| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Per-form CSRF tokens
|
| | |
|
| | |
|
|/
|
|
|
|
|
| |
This fixes the case when you try to render an html you know safe and the
file is named something.html. With this commit the content of the html
won't be escaped anymore because AV won't use Raw handler and choose
Html handler instead.
|
|\
| |
| |
| |
| | |
stevenspiel/titleize_model_name_for_default_submit_button_value
titleize the model name on default submit buttons
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
the radios
Fixes #22773
|
| |
| |
| |
| |
| |
| |
| | |
Fixes #22827
ActionView::TestCase::TestController#parameters should return an
instance of ActionController::Parameters rather than a hash. This
enables helper methods to use the correct interface.
|
|\ \
| | |
| | | |
Add support for Petabyte and Exabyte in number to human size
|
| |/ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I've worked on a few applications that have gone through the
internationalization process and had issues because they were using
`number_to_currency`. The minute a user is allowed to change their
locale, they can change the price displayed on a page from 10 US dollars
to 10 Mexican Pesos, which is far from the same amount of money.
Unlike other helpers that rely on i18n, `number_to_currency` does not
produce equivalent results when the locale is changed.
As I've explained this to a few groups of developers now, I thought it
might make for a good caveat in the docs.
|
|/ |
|
|
|
|
| |
`div_for` removed in 01e94ef
|
|\
| |
| | |
wrapping i18n missing keys made optional
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`I18n.translate` helper will wrap the missing translation keys
in a <span> tag only if `debug_missing_translation` configuration has
a truthy value. Default value is `true`. For example in `application.rb`:
# in order to turn off missing key wrapping
config.action_view.debug_missing_translation = false
|
|/
|
|
| |
:tada: :beers:
|
|
|
|
|
|
| |
Introduced in e56c63542780fe2fb804636a875f95cae08ab3f4, `CacheHelper#fragment_cache_key` is a duplicate of `ActionController::Caching::Fragments#fragment_cache_key`.
We now require the view to provide this method on its own (as with `view_cache_dependencies`); `ActionController::Caching::Fragments` exports its version as a `helper_method`.
|
|\
| |
| | |
Fix improper value types used to instantiate a Template in AV::NullResol...
|
| |
| |
| |
| |
| |
| |
| | |
While trying to provide a reproducible test for #17008 I stumbled on
this one. Seems to be quite an old piece of code, but its definitely
useful in situations like the reproducible test cases like the one
above.
|
| | |
|
|\ \ |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This commit fixes the bug convering `false` to `locals[as]` when
`options[:object]` is `false` (close #22260).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.
[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
|
| | |
| | |
| | |
| | |
| | | |
Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option
to provide custom host for the asset
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
{day: params[:day].to_i, month: params[:month].to_id}
Adds in test test_date_select_with_selected_in_hash and change log
fixes typo in CHANGELOG
|
| |
| |
| |
| |
| |
| | |
It's already represented in the key name. Demonstrate with a test.
Also test that the default isn't output.
|
| | |
|
|\ \
| | |
| | | |
Follow DRY principle and remove duplication
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
|\ \
| | |
| | | |
Fix usage of word alternatively in docs [ci skip]
|
| | | |
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Fix - Prevent adding of `data-disable-with` option twice in html.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Earlier
when `data-disable-with` option is added direclty as in options then
```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." data-disable-with="Processing..." />
```
Now
when `data-disable-with` option is added direclty as in options then
```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." />
```
|
|\ \ \
| | | |
| | | | |
[ci skip] Fix which method `FormHelper#date_field` try to call
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When this method was implemented
(https://github.com/rails/rails/pull/5016/files), `to_date` is called.
But this behavior was chagned refactoring
(https://github.com/rails/rails/pull/6452/files).
In the first commit, there were not test which asserts `to_date` is called.
I think trying `to_date` is more useful than trying `strftime`, because
we can write `"2015-01-01".to_date`. But first fix comments to match
actual behavior.
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Handle nested fields_for by adding indexes to record_name
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In case of the form with nested fields_for, i. e.
<%= form_for :foos, url: root_path do |f| %>
<% @foos.each do |foo| %>
<%= f.fields_for 'foo[]', foo do |f2| %>
<%= f2.text_field :id %>
<% foo.bars.each do |bar| %>
<%= f2.fields_for 'bar[]', bar do |b| %>
<%= b.text_field :id %>
<% end %>
<% end %>
<% end %>
<% end %>
<%= f.submit %>
<% end %>
rails doesn't add index for 'foo' in the inner fields_for block, so field names
in the outer fields_for looks like "foos[foo][#{foo_index}][id]" and in the
inner "foos[foo[]][bar][#{bar_index}][id]". Submitting of such form leads to an
error like:
>ActionController::BadRequest (Invalid request parameters: expected Array
>(got Rack::QueryParser::Params) for param `foo'):
This commit adds indexes for the foos in the inner blocks, so field names
become "foos[foo][#{foo_index}][bar][#{bar_index}][id]" and submitting of such
form works fine as expected.
Fixes #15332
|
| | | |
| | | |
| | | |
| | | |
| | | | |
This will avoid a error be raised when the only input on the form is the
`collection_radio_buttons`.
|