yehuda Katz | 2009-10-06 | 1 | -1/+3 |
| | |||||
* | Coerce all out going body parts to Strings | Joshua Peek | 2009-10-05 | 4 | -0/+71 |
| | |||||
* | Revert "Revert "Fix Dispatch.new so passenger works" as it broke the build" | Joshua Peek | 2009-10-05 | 1 | -1/+1 |
| | | | | This reverts commit 49b52cadc2e66c11a025e7719837ae77b3736046. | ||||
* | Revert "Fix Dispatch.new so passenger works" as it broke the build | Michael Koziarski | 2009-10-05 | 1 | -1/+1 |
| | | | | This reverts commit c97c31b096e627480b64403d1460065738941c3e. | ||||
* | Fix Dispatch.new so passenger works | Joshua Peek | 2009-10-04 | 1 | -1/+1 |
| | |||||
* | Only draw default route once | Joshua Peek | 2009-10-03 | 1 | -22/+37 |
| | |||||
* | Use with_routing helper in tests instead of modifying global route set | Joshua Peek | 2009-10-03 | 4 | -101/+125 |
| | |||||
* | Redraw default routes on all internal integration tests. We don't need ↵ | Joshua Peek | 2009-10-03 | 15 | -41/+34 |
| | | | | SimpleRouteCase anymore | ||||
* | Avoid creating new controller constants during test runtime. All routable ↵ | Joshua Peek | 2009-10-03 | 2 | -68/+21 |
| | | | | controllers should be defined beforehand. | ||||
* | Moved shared form helper models into fake_models | Joshua Peek | 2009-10-03 | 3 | -99/+98 |
| | |||||
* | NumberHelper depends on big decimal extensions | Joshua Peek | 2009-10-03 | 1 | -0/+1 |
| | |||||
* | Changing directories during the test breaks file loading when ran by itself | Joshua Peek | 2009-10-03 | 2 | -32/+22 |
| | |||||
* | Don't load rubygems for isolated tests | Joshua Peek | 2009-10-03 | 1 | -2/+3 |
| | |||||
* | Move improved isolated test runner to AP | Joshua Peek | 2009-10-03 | 2 | -6/+21 |
| |