aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/app
Commit message (Collapse)AuthorAgeFilesLines
* Add support for automatic nonce generation for Rails UJSAndrew White2018-02-192-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* Update rails-ujs readmeMike Fiedler2018-01-291-1/+1
| | | Link to W3C reference was broken, this uses the latest URL, along with HTTPS.
* Revert unintentional change in 41e3bbdJavan Makhmali2018-01-011-1/+1
|
* Improve `preventDefault` fix for rails-ujsJavan Makhmali2018-01-011-6/+11
| | | | | | | | Improves 049a3374aa85f33091f0e7cba8635edd4b4786bd: * Attempt native `preventDefault()` before stepping in * Fix that calling `preventDefault()` more than once would throw an error * Fix that non-cancelable events could be canceled
* Bump license years for 2018Yoshiyuki Hirano2017-12-311-1/+1
|
* Fix IE 10 and IE 11's broken `preventDefault`Yuri S2017-12-271-0/+5
| | | | https://github.com/turbolinks/turbolinks/issues/233 https://stackoverflow.com/questions/23349191/event-preventdefault-is-not-working-in-ie-11-for-custom-events
* Enable to call Rails.ajax without beforeSendta1kt0me2017-10-281-1/+1
|
* Merge pull request #30513 from y-yagi/fix_30444Akira Matsuda2017-10-251-1/+1
|\ | | | | Does not include disabled element in params
| * Does not include disabled element in paramsyuuji.yaginuma2017-09-031-1/+1
| | | | | | | | | | | | | | In the case of remote, it should be the same behavior as submitting HTML form. Fixes #30444
* | Merge pull request #29710 from padi/rails-ujs-docsGuillermo Iguaran2017-10-222-0/+25
|\ \ | | | | | | Adds descriptions to rails-ujs methods [ci skip]
| * | Adds descriptions to rails-ujs methods [ci skip]Marc Rendl Ignacio2017-07-072-0/+25
| |/
* | Merge pull request #29127 from DmytroVasin/rails-ujs-remote-callbacksGuillermo Iguaran2017-10-192-6/+5
|\ \ | | | | | | Fix callback in rails ujs
| * | Fix callback in rails ujsVasin Dmitriy2017-06-072-6/+5
| |/
* / rails-ujs: Update READMEElliot Winkler2017-10-021-23/+18
|/ | | | | | | | Make various wording tweaks to cater to users who are viewing the README on NPM. Notably, don't highlight Yarn specifically in the installation instructions -- even though this is the preferred tool of choice especially in the Ruby community, some people still use NPM (and, really, ES2015+ syntax has nothing to do with NPM or Yarn).
* Grammar fixesJon Moss2017-05-291-2/+3
| | | | [ci skip]
* Merge pull request #29151 from onemanstartup/jquery_slim_fixGuillermo Iguaran2017-05-291-1/+1
|\ | | | | Check for jQuery ajax
| * Check for jQuery ajaxDmitriy Plekhanov2017-05-191-1/+1
| | | | | | jQuery slim version doesn't have ajax, so if a person include this version ajaxFilter raises error.
* | Merge pull request #29108 from inopinatus/ujs-sgjs-ie9-supportKasper Timm Hansen2017-05-281-1/+1
|\ \ | | | | | | Fix server-generated JS response processing on IE9
| * | Fix server-generated JS response processing on IE9 when using rails-ujs and ↵Josh Goodall2017-05-171-1/+1
| |/ | | | | | | remote: true
* | Update to rails-ujs documentation for yarn installAdrian Stainforth2017-05-261-0/+10
| |
* | Update test link in ActionView javascripts README.md.Josef Šimánek2017-05-221-1/+1
|/ | | [ci skip]
* Fix mistake in JS response parser:Dmytro Vasin2017-04-131-3/+3
| | | | | | - Restore ability to accept ecmascript JS response should not modify DOM.
* Set current page as default for ajax requestsDmytro Vasin2017-04-111-0/+1
|
* Reorganize rails-ujs filesJavan Makhmali2017-03-3013-104/+104
|
* Fix link to rails-ujsRyunosuke Sato2017-03-301-1/+1
| | | | | https://github.com/rails/rails-ujs is merged into actionview in favor of https://github.com/rails/rails/pull/28098. [skip ci]
* Prevent event propogation if element is disabled when event chain begins.Patrick Toomey2017-03-092-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | The existing UJS event behavior relies on browsers not sending events for various events when an element is disabled. For example, imagine the following: <button type="submit" disabled="disabled">Click me</button> The above button is disabled, so browsers will not trigger a click event and all UJS behavior is prevented. However, imagine a button like this: <button type="submit" disabled="disabled"><strong>Click me</strong></button> The above is treated differently by browsers such as Chrome/Safari. These browsers do not consider the strong tag to be disabled, and will trigger click events. UJS has logic to walk up the DOM to find an associated element subject to UJS behavior. But, this logic does not take into account the disabled status of the element. I originally thought we could simply change the selectors used to match elements to ignore disabled elements. However, UJS disables some elements as part of the event chain. So, an element might match early in the chain and then fail to match later. Instead of changing the selectors I added a callback to the chain that calls `stopEverything` if an element is disabled when the event chain begins.
* Move rails-ujs README and LICENCE to actionviewRafael Mendonça França2017-02-222-0/+69
| | | | We are going to make rails/rails the official repository
* Import rails-ujs v0.1.0 from rails/rails-ujsGuillermo Iguaran2017-02-205-51/+12
|
* s/an/a/Akira Matsuda2017-01-261-1/+1
| | | | [ci skip]
* Add rails-ujs to Action ViewGuillermo Iguaran2016-11-2611-0/+600