aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test/template/url_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Don’t allow arbitrary data in back urlsDamien Burke2015-11-031-0/+17
| | | | | | | | | | | | | `link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
* Add tests to make sure mail_to work with nil and SafeBufferRafael Mendonça França2015-11-031-0/+14
|
* `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-0/+14
| | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* no more require minitest mockGaurav Sharma2015-08-271-1/+0
|
* Encode the email address as prescribed in RFC 6068 section 2.Clayton Smith2015-07-231-0/+7
|
* use the right assertions.Yves Senn2015-05-051-2/+2
| | | | | | | Prompted by: https://github.com/rails/rails/commit/e38dd7bfa4360e241eadf0cf44abdf86ea33a393#commitcomment-11011496 /cc @kuldeepaggarwal
* add test-case for `link_to_if` behavior with a block.Yves Senn2015-05-011-0/+10
| | | | | | | This illustrates the purpose of the block for `link_to_if` and `link_to_unless` helper methods. It should help to prevent further mistakes like #19844.
* Revert "Merge pull request #19844 from ↵Yves Senn2015-05-011-5/+0
| | | | | | | | | | | | | | | | | | | | | stevenspiel/link_to_if_block_helper_addition" This reverts commit d459b001b43d25053e7982e96eb8383538a6e358, reversing changes made to 4d4950fae9e2a6970b5f1793aadc56a0b44e28a3. :sweat: The block is not supposed to be passed to `link_to`. It's used for a customized behavior of the `condtion = false` case. The docs illustrate that like so: ``` <%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user }) end %> ```
* Merge pull request #19844 from stevenspiel/link_to_if_block_helper_additionYves Senn2015-05-011-0/+5
| | | | Update url_helper.rb
* Merge pull request #17143 from kuldeepaggarwal/fix-mailToRafael Mendonça França2015-02-201-0/+5
|\ | | | | | | mail_to helper method fix
| * do not generate blank options in mailToKuldeep Aggarwal2014-10-021-0/+5
| | | | | | | | | | when mail_to generate blank options for any passed options(cc, bcc, body, subject) then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
* | Removed magic comments # encoding: utf-8 , since its default from ruby 2.0 ↵Vipul A M2015-02-031-1/+0
| | | | | | | | onwards.
* | Fixed test for deprecation warning in actionview, renaming from ↵Vipul A M2015-01-311-9/+9
| | | | | | | | https://github.com/rails/rails/commit/baf14ae513337cb185acf865e93dfc48f3aabf6a
* | Add support for Reply-To field in mail_to helperMark Dodwell2014-12-201-2/+2
|/
* Included DomAssertions in url_helper- and atom_feed_helper_test.rb.Timm2014-06-161-1/+1
|
* Moved Dom and Selector assertions from ActionDispatch to ActionView.Timm2014-06-161-1/+1
|
* Remove wrapper div for inputs in button_toRafael Mendonça França2014-04-171-20/+20
| | | | Related with cbb917455f306cf5818644b162f22be09f77d4b2
* Adding an documentation example and a test to button_to with pathAttila Domokos2014-02-021-0/+7
| | | I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
* Merge pull request #10471 from andyw8/button_to_paramsRafael Mendonça França2013-10-241-0/+7
|\ | | | | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md
| * Add params option for button_toAndy Waite2013-09-181-0/+7
| | | | | | | | | | | | The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes.
* | Fix failure with minitest 5.0.7Carlos Antonio da Silva2013-09-061-0/+1
|/ | | | | | | | | | | | | Require minitest/mock in test where stub method is needed. Apparently this was being "imported" by minitest pride plugin, which previously required "minitest/autorun", that required "minitest/mock", making the method available by chance. It has been changed in minitest: https://github.com/seattlerb/minitest/commit/595ce955c0d89575726d10fc18d2afd8f334bcbe So we need to make sure we require what we really need where necessary.
* Make current_page? compare binary stringsRafael Mendonça França2013-08-011-0/+8
|
* Fix `current_page?` when the URL contains escaped charactersRafael Mendonça França2013-08-011-0/+13
| | | | | | | In some cases webservers like nginx send the escaped characters lowercased to the Rails application. The current_page? helper was comparing the escaped strings that are different since Ruby escapes the URL using uppercased characters.
* Fix link_to with block and url_hashsanemat2013-07-071-0/+7
| | | | | | Use link_to with block and url_hash, expect block as name. But ignore block and use url_hash as name. 3-2-stable passes this test. 4-0-stable and master fail this.
* Remove action view test duplicationsanemat2013-07-071-3/+0
| | | | Same test exists above 2 or 3 lines.
* Remove unneeded filesPiotr Sarnacki2013-06-201-1/+0
|
* Move template tests from actionpack to actionviewPiotr Sarnacki2013-06-201-0/+759