Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Changed the description of some pending tests. Changed the expected output ↵ | Timm | 2014-06-15 | 1 | -3/+4 |
| | | | | of a script test. | ||||
* | Extracted one highlight test method and marked it as pending. | Timm | 2014-06-15 | 1 | -0/+3 |
| | |||||
* | Renamed the SanitizerTest class to SanitersTest, to remove the conflict with ↵ | Timm | 2014-06-15 | 1 | -1/+1 |
| | | | | the old SanitizerTest for html-scanner. | ||||
* | Added video poster sanitization testing (from @vipulnsward). | Timm | 2014-06-15 | 1 | -0/+5 |
| | |||||
* | Extracted failing tests in santiizers_test.rb into their own methods and ↵ | Timm | 2014-06-15 | 1 | -7/+71 |
| | | | | marked them as pending. | ||||
* | Changed expected value from '<b>' to empty string. | Timm | 2014-06-15 | 1 | -1/+1 |
| | |||||
* | Removed the contains_bad_protocols? method as well as the tests for it. ↵ | Timm | 2014-06-15 | 1 | -33/+0 |
| | | | | Loofah already deals with this. | ||||
* | Reordered form removal with stripping. | Timm | 2014-06-15 | 1 | -1/+1 |
| | |||||
* | Added Loofah as a dependency in actionview.gemspec. | Timm | 2014-06-11 | 1 | -0/+330 |
| | | | | | | Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb. Deprecated protocol_separator and bad_tags. Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah. | ||||
* | Removed CaptureHelper#flush_output_buffer as it is only used in tests. | Ryan Davis | 2014-06-04 | 2 | -82/+0 |
| | | | | reviewed: @tenderlove | ||||
* | Fix AS::NumberHelper results with rationals | Juanjo Bazán | 2014-05-31 | 1 | -0/+1 |
| | | | | | | | | | | :precision was incorrectly being applied to Rationals before: ActiveSupport::NumberHelper.number_to_rounded Rational(10, 3), precision: 2 => "3.3" after: ActiveSupport::NumberHelper.number_to_rounded Rational(10, 3), precision: 2 => "3.33" | ||||
* | Merge pull request #15021 from hubertlepicki/allow_custom_host_in_asset_url | Rafael Mendonça França | 2014-05-16 | 1 | -0/+15 |
|\ | | | | | | | Allow custom asset host to be passed in asset_url | ||||
| * | Allow custom asset host to be passed in asset_url | Hubert Łępicki | 2014-05-08 | 1 | -0/+15 |
| | | |||||
* | | minor: point to the right test suite location | azul | 2014-05-14 | 1 | -1/+1 |
| | | |||||
* | | Fix assertion order and :scissors: extra spaces | Carlos Antonio da Silva | 2014-05-13 | 1 | -2/+2 |
| | | |||||
* | | Merge pull request #15068 from josepjaume/patch-1 | Aaron Patterson | 2014-05-13 | 1 | -0/+6 |
|\ \ | | | | | | | Dup options hash to prevent modifications | ||||
| * | | Dup options hash to prevent modifications | Josep Jaume Rey | 2014-05-13 | 1 | -0/+6 |
| |/ | | | | | | | `options[:default]` and `options[:raise]` can be mistakenly added to the `options` hash. This can be a problem if you're reusing the same object. | ||||
* / | simplified route method name generation | Coraline Ada Ehmke + Aaron Patterson | 2014-05-12 | 1 | -0/+2 |
|/ | |||||
* | Include label value in i18n attribute lookup | Joshua Cody | 2014-05-06 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | | | | | | | Previously, only the object and method name from the label tag were used when looking up the translation for a label. If a value is given for the label, this ought to be additionally used. The following: # form.html.erb <%= form_for @post do |f| %> <%= f.label :type, value: "long" %> <% end %> # en.yml en: activerecord: attributes: post/long: "Long-form Post" Used to simply return "long", but now it will return "Long-form Post". | ||||
* | always pass options to the _url method | Aaron Patterson | 2014-05-01 | 1 | -3/+13 |
| | |||||
* | always use File.join | phoet | 2014-05-01 | 1 | -0/+8 |
| | |||||
* | Merge pull request #13335 from glorieux/favicon_link_tag_mimetype | Rafael Mendonça França | 2014-04-22 | 1 | -3/+3 |
|\ | | | | | Change favicon_link_tag helper mimetype from image/vnd.microsoft.icon to image/x-icon. | ||||
| * | Change favicon_link_tag helper mimetype from image/vnd.microsoft.icon to ↵ | glorieux | 2014-04-21 | 1 | -3/+3 |
| | | | | | | | | | | | | | | | | image/x-icon. Although the official IANA-registered MIME type for ICO files is image/vnd.microsoft.icon, registered in 2003, it was submitted to IANA by a third party and is not recognized by Microsoft products. The MIME type image/x-icon should be used since is the one recognized by the major browsers on the market. | ||||
* | | Add test for using ActionView::Helpers::FormHelper.label with block and html | Zachary Scott | 2014-04-22 | 1 | -0/+7 |
|/ | |||||
* | Remove wrapper div for inputs in button_to | Rafael Mendonça França | 2014-04-17 | 1 | -20/+20 |
| | | | | Related with cbb917455f306cf5818644b162f22be09f77d4b2 | ||||
* | Merge pull request #14738 from tilsammans/pull/11407 | Rafael Mendonça França | 2014-04-17 | 2 | -8/+12 |
