aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/renderer/template_renderer.rb
Commit message (Collapse)AuthorAgeFilesLines
* Enable `Layout/EmptyLinesAroundAccessModifier` copRyuta Kamizono2019-06-131-1/+0
| | | | | | | | | | | We sometimes say "✂️ newline after `private`" in a code review (e.g. https://github.com/rails/rails/pull/18546#discussion_r23188776, https://github.com/rails/rails/pull/34832#discussion_r244847195). Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style `EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059). That cop and enforced style will reduce the our code review cost.
* Merge pull request #35337 from ↵Rafael França2019-05-011-1/+1
|\ | | | | | | | | abhaynikam/35265-remove-unused-argument-layout-from-rendered-template Removed unused layout attribute from RenderedTemplate
| * Removed unused layout attribute from RenderedTemplateAbhay Nikam2019-03-091-1/+1
| |
* | Merge pull request #35825 from jhawthorn/always_filter_view_pathsEileen M. Uchitelle2019-04-031-1/+1
|\ \ | | | | | | Make Resolver#find_all_anywhere equivalent to #find_all
| * | Always reject files external to appJohn Hawthorn2019-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when using `render file:`, it was possible to render files not only at an absolute path or relative to the current directory, but relative to ANY view paths. This was probably done for absolutely maximum compatibility when addressing CVE-2016-0752, but I think is unlikely to be used in practice. Tihs commit removes the ability to `render file:` with a path relative to a non-fallback view path. Make FallbackResolver.new private To ensure nobody is making FallbackResolvers other than "/" and "". Make reject_files_external_... no-op for fallbacks Because there are only two values used for path: "" and "/", and File.join("", "") == File.join("/", "") == "/", this method was only testing that the absolute paths started at "/" (which of course all do). This commit doesn't change any behaviour, but it makes it explicit that the FallbackFileSystemResolver works this way. Remove outside_app_allowed argument Deprecate find_all_anywhere This is now equivalent to find_all Remove outside_app argument Deprecate find_file for find Both LookupContext#find_file and PathSet#find_file are now equivalent to their respective #find methods.
* | | Rename File to RawFileCliff Pruitt2019-04-011-1/+1
|/ /
* | Merge pull request #35793 from jhawthorn/deprecate_layout_absolute_pathKasper Timm Hansen2019-03-311-0/+1
|\ \ | | | | | | Deprecate render layout with an absolute path
| * | Deprecate render layout with an absolute pathJohn Hawthorn2019-03-291-0/+1
| | | | | | | | | | | | | | | | | | | | | This has similar problems to render file:. I've never seen this used, and believe it's a relic from when all templates could be rendered from an absolute path.
* | | Introduce Template::File as new render file:John Hawthorn2019-03-271-1/+6
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous behaviour of render file: was essentially the same as render template:, except that templates can be specified as an absolute path on the filesystem. This makes sense for historic reasons, but now render file: is almost exclusively used to render raw files (not .erb) like public/404.html. In addition to complicating the code in template/resolver.rb, I think the current behaviour is surprising to developers. This commit deprecates the existing "lookup a template from anywhere" behaviour and replaces it with "render this file exactly as it is on disk". Handlers will no longer be used (it will render the same as if the :raw handler was used), but formats (.html, .xml, etc) will still be detected (and will default to :plain). The existing render file: behaviour was the path through which Rails apps were vulnerable in the recent CVE-2019-5418. Although the vulnerability has been patched in a fully backwards-compatible way, I think it's a strong hint that we should drop the existing previously-vulnerable behaviour if it isn't a benefit to developers.
* / Aligned the order of the arguments of render_template and render_with_layoutShigeyuki-fukuda2019-03-271-2/+2
|/
* Templates have one formatAaron Patterson2019-02-251-1/+1
| | | | | | | Templates only have one format. Before this commit, templates would be constructed with a single element array that contained the format. This commit eliminates the single element array and just implements a `format` method. This saves one array allocation per template.
* Add a finalizer to inline templatesAaron Patterson2019-02-221-1/+1
| | | | | | | | | | | | | | | | | | | This commit adds a finalizer just to inline templates. We can't cache compilation of inline templates because it's possible that people could have render calls that look like this: ```ruby loop do render inline: "#{rand}" end ``` and we would cache every one of these different inline templates. That would cause a memory leak. OTOH, we don't need finalizers on regular templates because we can cache, control, and detect changes to the template source. Fixes: #35372
* Merge pull request #35371 from rails/always-have-a-formatAaron Patterson2019-02-221-1/+6
|\ | | | | Ensure that rendered templates always have a format
| * Ensure that rendered templates always have a formatAaron Patterson2019-02-221-1/+6
| | | | | | | | | | This removes one call to `lookup_context` and also eliminates a conditional in `_render_template`.
