aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view
Commit message (Collapse)AuthorAgeFilesLines
* Slice out options for cache_fragment_name explicitlyRyan Bigg2016-01-281-1/+2
| | | | This allows expire_in (and other options) to be passed to the cache method
* Fix img alt attribute generation when using Sprockets >= 3.0Bart de Water2016-01-271-1/+1
|
* Fix doc [ci skip]Daniel Gomez de Souza2016-01-271-1/+1
|
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-257-16/+49
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * bumping versionAaron Patterson2016-01-251-1/+1
| |
| * allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-226-15/+48
| | | | | | | | | | | | rails view directory CVE-2016-0752
* | html_safe is not supposed to be public API for AV. This change removes usage ↵Vipul A M2016-01-203-10/+10
| | | | | | | | | | | | of html_safe in favour of raw() in AV helpers. Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
* | Remove ActionView dependence on ActionPack's Mime implementationJon Moss2016-01-174-4/+4
| |
* | Store the symbols as an array.Kasper Timm Hansen2016-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A Set can't be implicitly converted into an Array: ``` irb(main):012:0> formats = [ :rss ] => [:rss] irb(main):013:0> formats &= SET.symbols TypeError: no implicit conversion of Set into Array from (irb):13:in `&' from (irb):13 from /Users/kasperhansen/.rbenv/versions/2.2.3/bin/irb:11:in `<main>' ``` Besides `Mime::SET.symbols` returns an Array, so we're closer to that.
* | Enrich the SET constant to respond to symbols.Kasper Timm Hansen2016-01-171-1/+5
| | | | | | | | Match `Mime::SET.symbols`.
* | Don't bother looking up the types.Kasper Timm Hansen2016-01-171-3/+3
| | | | | | | | If they aren't symbols, then they aren't likely to be in the set anyway.
* | Replace class attribute with SET constant.Kasper Timm Hansen2016-01-171-3/+2
| | | | | | | | We'll be using this to map over to Action Dispatch's Mime::Set.
* | Remove register abstraction.Kasper Timm Hansen2016-01-171-7/+1
| | | | | | | | | | The template types is a private abstraction to fill in basic blanks from Action Dispatch's mime types. As such we can modify the data structure ourselves.
* | Replace delegate calls with standard method defs.Kasper Timm Hansen2016-01-171-1/+4
| | | | | | | | | | | | Spares a to_sym call by aliasing to_sym to ref. Then the delegate felt meager for one method; ditch and define method ourselves.
* | Spare to_sym call in `==`.Kasper Timm Hansen2016-01-171-2/+1
| | | | | | | | | | | | | | The @symbol has already been converted to a symbol in initialize, so no need to call to_sym when comparing it. Ditch early return for a simple unless statement.
* | Make ref return the internal symbol.Kasper Timm Hansen2016-01-171-1/+1
| | | | | | | | | | | | | | | | | | We delegate to_sym to the internal symbol, which we've already called to_sym on in initialize, so we don't need to do that. We also know to_sym will never return a falsy value, so we'll never hit to_s. Just return the symbolized symbol.
* | Merge pull request #20046 from yoongkang/ladidaRafael Mendonça França2016-01-161-1/+1
|\ \ | | | | | | | | | Use ActiveSupport::SafeBuffer when flushing content_for
| * | Use ActiveSupport::SafeBuffer when flushing content_forYoong Kang Lim2015-05-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when content_for is flushed, the content was replaced directly by a new value in ActionView::OutputFlow#set. The problem is this new value passed to the method may not be an instance of ActiveSupport::SafeBuffer. This change forces the value to be set to a new instance of ActiveSupport::SafeBuffer.
* | | Merge pull request #20638 from jaimeiniesta/locale-aware-pluralize-helperKasper Timm Hansen2016-01-101-7/+14
|\ \ \ | | | | | | | | Pass the current locale to Inflector from the pluralize text helper.
| * | | Pass the current locale to Inflector from the pluralize text helper.Jaime Iniesta2016-01-101-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pluralize text helper uses the Inflector to determine the plural form. The inflector accepts an optional parameter for the locale, so we can pass it from the text helper to have locale-aware pluralizations on the text helpers level. The pluralize text helper now only accepts 2 positional arguments: `count` and `singular`. Passing `plural` as a positional argument is now deprecated.
* | | | [ci skip] fix typoAkshay Vishnoi2016-01-101-1/+1
| | | |
* | | | [doc] The capture method isn't always used inside views to create a variableAkira Matsuda & saya2016-01-081-2/+2
| | | | | | | | | | | | | | | | | | | | but rather very often used inside helpers to directly return a String value. [ci skip]
* | | | Merge pull request #22275 from mastahyeti/per-form-csrfRafael França2016-01-062-5/+15
|\ \ \ \ | | | | | | | | | | Per-form CSRF tokens
| * | | | add option for per-form CSRF tokensBen Toews2016-01-042-5/+15
| | | | |
* | | | | Prefer inspect over escaping and sorround by quote marksSantiago Pastorino2016-01-051-3/+1
| | | | |
* | | | | Add Html template handler that wraps Raw output in an OutputBufferSantiago Pastorino2016-01-052-1/+12
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This fixes the case when you try to render an html you know safe and the file is named something.html. With this commit the content of the html won't be escaped anymore because AV won't use Raw handler and choose Html handler instead.
