| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
|
| |
| |
| |
| |
| |
| | |
Regexp#match? should be considered to be part of the Ruby core library. We are
emulating it for < 2.4, but not having to require the extension is part of the
illusion of the emulation.
|
|/ |
|
|\
| |
| |
| | |
Convert ActionController::Parameters to a hash in button_to
|
|/
|
|
|
|
|
|
|
|
|
| |
Before, an error would be raised saying that the method `to_param` was
undefined on the instance of `ActionController::Parameters`. Now, we are
checking to see if the `params` object being passed to `button_to`
responds to the `permitted?` method, and if so, we will call `to_h` on it. If it
does not respond to `permitted?`, then the `params` will remain
unchanged.
[Jon Moss, Rafael Mendonça França]
|
|
|
|
|
|
|
|
|
|
| |
[ci skip]
See https://github.com/rails/rails/issues/26518#issuecomment-252826489
@dhh:
> I'd support symbol-only keys going forward with these new APIs.
> We can break with the past here since the tag proxy is new and so is form_with.
|
| |
|
|\
| |
| | |
Undeprecate plural positional argument
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```ruby
pluralize people.count, 'person', 'people'
```
reads more naturally than
```ruby
pluralize people.count, 'person', plural: 'people'
```
so let's not deprecate it.
We could label both, but that's a mouthful:
```ruby
pluralize people.count, singular: 'person', plural: 'people'
```
(The `plural:` kwarg shipped in 5.0.0, so we're keeping it.)
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this lets you pass ruby keywords to templates:
<%= render 'example', class: "cool" %>
<%= render 'example', "spaces are" => "a-ok" %>
<%= render 'example', Foo: "bar" %>
Previously you'd see confusing syntax errors like this:
SyntaxError (.../_example.html.erb:1: syntax error, unexpected '='
Now you can reference invalid identifiers through local_assigns.
If you try to use an invalid keyword (e.g. class) in your template, you
get a syntax error on the line where you use it.
|
| |
|
| |
|
|\
| |
| | |
DRYing duplicate methods
|
| | |
|
|/
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But comments was still kept absolute position. This commit aligns
comments with method definitions for consistency.
|
|
|
|
|
|
|
|
|
| |
Recently, the Rails team made an effort to keep the source code consistent, using Ruboco
(bb1ecdcc677bf6e68e0252505509c089619b5b90 and below). Some of the case
statements were missed.
This changes the case statements' formatting and is consistent with changes
in 810dff7c9fa9b2a38eb1560ce0378d760529ee6b and db63406cb007ab3756d2a96d2e0b5d4e777f8231.
|
|
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But heredocs was still kept absolute position. This commit aligns
heredocs indentation for consistency.
|
| |
|
| |
|
|
|
|
| |
add `# Let's say that @user.receive_newsletter returns "no":` for `def radio_button(object_name, method, tag_value, options = {})`.
fix `# Let's say that @user.category returns "no":` to `# Let's say that @user.receive_newsletter returns "no":`
|
|
|
|
|
|
|
|
| |
This removes the following warning.
```
actionview/lib/action_view/helpers/asset_tag_helper.rb:291: warning: shadowing outer local variable - options
```
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Adding all those `public_*` methods is a bit heavy handed, we can change the API to instead use `public_folder: true`. Change was pretty easy since it was already implemented that way.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
We want to make it more explicit when a user wants to avoid the asset pipeline to do this we will add `public_*` methods to all path helpers. So if someone wants to use an asset that isn't maintained by the asset pipeline they can use `public_asset_path` instead of `asset_path` and letting it fall through.
The main reason for this change is the desire to raise helpful errors in the future. Right now if you typo an asset name, then we assume you intended an asset in the `public/` folder and not in the pipeline so nothing fails and the error sits silently until you realize the page didn't render correctly. We have to deprecate today so we can raise meaningful error messages in the future.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usually users extends tests classes doing something like:
ActionView::TestCase.include MyCustomTestHelpers
This is bad because it will load the ActionView::TestCase right aways
and this will load ActionController::Base making its on_load hooks to
execute early than it should.
One way to fix this is using the on_load hooks of the components like:
ActiveSupport.on_load(:action_view) do
ActionView::TestCase.include MyCustomTestHelpers
end
The problem with this approach is that the test extension will be only
load when ActionView::Base is loaded and this may happen too late in the
test.
To fix this we are adding hooks to people extend the test classes that
will be loaded exactly when the test classes are needed.
|
|
|
|
|
|
|
| |
We can eliminate a conditional by calling a different instrumentation
method depending on the situation. In this case, we'll call the special
case "!render_template" instrumentation method and eliminate the case /
when clause from the `instrument` method.
|
|
|
|
| |
Ruby already does this freeze for us.
|
|
|
|
|
|
|
| |
CacheHelper is mixed in to Helpers, Helpers is mixed in to AV::Base.
This means we can count on instances of AV::Base to have the "cache hit"
method on them, and we can stop setting an ivar for cache logging and
just ask the view if it was a cache hit.
|
|
|
|
|
|
| |
Freeze string literals and use String instead of
Regex inside gsub call. This should improve performance from 20% up to
50% on most cases.
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|
|
|
|
| |
Caused by #26092.
|
| |
|