Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | | | Make `AC::Params#to_h` return Hash with safe keys | Prem Sichanugrist | 2014-08-18 | 3 | -0/+93 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version. | |||||
* | | | | Merge branch 'master' of github.com:rails/docrails | Vijay Dev | 2014-08-19 | 3 | -2/+31 | |
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/mime_responds.rb actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb activerecord/lib/active_record/type/value.rb | |||||
| * | | | | Uppercase HTML in docs. | Hendy Tanata | 2014-08-08 | 3 | -10/+10 | |
| | | | | | | | | | | | | | | | | | | | | [skip ci] | |||||
| * | | | | [ci skip] Document ActionDispatch::Static | schneems | 2014-08-05 | 1 | -0/+9 | |
| | | | | | ||||||
| * | | | | [ci skip] document ActionDispatch::FileHandler | schneems | 2014-08-05 | 1 | -0/+10 | |
| | | | | | ||||||
| * | | | | [ci skip] Document PublicExceptions middleware | schneems | 2014-08-05 | 1 | -0/+10 | |
| | | | | | ||||||
* | | | | | Add missing require | Godfrey Chan | 2014-08-18 | 1 | -0/+2 | |
| |/ / / |/| | | | ||||||
* | | | | Deprecate TagAssertion instead of removing | Rafael Mendonça França | 2014-08-18 | 2 | -1/+2 | |
| | | | | ||||||
* | | | | Bump rack dependency | Santiago Pastorino | 2014-08-18 | 1 | -1/+1 | |
| | | | | ||||||
* | | | | Expectations first | Akira Matsuda | 2014-08-18 | 7 | -34/+34 | |
| | | | | ||||||
* | | | | Merge pull request #15889 from carnesmedia/model-name | Rafael Mendonça França | 2014-08-17 | 2 | -6/+6 | |
|\ \ \ \ | | | | | | | | | | | | | | | | Use #model_name on instances instead of classes | |||||
| * | | | | Use #model_name on instances instead of classes | Amiel Martin | 2014-06-24 | 2 | -6/+6 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows rails code to be more confdent when asking for a model name, instead of having to ask for the class. Rails core discussion here: https://groups.google.com/forum/#!topic/rubyonrails-core/ThSaXw9y1F8 | |||||
* | | | | | Merge branch 'loofah' | Rafael Mendonça França | 2014-08-17 | 14 | -1772/+37 | |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile | |||||
| * \ \ \ \ | Merge branch 'master' into loofah | Rafael Mendonça França | 2014-08-17 | 31 | -1381/+464 | |
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md | |||||
| * | | | | | | Prepare for partial release. | Kasper Timm Hansen | 2014-08-17 | 2 | -5/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper. - Add upgrade notes. - Add sanitizer to new applications Gemfiles. - Remove 'rails-dom-testing' as a dependency. | |||||
| * | | | | | | Merge branch 'master' into loofah | Rafael Mendonça França | 2014-08-12 | 122 | -799/+1184 | |
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md | |||||
| * | | | | | | | Remove more unneeded include | Rafael Mendonça França | 2014-07-15 | 1 | -3/+0 | |
| | | | | | | | | ||||||
| * | | | | | | | Defining the right dependencies | Rafael Mendonça França | 2014-07-15 | 1 | -0/+2 | |
| | | | | | | | | ||||||
| * | | | | | | | We don't need loofah for the assertions | Rafael Mendonça França | 2014-07-15 | 3 | -7/+5 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can just use nokogiri | |||||
| * | | | | | | | Merge pull request #11218 from kaspth/loofah-integration | Rafael Mendonça França | 2014-07-10 | 14 | -1772/+43 | |
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Loofah-integration Conflicts: actionpack/CHANGELOG.md actionview/CHANGELOG.md | |||||
| | * | | | | | | | Add document_root_element to ActionDispatch::IntegrationTest so ↵ | Timm | 2014-06-16 | 1 | -0/+4 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | assert_select can be called without specifying a root. | |||||
| | * | | | | | | | Remove unneeded comment in test. | Timm | 2014-06-16 | 1 | -1/+1 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Remove some whitespace in actionpack.gemspec. | Timm | 2014-06-16 | 1 | -3/+0 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Moved html_document to ActionDispatch::Assertions. Included the ↵ | Timm | 2014-06-16 | 2 | -7/+13 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails::Dom::Testing::Assertions there as well. | |||||