|\ | | | | | | | | | | | | | Remove wrapping div with inline styles for hidden form fields. Conflicts: actionview/CHANGELOG.md | ||||
| * | Remove wrapping div with inline styles for hidden form fields. | Joost Baaij | 2014-04-14 | 2 | -8/+12 |
| | | | | | | | | | | | | We are dropping HTML 4.01 and XHTML strict compliance since input tags directly inside a form are valid HTML5, and the absense of inline styles help in validating for Content Security Policy. | ||||
* | | Use the index on hidden field | Rafael Mendonça França | 2014-04-14 | 1 | -1/+1 |
| | | |||||
* | | `collection_check_boxes` respects `:index` option for the hidden filed name. | Vasiliy Ermolovich | 2014-04-14 | 1 | -0/+7 |
|/ | | | | closes #14147 | ||||
* | CollectionHelpers now accepts a readonly option | Mauro George | 2014-04-12 | 1 | -0/+44 |
| | |||||
* | Add test for selected and disabled custom attributes in options_for_select | Laura Paredes | 2014-03-31 | 1 | -1/+21 |
| | |||||
* | Fix date_select option overwriting html classes | Izumi Wong-Horiuchi | 2014-03-24 | 1 | -0/+16 |
| | | | | | with_css_classes: true option overwrites other html classes. Concatenate day month and year classes rather than overwriting. | ||||
* | Digestor should just rely on the finder to know about the format and the ↵ | David Heinemeier Hansson | 2014-03-21 | 1 | -10/+7 |
| | | | | variant -- trying to pass it back in makes a mess of things (oh, and doesnt work) | ||||
* | fix `number_to_percentage` with `Float::NAN`, `Float::INFINITY`. | Yves Senn | 2014-03-17 | 1 | -0/+3 |
| | | | | | | | Closes #14405. This is a follow-up to 9e997e9039435617b6a844158f5437e97f6bc107 to restore the documented behavior. | ||||
* | Merge pull request #12662 from nashby/include-hidden-collection | Rafael Mendonça França | 2014-03-15 | 1 | -0/+7 |
|\ | | | | | | | | | | | | | | | add include_hidden option to collection_check_boxes helper Conflicts: actionview/CHANGELOG.md actionview/test/template/form_collections_helper_test.rb | ||||
| * | add include_hidden option to collection_check_boxes helper | Vasiliy Ermolovich | 2013-10-27 | 1 | -0/+7 |
| | | |||||
* | | Clarify AV::Digestor.digest method signature docs and deprecation warning | Jeremy Kemper | 2014-03-15 | 1 | -2/+2 |
| | | |||||
* | | Fix the resolver cache and stop mutating the lookup_context | Rafael Mendonça França | 2014-03-14 | 2 | -21/+0 |
| | | | | | | | | | | Before we had a bug in the resolver cache so the disable_cache were not working when passing options to find | ||||
* | | Introduce #with_formats_and_variants to prevent problems with mutating ↵ | Łukasz Strzałkowski | 2014-03-14 | 2 | -0/+21 |
| | | | | | | | | finder object | ||||
* | | Add mocked disable_cache for FixtureFinder | Łukasz Strzałkowski | 2014-03-14 | 1 | -0/+4 |
| | | |||||
* | | Set format in finder | Łukasz Strzałkowski | 2014-03-14 | 1 | -3/+8 |
| | | |||||
* | | Ensure LookupContext in Digestor selects correct variant | Piotr Chmolowski | 2014-03-09 | 2 | -3/+19 |
| | | | | | | | | | | | | | | | | | | | | Related to: #14242 #14243 14293 Variants passed to LookupContext#find() seem to be ignored, so I've used the setter instead: `finder.variants = [ variant ]`. I've also added some more test cases for variants. Hopefully this time passing tests will mean it actually works. | ||||
* | | Variants in ActionView::Digestor | Piotr Chmolowski | 2014-03-04 | 1 | -8/+27 |
| | | | | | | | | | | | | | | | | | | | | | | Take variants into account when calculating template digests in ActionView::Digest. Digestor#digest now takes a hash as an argument to support variants and allow more flexibility in the future. Old-style arguments have been deprecated. Fixes #14242 | ||||
* | | fixes default attributes for button_tag | Sergey Prikhodko | 2014-03-03 | 1 | -0/+5 |
| | | |||||
* | | refactor, with_locale is not needed because I18n is mocked. | Yves Senn | 2014-02-24 | 1 | -7/+5 |
| | | | | | | | | | | This is a follow up to #14170. While backporting I recognized that this call is not needed at all. | ||||
* | | Fix ActionView label translation for more than 10 nested elements | Vladimir Krylov | 2014-02-24 | 1 | -0/+14 |
| | | |||||
* | | refactor, extract `with_locale` helper. | Yves Senn | 2014-02-24 | 1 | -87/+79 |
| | | |||||
* | | Use the reference for the mime type to get the format | Rafael Mendonça França | 2014-02-18 | 2 | -0/+34 |
| | | | | | | | | | | | | | | | | Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082 | ||||
* | | Merge branch '4-1-0-beta2' | Rafael Mendonça França | 2014-02-18 | 1 | -0/+39 |
|\ \ | | | | | | | | | | | | | | | | Conflicts: actionview/CHANGELOG.md activerecord/CHANGELOG.md | ||||
| * | | Escape format, negative_format and units options of number helpers | Rafael Mendonça França | 2014-02-18 | 1 | -0/+39 |
| | | | | | | | | | | | | | | | | | | | | | Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081 |