| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Before ec16ba75a5493b9da972eea08bae630eba35b62f,
ActionView::Helpers::TranslationHelper#translate has raised errors with
specifying options[:raise] to true.
This should work by this fix:
begin
t(:"translations.missing", raise: true)
rescue I18n::MissingTranslationData
p :hello!
end
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now users have to explicit mark the unit as safe if they trust it.
Closes #13161
Conflicts:
actionpack/lib/action_view/helpers/number_helper.rb
actionpack/test/template/number_helper_i18n_test.rb
|
| | | |
| | | |
| | | |
| | | |
| | | | |
We are generating safe strings in the paragraph, so we can escape the
tags
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously the unit values were trusted leading to potential XSS vulnerabilities.
Fixes: CVE-2013-6415
|
|\ \ \ \
| | | | |
| | | | | |
Remove deprecated cattr_* requires
|
| | | | | |
|
|/ / / / |
|
| | | | |
|
|/ / / |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit f4a5a9ea4d183f4102796215d4502c46dbe3e52b, reversing
changes made to 7ccb482181ee6c47c765406009018a15172812de.
Reason:
The logic is different, the first call to #option_value_selected? is for
the :selected option (the argument is the "selected" variable), the second
call is for the :disabled option (the argument is the "disabled" variable).
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep".
This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
|
|\ \ \
| | | |
| | | | |
Used Yield instead of block.call
|
| | | | |
|
|/ / /
| | |
| | |
| | | |
Builder's #tag! takes either String or Symbol as the first parameter
|
| | |
| | |
| | |
| | |
| | | |
This is the only argument that changes over the method calls so it is
better to it be the first one
|
|\ \ \
| | | |
| | | | |
fix simple_format escapes own output when sanitize is set to true
|
| | | | |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
rdoc: favicon source shouldn't begin with a slash to reference asset pipeline resource [ci skip]
Conflicts:
actionview/lib/action_view/helpers/asset_tag_helper.rb
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Rails 3.2 API allowed arbitrary input for cdata_section;
this change re-introduces the old behaviour.
|
| |/
|/| |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add params option for button_to
Conflicts:
actionpack/CHANGELOG.md
|
| | |
| | |
| | |
| | |
| | |
| | | |
The parameters are rendered as hidden form fields within the generated
form. This is useful for when a record has multiple buttons associated
with it, each of which target the same controller method, but which
need to submit different attributes.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix wrong variable name used in the select_day method documentation
|
| | | |
| | | |
| | | | |
The variable name created in the example is `my_date`, the methods were using `my_time` instead.
|
|/ / / |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
collection_check_boxes
|
| | |
| | |
| | |
| | | |
Adding documentation and tests to ``polymorphic_url`` and ``link_to``
|
| | | |
|
| | |
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Example:
= select(report, "campaign_ids") do
- available_campaigns.each do |c|
%option{:data => {:tags => c.tags.to_json}, :value => c.id}= c.name
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
form_for - fix :namespace and :as options clash
Conflicts:
actionview/CHANGELOG.md
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
:as option should not overwrite :namespace option when
generating html id attribute of the form element. id should be prefixed
by specified namespace even if :as option is present
Add test case showing the issue and code fixing it
|
|/ / /
| | |
| | |
| | |
| | | |
* replaced String concatenation by joining
* separator has default value to '', even it is nil
|
| | | |
|
| | |
| | |
| | | |
fix the typo newstopics => new topics in action view cache helper
|
|/ / |
|
|/ |
|