aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/helpers/url_helper.rb
Commit message (Collapse)AuthorAgeFilesLines
* Make per form token work when method is not providedRafael Mendonça França2016-02-221-1/+2
| | | | | | When `button_to 'Botton', url` form was being used the per form token was not correct because the method that is was being used to generate it was an empty string.
* Do not pass more options that are needed.Rafael Mendonça França2016-02-221-1/+1
| | | | | We only need action and method so pass them explicitly instead of merging the hash with HTML options.
* Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed ↵Vipul A M2016-02-221-1/+1
| | | | them up.
* Fixed passing of delete method on button_to tag, creating wrong form csrf tokenVipul A M2016-02-211-2/+2
| | | | Fixes #23524
* Fix button_to's params option to support nested names.James Coleman2016-02-191-2/+38
| | | | | | In e6e0579defcfcf94ef1c4c1c7659f374a5335cdb the `params` option was added to the `button_to` helper. However, the patch doesn't support nested hashes so `{a: {b: 'c'}}` for example gets turned into a hidden form input with the name 'a' and the value being the string representation of the `{b: 'c'}` nested hash. Since Rails supports nested hashes everywhere else (and even in the URL params of link_to and button_to), I believe this to be a bug/unfinished feature.
* add option for per-form CSRF tokensBen Toews2016-01-041-3/+7
|
* Don’t allow arbitrary data in back urlsDamien Burke2015-11-031-2/+12
| | | | | | | | | | | | | `link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
* Use ERB::Utils to percent encode `hfvalue` parts of mailtoAaron Patterson2015-09-051-2/+2
| | | | | | | | `hfvalue` parts should always be percent encoded, so lets do that! Revert "use path escaping for email addresses" This reverts commit 21ffef38a5dc5a6a21f7e841aecab5b51f4fd185.
* use path escaping for email addressesAaron Patterson2015-09-041-1/+1
| | | | | | Due to e25fdad2f147e6f368958f9a06a5ac9d10288408, we are correctly using path escaping for email addresses. This commit fixes the tests to expect path escaping.
* Cut string allocations in content_tag_stringschneems2015-07-291-2/+2
| | | | | | content_tag's first argument is will generate a string with an html tag so `:a` will generate: `<a></a>`. When this happens, the symbol is implicitly `to_s`-d so a new string is allocated. We can get around that by using a frozen string instead which This change buys us 74,236 bytes of memory and 1,855 fewer objects per request.
* Optimize hash keyschneems2015-07-291-1/+1
| | | | | | No idea why on earth this hash key isn't already optimized by MRI, but it isn't. :shit: This change buys us 74,077 bytes of memory and 1,852 fewer objects per request.
* Encode the email address as prescribed in RFC 6068 section 2.Clayton Smith2015-07-231-1/+2
|
* Revert "Merge pull request #19844 from ↵Yves Senn2015-05-011-1/+1
| | | | | | | | | | | | | | | | | | | | | stevenspiel/link_to_if_block_helper_addition" This reverts commit d459b001b43d25053e7982e96eb8383538a6e358, reversing changes made to 4d4950fae9e2a6970b5f1793aadc56a0b44e28a3. :sweat: The block is not supposed to be passed to `link_to`. It's used for a customized behavior of the `condtion = false` case. The docs illustrate that like so: ``` <%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user }) end %> ```
* Update url_helper.rbSteven Spiel2015-04-211-1/+1
| | | add block to link_to_if when condition is true
* Merge pull request #19566 from aditya-kapoor/remove-dup-docRichard Schneeman2015-04-111-22/+10
|\ | | | | [ci skip] remove duplicate doc for current_page?
| * [ci skip] remove duplicate doc for current_page?Aditya Kapoor2015-04-091-22/+10
| |
* | [skip ci] Update information about #link_to attributesAnton Davydov2015-04-041-4/+3
| |
* | [skip ci] Add information about #link_to target optionAnton Davydov2015-04-011-0/+6
|/
* Simplify setting button form optionsCarlos Antonio da Silva2015-03-221-2/+3
| | | | No need to merge hashes when simply setting options does the job.
