aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/template/html.rb
Commit message (Collapse)AuthorAgeFilesLines
* DRYing duplicate methodsAndrey Molchanov2016-09-161-3/+1
|
* applies new string literal convention in actionview/libXavier Noria2016-08-061-2/+2
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Use the reference for the mime type to get the formatRafael Mendonça França2014-02-181-1/+1
| | | | | | | | Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
* Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-0/+34
This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.