aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test/template/url_helper_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix button_to's params option to support nested names.James Coleman2016-02-191-2/+44
| | | | | | In e6e0579defcfcf94ef1c4c1c7659f374a5335cdb the `params` option was added to the `button_to` helper. However, the patch doesn't support nested hashes so `{a: {b: 'c'}}` for example gets turned into a hidden form input with the name 'a' and the value being the string representation of the `{b: 'c'}` nested hash. Since Rails supports nested hashes everywhere else (and even in the URL params of link_to and button_to), I believe this to be a bug/unfinished feature.
* html_safe is not supposed to be public API for AV. This change removes usage ↵Vipul A M2016-01-201-10/+10
| | | | | | of html_safe in favour of raw() in AV helpers. Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
* add option for per-form CSRF tokensBen Toews2016-01-041-1/+1
|
* Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-9/+0
|
* Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-0/+4
|\ | | | | In url_for, never append ? when the query string is empty anyway.
| * In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | Don’t allow arbitrary data in back urlsDamien Burke2015-11-031-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | `link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
* | Add tests to make sure mail_to work with nil and SafeBufferRafael Mendonça França2015-11-031-0/+14
|/
* `url_for` does not modify polymorphic optionsBernerd Schaefer2015-09-041-0/+14
| | | | | | | | | | | | | | | | | The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
* no more require minitest mockGaurav Sharma2015-08-271-1/+0
|
* Encode the email address as prescribed in RFC 6068 section 2.Clayton Smith2015-07-231-0/+7
|
* use the right assertions.Yves Senn2015-05-051-2/+2
| | | | | | | Prompted by: https://github.com/rails/rails/commit/e38dd7bfa4360e241eadf0cf44abdf86ea33a393#commitcomment-11011496 /cc @kuldeepaggarwal
* add test-case for `link_to_if` behavior with a block.Yves Senn2015-05-011-0/+10
| | | | | | | This illustrates the purpose of the block for `link_to_if` and `link_to_unless` helper methods. It should help to prevent further mistakes like #19844.
* Revert "Merge pull request #19844 from ↵Yves Senn2015-05-011-5/+0
| | | | | | | | | | | | | | | | | | | | | stevenspiel/link_to_if_block_helper_addition" This reverts commit d459b001b43d25053e7982e96eb8383538a6e358, reversing changes made to 4d4950fae9e2a6970b5f1793aadc56a0b44e28a3. :sweat: The block is not supposed to be passed to `link_to`. It's used for a customized behavior of the `condtion = false` case. The docs illustrate that like so: ``` <%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user }) end %> ```
* Merge pull request #19844 from stevenspiel/link_to_if_block_helper_additionYves Senn2015-05-011-0/+5
| | | | Update url_helper.rb
* Merge pull request #17143 from kuldeepaggarwal/fix-mailToRafael Mendonça França2015-02-201-0/+5
|\ | | | | | | mail_to helper method fix
| * do not generate blank options in mailToKuldeep Aggarwal2014-10-021-0/+5
| | | | | | | | | | when mail_to generate blank options for any passed options(cc, bcc, body, subject) then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
* | Removed magic comments # encoding: utf-8 , since its default from ruby 2.0 ↵Vipul A M2015-02-031-1/+0
| | | | | | | | onwards.
* | Fixed test for deprecation warning in actionview, renaming from ↵Vipul A M2015-01-311-9/+9
| | | | | | | | https://github.com/rails/rails/commit/baf14ae513337cb185acf865e93dfc48f3aabf6a
* | Add support for Reply-To field in mail_to helperMark Dodwell2014-12-201-2/+2
|/
* Included DomAssertions in url_helper- and atom_feed_helper_test.rb.Timm2014-06-161-1/+1
|
* Moved Dom and Selector assertions from ActionDispatch to ActionView.Timm2014-06-161-1/+1
|
* Remove wrapper div for inputs in button_toRafael Mendonça França2014-04-171-20/+20
| | | | Related with cbb917455f306cf5818644b162f22be09f77d4b2
* Adding an documentation example and a test to button_to with pathAttila Domokos2014-02-021-0/+7
| | | I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
* Merge pull request #10471 from andyw8/button_to_paramsRafael Mendonça França2013-10-241-0/+7
|\ | | | | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md
| * Add params option for button_toAndy Waite2013-09-181-0/+7
| | | | | | | | | | | | The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes.
* | Fix failure with minitest 5.0.7Carlos Antonio da Silva2013-09-061-0/+1
|/ | | | | | | | | | | | | Require minitest/mock in test where stub method is needed. Apparently this was being "imported" by minitest pride plugin, which previously required "minitest/autorun", that required "minitest/mock", making the method available by chance. It has been changed in minitest: https://github.com/seattlerb/minitest/commit/595ce955c0d89575726d10fc18d2afd8f334bcbe So we need to make sure we require what we really need where necessary.
* Make current_page? compare binary stringsRafael Mendonça França2013-08-011-0/+8
|
* Fix `current_page?` when the URL contains escaped charactersRafael Mendonça França2013-08-011-0/+13
| | | | | | | In some cases webservers like nginx send the escaped characters lowercased to the Rails application. The current_page? helper was comparing the escaped strings that are different since Ruby escapes the URL using uppercased characters.
* Fix link_to with block and url_hashsanemat2013-07-071-0/+7
| | | | | | Use link_to with block and url_hash, expect block as name. But ignore block and use url_hash as name. 3-2-stable passes this test. 4-0-stable and master fail this.
* Remove action view test duplicationsanemat2013-07-071-3/+0
| | | | Same test exists above 2 or 3 lines.
* Remove unneeded filesPiotr Sarnacki2013-06-201-1/+0
|
* Move template tests from actionpack to actionviewPiotr Sarnacki2013-06-201-0/+759
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 14:43:49 +0000