| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
rails view directory
CVE-2016-0752
|
|
|
|
|
|
|
|
| |
Before we were changing the state of the lookup_context for the duration
of the with_layout_format block, but since we already know the formats
we can just pass it explicitly.
Related with 8d7ce0f22aee09d20091a4dc58cb379a09d13e26
|
| |
|
|
|
|
| |
explicitely.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
|
|
|
|
|
|
|
| |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
|
|
|
| |
:content_type option. Closes #11393.
|
|
|