| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
|
|
|
|
|
|
|
|
| |
`hfvalue` parts should always be percent encoded, so lets do that!
Revert "use path escaping for email addresses"
This reverts commit 21ffef38a5dc5a6a21f7e841aecab5b51f4fd185.
|
|
|
|
|
|
| |
Due to e25fdad2f147e6f368958f9a06a5ac9d10288408, we are correctly using
path escaping for email addresses. This commit fixes the tests to
expect path escaping.
|
|
|
|
|
|
| |
content_tag's first argument is will generate a string with an html tag so `:a` will generate: `<a></a>`. When this happens, the symbol is implicitly `to_s`-d so a new string is allocated. We can get around that by using a frozen string instead which
This change buys us 74,236 bytes of memory and 1,855 fewer objects per request.
|
|
|
|
|
|
| |
No idea why on earth this hash key isn't already optimized by MRI, but it isn't. :shit:
This change buys us 74,077 bytes of memory and 1,852 fewer objects per request.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stevenspiel/link_to_if_block_helper_addition"
This reverts commit d459b001b43d25053e7982e96eb8383538a6e358, reversing
changes made to 4d4950fae9e2a6970b5f1793aadc56a0b44e28a3.
:sweat:
The block is not supposed to be passed to `link_to`. It's used for a
customized behavior of the `condtion = false` case. The docs
illustrate that like so:
```
<%=
link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do
link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user })
end
%>
```
|
|
|
| |
add block to link_to_if when condition is true
|
|\
| |
| | |
[ci skip] remove duplicate doc for current_page?
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
No need to merge hashes when simply setting options does the job.
|
|
|
|
|
|
|
|
| |
This logic was just doing duplicated work, since the button_to helper
relies on tag/content_tag to generate the button html, which already
handles all boolean attributes it knows about.
The code dates back to 2005: 43c470fae468ef63e0d5c3dc1e202925685fd47b.
|
|\
| |
| |
| | |
mail_to helper method fix
|
| |
| |
| |
| |
| | |
when mail_to generate blank options for any passed options(cc, bcc, body, subject)
then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
|
| |
| |
| |
| |
| |
| | |
The `link_to` helper generates an HTML anchor element (consisting of opening and closing anchor tags and an element body). The docs currently state the a link tag is generated (which would indicate a tag like `<link>`, which is another valid HTML tag), so this change clarifies that an anchor element is actually generated.
[ci skip]
|
|/ |
|
|
|
|
|
|
|
|
|
|
| |
[ci skip]
89ff1f8 and 1de258e6 removed from the HTML generated by the form helpers
the <div> that was wrapping the field elements inside the <form>.
This commit updates the documentation of the methods to reflect the
two commits above.
|
|
|
|
| |
This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.
|
| |
|
|
|
|
| |
Related with cbb917455f306cf5818644b162f22be09f77d4b2
|
|
|
|
|
|
| |
According to the best practice that "unless not" and "unless else"
is hard to follow logically the link_to_unless and link_to_if
were reversed.
|
| |
|
|
|
| |
I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Add params option for button_to
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| | |
The parameters are rendered as hidden form fields within the generated
form. This is useful for when a record has multiple buttons associated
with it, each of which target the same controller method, but which
need to submit different attributes.
|
| | |
|
|/
|
|
| |
Adding documentation and tests to ``polymorphic_url`` and ``link_to``
|
|
|
|
|
|
| |
Fixes warning
warning: URI.unescape is obsolete
|
| |
|
|
|
|
|
|
|
| |
In some cases webservers like nginx send the escaped characters
lowercased to the Rails application. The current_page? helper was
comparing the escaped strings that are different since Ruby escapes the
URL using uppercased characters.
|
| |
|
| |
|
|
|
|
|
|
| |
Use link_to with block and url_hash, expect block as name.
But ignore block and use url_hash as name.
3-2-stable passes this test. 4-0-stable and master fail this.
|
|
|