| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`BigDecimal.new` has been deprecated in BigDecimal 1.3.3
which will be a default for Ruby 2.5.
Refer
https://github.com/ruby/bigdecimal/commit/533737338db915b00dc7168c3602e4b462b23503
* This commit has been made as follows:
```
cd rails
git grep -l BigDecimal.new | grep -v guides/source/5_0_release_notes.md | grep -v activesupport/test/xml_mini_test.rb | xargs sed -i -e "s/BigDecimal.new/BigDecimal/g"
```
- `activesupport/test/xml_mini_test.rb`
Editmanually to remove `.new` and `::`
- guides/source/5_0_release_notes.md
This is a Rails 5.0 release notes.
|
|
|
|
| |
Follow up of #31390.
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
if data attribute is nil it is ignored
if value is nil the pair is ignored
if value is nil it is skipped
Improved test for data attr nil
|
|
|
|
|
|
| |
of html_safe in favour of raw() in AV helpers.
Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After c2fe093, which was reverted yesterday, there will likely be
future PRs to address #17661.
The test `actionview/test/template/capture_helper_test.rb
#test_capture_returns_nil_if_the_returned_value_is_not_a_string` should
have errored with c2fe093, but it was rewritten in the PR to not raise.
My guess is that it may have seemed irrelevant to the content_tag tests
or already covered by them.
This test provides additional protection by being in the content_tag
test suite to explicitly raise a red flag in future cases. It foregoes
some redundancy for safety — at least until #17661 is closed.
|
| |
|
|
|
|
| |
This reverts commit c2fe0938d7201d4ce0bb2f25e72bf5f70df128af.
|
|
|
|
|
|
|
| |
This has been discussed in #17661 and partially reverts the changes made
in 9de83050d3a4b260d4aeb5d09ec4eb64f913ba64 and 986cac73e3c56b3dfa22fd1464f6913e38d32cc3
The test case added to content_for acts as a regression / acceptance test.
|
| |
|
|
|
|
| |
(This is a manual merge of #9102)
|
|
|
|
| |
similar to Array.join by first calling flatten.
|
|
|
|
|
| |
Rails 3.2 API allowed arbitrary input for cdata_section;
this change re-introduces the old behaviour.
|
|
|