* | | | Merge pull request #22764 from ↵Rafael França2016-01-041-0/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | stevenspiel/titleize_model_name_for_default_submit_button_value titleize the model name on default submit buttons
| * | | | downcase default submit button value's model nameSteven Spiel2016-01-011-0/+2
| | | | |
* | | | | Fix collection_radio_buttons' hidden_field name and make it appear before ↵Santiago Pastorino2015-12-312-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the radios Fixes #22773
* | | | | TestController#parameters returns AC::ParametersJustin Coyne2015-12-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #22827 ActionView::TestCase::TestController#parameters should return an instance of ActionController::Parameters rather than a hash. This enables helper methods to use the correct interface.
* | | | | Merge pull request #22759 from akshay-vishnoi/human-size-helperEileen M. Uchitelle2015-12-271-0/+2
|\ \ \ \ \ | | | | | | | | | | | | Add support for Petabyte and Exabyte in number to human size
| * | | | | Add support for Petabyte and Exabyte in number to human sizeAkshay Vishnoi2015-12-221-0/+2
| |/ / / /
* | | | | fix TypeError when using submit_tag with Symbol valueyuuji.yaginuma2015-12-241-1/+1
| | | | |
* | | | | Add caveat to number_to_currency docs [ci skip]Derek Prior2015-12-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I've worked on a few applications that have gone through the internationalization process and had issues because they were using `number_to_currency`. The minute a user is allowed to change their locale, they can change the price displayed on a page from 10 US dollars to 10 Mexican Pesos, which is far from the same amount of money. Unlike other helpers that rely on i18n, `number_to_currency` does not produce equivalent results when the locale is changed. As I've explained this to a few groups of developers now, I thought it might make for a good caveat in the docs.
* | | | | Require only the concurrent/map featureRafael Mendonça França2015-12-231-1/+1
|/ / / /
* | | / do not use `div_for` in example [ci skip]yuuji.yaginuma2015-12-221-8/+9
| |_|/ |/| | | | | | | | `div_for` removed in 01e94ef
* | | Merge pull request #22462 from lxsameer/i18n_html_wrapRafael França2015-12-182-0/+11
|\ \ \ | | | | | | | | wrapping i18n missing keys made optional
| * | | debug_missing_translation configuration added to action_viewSameer Rahmani2015-12-182-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `I18n.translate` helper will wrap the missing translation keys in a <span> tag only if `debug_missing_translation` configuration has a truthy value. Default value is `true`. For example in `application.rb`: # in order to turn off missing key wrapping config.action_view.debug_missing_translation = false
* | | | Change `alpha` to `beta1` to prep for release of Rails 5eileencodes2015-12-181-1/+1
|/ / / | | | | | | | | | :tada: :beers:
* | | Remove ActionView::Helpers::CacheHelper#fragment_cache_keySam Stephenson2015-12-141-8/+0
| | | | | | | | | | | | | | | | | | Introduced in e56c63542780fe2fb804636a875f95cae08ab3f4, `CacheHelper#fragment_cache_key` is a duplicate of `ActionController::Caching::Fragments#fragment_cache_key`. We now require the view to provide this method on its own (as with `view_cache_dependencies`); `ActionController::Caching::Fragments` exports its version as a `helper_method`.
* | | Merge pull request #17013 from gsamokovarov/fix-null-resolverSean Griffin2015-11-231-2/+1
|\ \ \ | | | | | | | | Fix improper value types used to instantiate a Template in AV::NullResol...
| * | | Fix improper value types used to instantiate a Template in AV::NullResolverGenadi Samokovarov2014-09-221-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | While trying to provide a reproducible test for #17008 I stumbled on this one. Seems to be quite an old piece of code, but its definitely useful in situations like the reproducible test cases like the one above.
* | | | Example of setting data attributes for image_tagNishant Modak2015-11-201-0/+2
| | | |
* | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2015-11-151-1/+1
|\ \ \ \
| * | | | [ci skip] Use full component name in public API documentyui-knk2015-11-151-1/+1
| | | | |
* | | | | Respect value of `:object` if `:object` is false when renderingyui-knk2015-11-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes the bug convering `false` to `locals[as]` when `options[:object]` is `false` (close #22260).
* | | | | Fix week_field returning invalid valueChristoph2015-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the W3 spec[1] the value should use a 1-based index and not a 0-based index for the week number. [1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
* | | | | Allow `host` option in javscript and css helpersGrzegorz Witek2015-11-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option to provide custom host for the asset
* | | | | Require only necessary concurrent-ruby classes.Jerry D'Antonio2015-11-044-4/+4
| | | | |
* | | | | Don’t allow arbitrary data in back urlsDamien Burke2015-11-031-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444