| | * | | | | | | | Support for changes in SelectorAssertions. | Timm | 2014-06-16 | 1 | -0/+14 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Changed deprecation message in dom and selector assertions in Action Dispatch. | Timm | 2014-06-16 | 2 | -2/+2 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Exchanged requiring of action view assertions with rails dom testing assertions. | Timm | 2014-06-16 | 1 | -2/+3 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Removed tag.rb, since it is actually removed, not just deprecated. [ci skip] | Timm | 2014-06-16 | 1 | -3/+0 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Moved ActionView::Assertions dependency from Action Pack's lib to ↵ | Timm | 2014-06-16 | 3 | -4/+3 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | abstract_unit.rb. | |||||
| | * | | | | | | | Nokogiri leaves '<' unescaped, so the assert_select looking for '<' will ↵ | Timm | 2014-06-16 | 1 | -2/+3 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | never work. Switched to assert_matching the reponse body. | |||||
| | * | | | | | | | Added deprecation notice to actionpack changelog. | Timm | 2014-06-16 | 1 | -0/+6 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Removed require's for html-scanner. | Timm | 2014-06-16 | 2 | -2/+0 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Added deprecation warning to ActionDispatch::Assertions::TagAssertions. | Timm | 2014-06-16 | 1 | -0/+3 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Trimmed deprecation message for ActionDispatch::Assertions::SelectorAssertions. | Timm | 2014-06-16 | 1 | -1/+1 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Require ActionView::Assertions in ActionController test_case.rb. | Timm | 2014-06-16 | 1 | -0/+1 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Moved Dom and Selector assertions from ActionDispatch to ActionView. | Timm | 2014-06-16 | 6 | -894/+7 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Fixed: assert_select_encoded finds the right content. No longer uses a ↵ | Timm | 2014-06-16 | 2 | -14/+11 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <encoded> wrapper. Updated tests to reflect this. | |||||
| | * | | | | | | | Removed mention of css_select supporting substitution values. It is not ↵ | Timm | 2014-06-16 | 1 | -7/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tested anywhere. | |||||
| | * | | | | | | | Updated documentation to state more things about css selectors with ↵ | Timm | 2014-06-16 | 1 | -3/+11 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | substitution values. | |||||
| | * | | | | | | | Reworked the wrapping root in NodeSet implementation in css_select. | Timm | 2014-06-16 | 1 | -3/+5 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Wrapped element to search in NodeSet. Changed selectors to selector. | Timm | 2014-06-16 | 1 | -3/+5 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Moved around alias line. | Timm | 2014-06-16 | 1 | -2/+2 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Returning from filter if matches are empty. | Timm | 2014-06-16 | 1 | -1/+1 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Fixed: no longer wrapped @selected in fragment, since .css works fine ↵ | Timm | 2014-06-16 | 1 | -2/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | without it. | |||||
| | * | | | | | | | Reverted to using documents instead of document fragments, since searching ↵ | Timm | 2014-06-16 | 1 | -3/+6 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | via default xml namespaces didn't work. | |||||
| | * | | | | | | | add_regex returns inspected value for non Regexp objects. Workaround, so ↵ | Timm | 2014-06-16 | 1 | -1/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | users don't have to care about enclosing values in double quotes. | |||||
| | * | | | | | | | Fixed: test_nested_assert_select selects from elements instead of ↵ | Timm | 2014-06-16 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | elements[0] and elements[1]. | |||||
| | * | | | | | | | Fixed: inadvertently called message method in MiniTest instead of ↵ | Timm | 2014-06-16 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selector.message. | |||||
| | * | | | | | | | Cleaned up SubstitutionContext class. | Timm | 2014-06-16 | 1 | -10/+8 | |
| | | | | | | | | | ||||||
| | * | | | | | | | Simplified assert_select further by moving match filtering into HTMLSelector ↵ | Timm | 2014-06-16 | 1 | -32/+29 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | select. |