aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view
Commit message (Collapse)AuthorAgeFilesLines
* Add `#no_content_type` attribute to `AD::Response`Prem Sichanugrist2014-02-181-0/+5
| | | | | Setting this attribute to `true` will remove the content type header from the request. This is use in `render :body` feature.
* Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-185-1/+41
| | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-183-2/+6
| | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-184-4/+8
| | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* implements new option :month_format_string for date select helpers [Closes ↵Xavier Noria2014-02-151-9/+24
| | | | #13618]
* Variant negotiationLukasz Strzalkowski2014-02-131-1/+1
| | | | | | | | | | | | | | Allow setting `request.variant` as an array - an order in which they will be rendered. For example: request.variant = [:tablet, :phone] respond_to do |format| format.html.none format.html.phone # this gets rendered end
* Merge pull request #11770 from timruffles/doc_ajax_xhrYves Senn2014-02-031-2/+5
|\ | | | | be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip]
| * be more specific about csrf token and ajax - not whitelisted outside of ↵Tim Ruffles2013-08-061-2/+5
| | | | | | | | jquery-rails [ci skip]
* | Adding an documentation example and a test to button_to with pathAttila Domokos2014-02-021-0/+5
| | | | | | I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
* | just require the template resolverAaron Patterson2014-01-311-0/+1
| | | | | | | | | | | | LookupContext is eagerly loaded, and FallbackFileSystemResolver is referenced at the class level. Just require the resolver from the eagerly loaded class rather than jumping through autoload hoops
* | Rails config for raise on missing translationsKassio Borges2014-01-272-4/+8
| | | | | | | | | | Add a config to setup whether raise exception for missing translation or not.
* | Avoid scanning multiple render calls as a single match.João Britto2014-01-091-17/+19
| | | | | | | | Each chunk of text coming after `render` is now handled individually as a possible list of arguments.
* | Improve ERB dependency detection.João Britto2014-01-091-17/+57
| | | | | | | | | | | | | | | | | | | | | | The current implementation can't handle some special cases of oddly-formatted Ruby. Now we are able to detect them: * Multi-line arguments on the `render` call * Strings containing quotes, e.g. `"something's wrong"` * Multiple kinds of identifiers - instance variables, class variables and globals * Method chains as arguments for the `render` call Also, this fix reduces the rate of "false positives" which showed up when we had calls/access to identifiers containing `render`, like `surrender` and `rendering`.
* | Fix typo in image_tag documentationAdrien2014-01-071-1/+1
| | | | | | image_tag only supports :alt and :size as additional keys, not three.
* | Switched to use `display:none` in extra_tags_for_form method.Gaelian Ditchburn2014-01-052-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | The use of `display:inline` with the content_tag call in the extra_tags_for_form method potentially causes display issues with some browsers, namely Internet Explorer. IE's behaviour of not collapsing the line height on divs with ostensibly no content means that the automatically added div containing the hidden authenticity_token, utf8 and _method form input tags may interfere with other visible form elements in certain circumstances. The use of `display:none` rather than `display:inline` fixes this problem. Fixes #6403
* | provide correct example of `datetime_select` helper [ci skip]Kuldeep Aggarwal2014-01-041-1/+1
| |
* | Fixed documentation. [ci skip]Konstantin Wlasow2014-01-041-0/+3
| |
* | Change all "can not"s to the correct "cannot".T.J. Schuck2014-01-031-2/+2
| |
* | No need to use fixed size font [ci skip]Rafael Mendonça França2014-01-031-2/+2
| |
* | Fix documentation for end_year option of date_helper [ci skip]Prathamesh Sonpatki2014-01-031-2/+6
| | | | | | | | | | | | | | | | | | | | - While editing an existing record, end_year is equal to current selected year plus 5 by default. - While editing an existing record, start_year is equal to current selected year value minus 5 by default. - Fixes #13552 Acked-by: Prathamesh Sonpatki <csonpatki@gmail.com> Acked-by: Prathamesh Sonpatki <csonpatki@gmail.com>
* | provide correct information [ci skip]Kuldeep Aggarwal2014-01-021-2/+2
| |
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-203-4/+4
|\ \
| * | Typos. return -> returns. [ci skip]Lauro Caetano2013-12-033-4/+4
| | |
* | | duplication removed(DRY)abhishek2013-12-181-16/+10
| | |
* | | Merge pull request #13363 from kuldeepaggarwal/f-video-optionsGuillermo Iguaran2013-12-171-4/+10
|\ \ \ | | | | | | | | allow video_tag to accept `size` as `Number` for square shaped videos
| * | | allow video_tag to accept `size` as `Number` for square shaped videosKuldeep Aggarwal2013-12-181-4/+10
| | | |
* | | | Get ready to release 4.1.0.beta1David Heinemeier Hansson2013-12-171-1/+1
|/ / /
* | | typos rectified [ci skip]Aayush khandelwal2013-12-121-1/+1
| | |
* | | Fix typo in docs, missing colon in Symbol literal [ci skip]Semyon Perepelitsa2013-12-111-1/+1
| | |
* | | Merge pull request #13059 from imkmf/cycle-accepts-arrayRafael Mendonça França2013-12-061-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Cycle object should accept an array Conflicts: actionview/CHANGELOG.md
| * | | A Cycle object should accept an array and cycle through it as it wouldKristian Freeman2013-12-061-1/+1
| | | | | | | | | | | | | | | | with a set of comma-separated objects.
