aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/actionview.gemspec
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Revert "Merge pull request #34387 from ↵Kasper Timm Hansen2019-01-081-0/+3
| | | | | | | | yhirano55/rails_info_properties_json"" I reverted the wrong commit. Damn it. This reverts commit f66a977fc7ae30d2a07124ad91924c4ee638a703.
* Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"Kasper Timm Hansen2019-01-081-3/+0
| | | | | | | | | | | We had a discussion on the Core team and we don't want to expose this information as a JSON endpoint and not by default. It doesn't make sense to expose this JSON locally and this controller is only accessible in dev, so the proposed access from a production app seems off. This reverts commit 8eaffe7e89719ac62ff29c2e4208cfbeb1cd1c38, reversing changes made to b6e4305c3bca4c673996d0af9db0f4cfbf50215e.
* Require Ruby 2.5 for Rails 6.Kasper Timm Hansen2018-12-191-1/+1
| | | | | | | | | | Generally followed the pattern for https://github.com/rails/rails/pull/32034 * Removes needless CI configs for 2.4 * Targets 2.5 in rubocop * Updates existing CHANGELOG entries for fewer merge conflicts * Removes Hash#slice extension as that's inlined on Ruby 2.5. * Removes the need for send on define_method in MethodCallAssertions.
* Amend CVE note and security guide section wordingsGannon McGibbon2018-11-061-3/+3
| | | | | | | Reword first sentence of dep management and CVE section of security guide. Also, reword and move gemspec notes above deps. [ci skip]
* Add CVE note to security guide and gemspecsGannon McGibbon2018-11-061-0/+3
| | | | [ci skip]
* Rails 6 requires Ruby 2.4.1+Jeremy Daer2018-02-171-1/+1
| | | | | | Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug. References #32028
* Remove support to Ruby 2.2Rafael Mendonça França2018-02-161-1/+1
| | | | Rails 6 will only support Ruby >= 2.3.
* Use frozen string literal in actionview/Kir Shatrov2017-07-241-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Add source code and changelog links to gemspecsGrey Baker2017-06-281-0/+5
|
* Define path with __dir__bogdanvlviv2017-05-231-1/+1
| | | | | | ".. with __dir__ we can restore order in the Universe." - by @fxn Related to 5b8738c2df003a96f0e490c43559747618d10f5f
* use rails-html-sanitizer >= 1.0.3Toshi MARUYAMA2017-01-271-1/+1
| | | | CVE-2015-7579 says rails-html-sanitizer 1.0.2 has XSS vulnerability.
* Change ActionView ERB Handler from Erubis to ErubiJeremy Evans2017-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Erubi offers the following advantages for Rails: * Works with ruby's --enable-frozen-string-literal option * Has 88% smaller memory footprint * Does no freedom patching (Erubis adds a method to Kernel) * Has simpler internals (1 file, <150 lines of code) * Has an open development model (Erubis doesn't have a public source control repository or bug tracker) * Is not dead (Erubis hasn't been updated since 2011) Erubi is a simplified fork of Erubis that contains just the parts that are generally needed (which includes the parts that Rails uses). The only intentional difference in behavior is that it does not include support for <%=== tags for debug output. That could be added to the ActionView ERB handler if it is desired. The Erubis template handler remains in a deprecated state so that code that accesses it directly does not break. It can be removed after Rails 5.1.
* applies new string literal convention in the gemspecsXavier Noria2016-08-061-18/+18
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Update rails-dom-testing gem to 2.0Connor Shea2016-05-091-1/+1
| | | | Resolves #24924.
* revises whitespace in the gemspec of AV [ci skip]Xavier Noria2016-03-101-4/+4
|
* revises the homepage URL in the gemspecs [ci skip]Xavier Noria2016-03-101-1/+1
| | | | References https://github.com/rails/homepage/issues/46.
* Upgrade to Ruby 2.2.2Jon Atack2015-04-141-1/+1
| | | | and fix the grammar in the ruby_version_check.rb user message.
* Merge pull request #19252 from kaspth/single-escaping-strip-tagsRafael Mendonça França2015-03-101-1/+1
|\ | | | | Let strip_tags leave HTML escaping to Rails.
| * Let strip_tags leave HTML escaping to Rails.Kasper Timm Hansen2015-03-101-1/+1
| | | | | | | | Prevents double escaping errors, such as "&amp;" becoming "&amp;amp;".
* | Target Ruby 2.2.1 in gemspecsPeter Suschlik2015-03-091-1/+1
|/ | | | This is a follow-up to #19257
* Require Ruby 2.2 for Rails 5.0claudiob2014-12-261-1/+1
| | | | | Stems from [this comment](https://github.com/rails/rails/pull/18203#issuecomment-68138096) by @robin850 and by the blog post http://weblog.rubyonrails.org/2014/12/19/Rails-4-2-final
* Bump required Ruby version to 2.1.0claudiob2014-11-281-1/+1
| | | | | | | | | [This article](http://weblog.rubyonrails.org/2014/8/20/Rails-4-2-beta1/#maintenance-consequences-and-rails-5-0) states that: > Rails 5.0 is in most likelihood going to target Ruby 2.2. Before the exact minimum version is fully decided, @arthurnn [suggests](https://github.com/rails/rails/pull/17830#issuecomment-64940383) that **at least** version 2.1.0 **must** be required by the `gemspec` files.
* Use released rails-dom-testingRafael Mendonça França2014-11-251-1/+1
|
* Use released rails-dom-testingRafael Mendonça França2014-10-161-1/+1
|
* Use released rails-html-sanitizer and rails-deprecated_sanitizerGodfrey Chan2014-09-261-1/+1
|
* Use released rails-dom-testingRafael Mendonça França2014-09-251-1/+1
|
* Ship with rails-html-sanitizer instead.Kasper Timm Hansen2014-09-031-1/+1
|
* Use released rails-deprecated_sanitizerRafael Mendonça França2014-08-191-1/+1
|
* Fix the rails-dom-testing dependecyRafael Mendonça França2014-08-191-0/+1
|
* Prepare for partial release.Kasper Timm Hansen2014-08-171-2/+1
| | | | | | | - Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper. - Add upgrade notes. - Add sanitizer to new applications Gemfiles. - Remove 'rails-dom-testing' as a dependency.
* Defining the right dependenciesRafael Mendonça França2014-07-151-1/+2
|
* Added Loofah as a dependency in actionview.gemspec.Timm2014-06-111-0/+1
| | | | | | Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb. Deprecated protocol_separator and bad_tags. Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
* More liberal builder dependencyŁukasz Strzałkowski2013-12-121-1/+1
| | | | Allowing us to get 3.2.x versions if needed.
* activemodel isn't a runtime dependency for actionviewGuillermo Iguaran2013-12-021-2/+2
|
* Back AV description in gemspecArun Agrawal2013-09-091-1/+1
|
* Revert "Merge branch 'master' of github.com:rails/docrails"Vijay Dev2013-08-171-1/+1
| | | | | | | This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9. Seems to be a code merge done by mistake.
* Added some description to generate actionview gem [ci skip]Arun Agrawal2013-07-171-1/+1
|
* Add actionpack as actionview's development dependencyPiotr Sarnacki2013-06-201-0/+2
| | | | ActionView still relies on ActionPack in some of the tests.
* Add bare actionview gem to the root directoryPiotr Sarnacki2013-06-201-0/+27
This commit creates structure for Action View gem and is first of a series of commits extracting Action View from Action Pack.