* | Pass lookup context to the layout handlersAaron Patterson2019-02-221-1/+1
|/ | | | | | | I want to start reducing the calls to `lookup_context`. That method caches the lookup context in an ivar, but I would like to cache the lookup context on the stack. That way we aren't coupled to the behavior of the `lookup_context` method.
* Fix up styleAaron Patterson2019-02-191-1/+1
|
* Return rendered template information instead of just stringsAaron Patterson2019-02-191-5/+4
| | | | | | | | | | | | This commit introduces "rendered template" and "rendered collection" objects. The template renderers can now return a more complex object than just strings. This allows the framework to get more information about the templates that were rendered. In this commit we use the rendered template object to set the "rendered_format" on the lookup context in the controller rather than all the way in the template renderer. That means we don't need to check the "rendered_format" every time we render a template, we just do it once after all templates have been rendered.
* Remove default parameters from method signatureAaron Patterson2019-01-281-4/+2
| | | | This method is private, and we always pass something in.
* Deprecate `with_fallbacks` using a blockAaron Patterson2019-01-281-4/+4
| | | | | | | This patch changes `with_fallbacks` to be a factory method that returns a new instance of a lookup context which contains the fallback view paths in addition to the controller specific view paths. Since the lookup context is more "read only", we may be able to cache them
* Pass the view around instead of using an ivarAaron Patterson2019-01-231-7/+5
| | | | | If we pass the view instance around it's easier to understand the flow control.
* Use frozen string literal in actionview/Kir Shatrov2017-07-241-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* No need to nodoc private methodsAkira Matsuda2016-12-241-2/+2
|
* Remove deprecated support to :text in renderRafael Mendonça França2016-10-101-3/+1
|
* Fix broken comments indentation caused by rubocop auto-correct [ci skip]Ryuta Kamizono2016-09-141-6/+6
| | | | | | All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772. But comments was still kept absolute position. This commit aligns comments with method definitions for consistency.
* Add three new rubocop rulesRafael Mendonça França2016-08-161-1/+1
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-59/+59
|
* modernizes hash syntax in actionviewXavier Noria2016-08-061-3/+3
|
* applies new string literal convention in actionview/libXavier Noria2016-08-061-2/+2
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* systematic revision of =~ usage in AVXavier Noria2016-07-251-1/+1
| | | | | Where appropriate, prefer the more concise Regexp#match?, String#include?, String#start_with?, or String#end_with?
* keep layouts + locals from bloating the cacheAaron Patterson2016-05-171-3/+3
| | | | | | Using locals will cause layouts to be cached multiple times in the template cache. This commit removes locals from consideration when looking up the layout.
* allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-221-1/+1
| | | | | | rails view directory CVE-2016-0752
* Pass formats to lookup_contextRafael Mendonça França2015-08-241-1/+1
| | | | | | | | Before we were changing the state of the lookup_context for the duration of the with_layout_format block, but since we already know the formats we can just pass it explicitly. Related with 8d7ce0f22aee09d20091a4dc58cb379a09d13e26
* remove useless case in #resolve_layout.Nick Sutterer2015-08-241-2/+0
|
* remove LookupContext#with_layout_format by passing formats for layouts ↵Nick Sutterer2015-08-241-7/+10
| | | | explicitely.
* Add missing :html option in determine_template error message.Juanito Fatas2015-03-271-1/+1
|
* Avoid creating unneeded Hash instance and calling slow Hash#fetchAkira Matsuda2014-10-251-1/+1
|
* marking private methods which dont work if called on their own anywaysEugene Gilburg2014-07-181-1/+3
|
* small refactors to actionview renderersEugene Gilburg2014-07-181-4/+1
|
* Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-0/+2
| | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-181-1/+3
| | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-181-2/+4
| | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* Fix default rendered format problem when calling render method without ↵kennyj2013-07-151-1/+1
| | | | :content_type option. Closes #11393.
* Move actionpack/lib/action_view* into actionview/libPiotr Sarnacki2013-06-201-0/+96
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 09:40:27 +0000