aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-183-0/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2014-08-193-2/+31
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/mime_responds.rb actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb activerecord/lib/active_record/type/value.rb
| * | | | Uppercase HTML in docs.Hendy Tanata2014-08-083-10/+10
| | | | | | | | | | | | | | | | | | | | [skip ci]
| * | | | [ci skip] Document ActionDispatch::Staticschneems2014-08-051-0/+9
| | | | |
| * | | | [ci skip] document ActionDispatch::FileHandlerschneems2014-08-051-0/+10
| | | | |
| * | | | [ci skip] Document PublicExceptions middlewareschneems2014-08-051-0/+10
| | | | |
* | | | | Add missing requireGodfrey Chan2014-08-181-0/+2
| |/ / / |/| | |
* | | | Deprecate TagAssertion instead of removingRafael Mendonça França2014-08-182-1/+2
| | | |
* | | | Bump rack dependencySantiago Pastorino2014-08-181-1/+1
| | | |
* | | | Expectations firstAkira Matsuda2014-08-187-34/+34
| | | |
* | | | Merge pull request #15889 from carnesmedia/model-nameRafael Mendonça França2014-08-172-6/+6
|\ \ \ \ | | | | | | | | | | | | | | | Use #model_name on instances instead of classes
| * | | | Use #model_name on instances instead of classesAmiel Martin2014-06-242-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows rails code to be more confdent when asking for a model name, instead of having to ask for the class. Rails core discussion here: https://groups.google.com/forum/#!topic/rubyonrails-core/ThSaXw9y1F8
* | | | | Merge branch 'loofah'Rafael Mendonça França2014-08-1714-1772/+37
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile
| * \ \ \ \ Merge branch 'master' into loofahRafael Mendonça França2014-08-1731-1381/+464
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * | | | | | Prepare for partial release.Kasper Timm Hansen2014-08-172-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper. - Add upgrade notes. - Add sanitizer to new applications Gemfiles. - Remove 'rails-dom-testing' as a dependency.
| * | | | | | Merge branch 'master' into loofahRafael Mendonça França2014-08-12122-799/+1184
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md
| * | | | | | | Remove more unneeded includeRafael Mendonça França2014-07-151-3/+0
| | | | | | | |
| * | | | | | | Defining the right dependenciesRafael Mendonça França2014-07-151-0/+2
| | | | | | | |
| * | | | | | | We don't need loofah for the assertionsRafael Mendonça França2014-07-153-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can just use nokogiri
| * | | | | | | Merge pull request #11218 from kaspth/loofah-integrationRafael Mendonça França2014-07-1014-1772/+43
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Loofah-integration Conflicts: actionpack/CHANGELOG.md actionview/CHANGELOG.md
| | * | | | | | | Add document_root_element to ActionDispatch::IntegrationTest so ↵Timm2014-06-161-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | assert_select can be called without specifying a root.
| | * | | | | | | Remove unneeded comment in test.Timm2014-06-161-1/+1
| | | | | | | | |
| | * | | | | | | Remove some whitespace in actionpack.gemspec.Timm2014-06-161-3/+0
| | | | | | | | |
| | * | | | | | | Moved html_document to ActionDispatch::Assertions. Included the ↵Timm2014-06-162-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails::Dom::Testing::Assertions there as well.
| | * | | | | | | Support for changes in SelectorAssertions.Timm2014-06-161-0/+14
| | | | | | | | |
| | * | | | | | | Changed deprecation message in dom and selector assertions in Action Dispatch.Timm2014-06-162-2/+2
| | | | | | | | |
| | * | | | | | | Exchanged requiring of action view assertions with rails dom testing assertions.Timm2014-06-161-2/+3
| | | | | | | | |
| | * | | | | | | Removed tag.rb, since it is actually removed, not just deprecated. [ci skip]Timm2014-06-161-3/+0
| | | | | | | | |
| | * | | | | | | Moved ActionView::Assertions dependency from Action Pack's lib to ↵Timm2014-06-163-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | abstract_unit.rb.
| | * | | | | | | Nokogiri leaves '<' unescaped, so the assert_select looking for '&lt;' will ↵Timm2014-06-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | never work. Switched to assert_matching the reponse body.
| | * | | | | | | Added deprecation notice to actionpack changelog.Timm2014-06-161-0/+6
| | | | | | | | |
| | * | | | | | | Removed require's for html-scanner.Timm2014-06-162-2/+0
| | | | | | | | |
| | * | | | | | | Added deprecation warning to ActionDispatch::Assertions::TagAssertions.Timm2014-06-161-0/+3
| | | | | | | | |
| | * | | | | | | Trimmed deprecation message for ActionDispatch::Assertions::SelectorAssertions.Timm2014-06-161-1/+1
| | | | | | | | |
| | * | | | | | | Require ActionView::Assertions in ActionController test_case.rb.Timm2014-06-161-0/+1
| | | | | | | | |
| | * | | | | | | Moved Dom and Selector assertions from ActionDispatch to ActionView.Timm2014-06-166-894/+7
| | | | | | | | |
| | * | | | | | | Fixed: assert_select_encoded finds the right content. No longer uses a ↵Timm2014-06-162-14/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <encoded> wrapper. Updated tests to reflect this.
| | * | | | | | | Removed mention of css_select supporting substitution values. It is not ↵Timm2014-06-161-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tested anywhere.
| | * | | | | | | Updated documentation to state more things about css selectors with ↵Timm2014-06-161-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | substitution values.
| | * | | | | | | Reworked the wrapping root in NodeSet implementation in css_select.Timm2014-06-161-3/+5
| | | | | | | | |
| | * | | | | | | Wrapped element to search in NodeSet. Changed selectors to selector.Timm2014-06-161-3/+5
| | | | | | | | |
| | * | | | | | | Moved around alias line.Timm2014-06-161-2/+2
| | | | | | | | |
| | * | | | | | | Returning from filter if matches are empty.Timm2014-06-161-1/+1
| | | | | | | | |
| | * | | | | | | Fixed: no longer wrapped @selected in fragment, since .css works fine ↵Timm2014-06-161-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | without it.
| | * | | | | | | Reverted to using documents instead of document fragments, since searching ↵Timm2014-06-161-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | via default xml namespaces didn't work.
| | * | | | | | | add_regex returns inspected value for non Regexp objects. Workaround, so ↵Timm2014-06-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | users don't have to care about enclosing values in double quotes.
| | * | | | | | | Fixed: test_nested_assert_select selects from elements instead of ↵Timm2014-06-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | elements[0] and elements[1].
| | * | | | | | | Fixed: inadvertently called message method in MiniTest instead of ↵Timm2014-06-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selector.message.
| | * | | | | | | Cleaned up SubstitutionContext class.Timm2014-06-161-10/+8
| | | | | | | | |
| | * | | | | | | Simplified assert_select further by moving match filtering into HTMLSelector ↵Timm2014-06-161-32/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | select.