* | | | Label only accepts `:index` and `:namespace` attributes from the inputAndriel Nuernberg2013-12-052-2/+1
| | | |
* | | | Remove the explicit order set for the initializerRafael Mendonça França2013-12-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This will fix the regression added on b068e20b35797aa6deaa377a48c990759734f515. See tests added at ff08d31 to a better understanding about the problem
* | | | Merge pull request #13189 from strzalek/retain-ap-av-depJeremy Kemper2013-12-051-7/+0
|\ \ \ \ | | | | | | | | | | Retain ActionPack dependency on ActionView. Fixes #12979.
| * | | | Include AV::Layouts directly in AM::BaseŁukasz Strzałkowski2013-12-051-6/+0
| | | | | | | | | | | | | | | | | | | | No need to do this in railtie as AM depends on AV either way
| * | | | Retain ActionPack dependency on ActionViewŁukasz Strzałkowski2013-12-051-1/+0
| | | | |
* | | | | Escalate missing error when :raise is trueShota Fukumori (sora_h)2013-12-051-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before ec16ba75a5493b9da972eea08bae630eba35b62f, ActionView::Helpers::TranslationHelper#translate has raised errors with specifying options[:raise] to true. This should work by this fix: begin t(:"translations.missing", raise: true) rescue I18n::MissingTranslationData p :hello! end
* | | | | Fix issue where TextHelper#simple_format was calling missing 'raw' methodMario Visic2013-12-051-0/+2
| | | | |
* | | | | Fix documentation of number_to_currency helperRafael Mendonça França2013-12-041-4/+4
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now users have to explicit mark the unit as safe if they trust it. Closes #13161 Conflicts: actionpack/lib/action_view/helpers/number_helper.rb actionpack/test/template/number_helper_i18n_test.rb
* | | | Action Pack VariantsŁukasz Strzałkowski2013-12-044-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* | | | optimize string literals in erb templatesAaron Patterson2013-12-031-2/+2
| | | |
* | | | Remove the escaping skipRafael Mendonça França2013-12-031-1/+1
| | | | | | | | | | | | | | | | | | | | We are generating safe strings in the paragraph, so we can escape the tags
* | | | Stop using i18n's built in HTML error handling.Michael Koziarski2013-12-021-13/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491
* | | | Ensure simple_format escapes its html attributesMichael Koziarski2013-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
* | | | Escape the unit value provided to number_to_currencyMichael Koziarski2013-12-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415
* | | | Only use valid mime type symbols as cache keysAaron Patterson2013-12-021-0/+7
| | | | | | | | | | | | | | | | CVE-2013-6414
* | | | Merge pull request #13138 from gsamokovarov/remove-cattr-requiresGuillermo Iguaran2013-12-026-6/+6
|\ \ \ \ | | | | | | | | | | Remove deprecated cattr_* requires
| * | | | Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-036-6/+6
| | | | |
* | | | | Make ActionView::Tags loading tread safeRafael Mendonça França2013-12-023-32/+39
|/ / / /
* | | | Merge pull request #13117 from akshay-vishnoi/typoXavier Noria2013-12-022-2/+2
|\ \ \ \ | | | | | | | | | | Typo and grammatical fixes [ci skip]