* Remove additional handling of boolean attributes on button to helperCarlos Antonio da Silva2015-03-181-30/+0
| | | | | | | | This logic was just doing duplicated work, since the button_to helper relies on tag/content_tag to generate the button html, which already handles all boolean attributes it knows about. The code dates back to 2005: 43c470fae468ef63e0d5c3dc1e202925685fd47b.
* Merge pull request #17143 from kuldeepaggarwal/fix-mailToRafael Mendonça França2015-02-201-1/+1
|\ | | | | | | mail_to helper method fix
| * do not generate blank options in mailToKuldeep Aggarwal2014-10-021-2/+3
| | | | | | | | | | when mail_to generate blank options for any passed options(cc, bcc, body, subject) then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
* | Indicate link_to creates an anchor elementColin Rymer2015-02-061-2/+2
| | | | | | | | | | | | The `link_to` helper generates an HTML anchor element (consisting of opening and closing anchor tags and an element body). The docs currently state the a link tag is generated (which would indicate a tag like `<link>`, which is another valid HTML tag), so this change clarifies that an anchor element is actually generated. [ci skip]
* | Add support for Reply-To field in mail_to helperMark Dodwell2014-12-201-2/+3
|/
* Remove wrapping <div> in form helpers from docclaudiob2014-09-221-22/+14
| | | | | | | | | | [ci skip] 89ff1f8 and 1de258e6 removed from the HTML generated by the form helpers the <div> that was wrapping the field elements inside the <form>. This commit updates the documentation of the methods to reflect the two commits above.
* In actionview, eliminate calls to tag that use html_safe parameter values. ↵Paul Grayson2014-06-131-5/+3
| | | | This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.
* eliminate more wasteful allocationsAaron Patterson2014-06-061-2/+2
|
* Remove wrapper div for inputs in button_toRafael Mendonça França2014-04-171-1/+1
| | | | Related with cbb917455f306cf5818644b162f22be09f77d4b2
* Reorder conditional logicDavid Pedersen2014-03-181-10/+10
| | | | | | According to the best practice that "unless not" and "unless else" is hard to follow logically the link_to_unless and link_to_if were reversed.
* [skip ci] Fix typo in link_to :method option descriptionMatt Campbell2014-02-241-1/+1
|
* Adding an documentation example and a test to button_to with pathAttila Domokos2014-02-021-0/+5
| | | I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
* Remove warning of shadowing outer local variableRafael Mendonça França2013-10-271-2/+2
|
* Merge pull request #10471 from andyw8/button_to_paramsRafael Mendonça França2013-10-241-0/+7
|\ | | | | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md
| * Add params option for button_toAndy Waite2013-09-181-0/+7
| | | | | | | | | | | | The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes.
* | Change `map` to `map!` to save extra array creation on new arrayVipul A M2013-10-131-1/+1
| |
* | Merge pull request #10773 from wangjohn/link_and_routing_optionsRafael Mendonça França2013-09-231-2/+3
|/ | | | Adding documentation and tests to ``polymorphic_url`` and ``link_to``
* Using URI.parser.unescapeArun Agrawal2013-08-031-2/+2
| | | | | | Fixes warning warning: URI.unescape is obsolete
* Make current_page? compare binary stringsRafael Mendonça França2013-08-011-3/+4
|
* Fix `current_page?` when the URL contains escaped charactersRafael Mendonça França2013-08-011-2/+2
| | | | | | | In some cases webservers like nginx send the escaped characters lowercased to the Rails application. The current_page? helper was comparing the escaped strings that are different since Ruby escapes the URL using uppercased characters.
* Extract verbs array from helper to a constantVipul A M2013-07-201-2/+2
|
* Include block in a argument shiftsanemat2013-07-081-6/+2
|
* Fix link_to with block and url_hashsanemat2013-07-071-1/+5
| | | | | | Use link_to with block and url_hash, expect block as name. But ignore block and use url_hash as name. 3-2-stable passes this test. 4-0-stable and master fail this.
* Move actionpack/lib/action_view* into actionview/libPiotr Sarnacki2013-06-201-0/+616
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 21:34:05 +0000