aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test/ujs
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #32404 from mathieumahe/masterGuillermo Iguaran2018-04-021-0/+26
|\ | | | | Extract the confirm call in its own, overridable method in rails_ujs
| * Extract the confirm call in its own, overridable method in rails_ujsMathieu2018-04-011-0/+26
| |
* | Fix typo in rails-ujs HTML content testRaymond Zhou2018-04-011-1/+1
| | | | | | | | `</ps>` is not a valid closing tag for `<p>`.
* | Pass HTML responses as plain-text in rails-ujsRaymond Zhou2018-03-191-0/+11
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | Running HTML responses through `DOMParser#parseFromString` results in complete `HTMLDocument` instances with unnecessary surrounding tags. For example: new DOMParser().parseFromString('<p>hello</p>', 'text/html') Will output: <html> <head></head> <body> <p>hello</p> </body> </html> This is passed to the `ajax:success` handler as `event.detail[0]` (`data`), but cannot be used directly without first traversing the document. To resolve this, only XML content is passed through `parseFromString`, while HTML content is treated as plain-text. This matches the behavior of jquery-ujs, which relied on jQuery's response-type inference.
* Add support for automatic nonce generation for Rails UJSAndrew White2018-02-193-12/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* Clean up and consolidate .gitignoresbogdanvlviv2018-02-171-1/+0
| | | | | | | | | | | | | | | | * Global ignores at toplevel .gitignore * Component-specific ignores in each toplevel directory * Remove `actionview/test/tmp/.keep` for JRuby ``` rm actionview/test/tmp/ -fr cd actionview/ bundle exec jruby -Itest test/template/digestor_test.rb ``` Related to #11743, #30392. Closes #29978.
* Enable to call Rails.ajax without beforeSendta1kt0me2017-10-282-1/+28
|
* Merge pull request #30513 from y-yagi/fix_30444Akira Matsuda2017-10-251-1/+3
|\ | | | | Does not include disabled element in params
| * Does not include disabled element in paramsyuuji.yaginuma2017-09-031-1/+3
| | | | | | | | | | | | | | In the case of remote, it should be the same behavior as submitting HTML form. Fixes #30444
* | Merge pull request #29127 from DmytroVasin/rails-ujs-remote-callbacksGuillermo Iguaran2017-10-191-63/+29
|\ \ | |/ |/| Fix callback in rails ujs
| * Fix callback in rails ujsVasin Dmitriy2017-06-071-63/+29
| |
* | Use ssl in guide and comment [ci skip]Yoshiyuki Hirano2017-08-191-1/+1
| |
* | Fix test directory to correct pathyuuji.yaginuma2017-07-302-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Together, fix to the following lint violation. ``` rails/actionview/test/ujs/public/test/data-confirm.js 303:11 error Strings must use singlequote quotes rails/actionview/test/ujs/public/test/data-remote.js 414:32 error Extra semicolon semi ✖ 2 problems (2 errors, 0 warnings) ```
* | Use frozen string literal in actionview/Kir Shatrov2017-07-242-0/+4
| |
* | Add jQuery to test vendor filesMarc Rendl Ignacio2017-07-202-1/+9832
| | | | | | | | | | ... so that we can run most, if not all, of rails-ujs tests without necessarily requiring an internet connection.
* | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-022-2/+0
| | | | | | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* | Enforce frozen string in RubocopKir Shatrov2017-07-012-0/+2
|/
* Define path with __dir__bogdanvlviv2017-05-231-1/+1
| | | | | | ".. with __dir__ we can restore order in the Universe." - by @fxn Related to 5b8738c2df003a96f0e490c43559747618d10f5f
* Fix mistake in JS response parser:Dmytro Vasin2017-04-131-0/+28
| | | | | | - Restore ability to accept ecmascript JS response should not modify DOM.
* Set current page as default for ajax requestsDmytro Vasin2017-04-111-22/+45
|
* Prevent event propogation if element is disabled when event chain begins.Patrick Toomey2017-03-091-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | The existing UJS event behavior relies on browsers not sending events for various events when an element is disabled. For example, imagine the following: <button type="submit" disabled="disabled">Click me</button> The above button is disabled, so browsers will not trigger a click event and all UJS behavior is prevented. However, imagine a button like this: <button type="submit" disabled="disabled"><strong>Click me</strong></button> The above is treated differently by browsers such as Chrome/Safari. These browsers do not consider the strong tag to be disabled, and will trigger click events. UJS has logic to walk up the DOM to find an associated element subject to UJS behavior. But, this logic does not take into account the disabled status of the element. I originally thought we could simply change the selectors used to match elements to ignore disabled elements. However, UJS disables some elements as part of the event chain. So, an element might match early in the chain and then fail to match later. Instead of changing the selectors I added a callback to the chain that calls `stopEverything` if an element is disabled when the event chain begins.
* Test rails-ujs in our travis matrixRafael Mendonça França2017-02-224-68/+7
|
* Import rails-ujs v0.1.0 from rails/rails-ujsGuillermo Iguaran2017-02-206-204/+23
|
* Correct spellingBenjamin Fleischer2017-02-051-1/+1
| | | | | | | ``` go get -u github.com/client9/misspell/cmd/misspell misspell -w -error -source=text . ```
* s/an/a/Akira Matsuda2017-01-261-1/+1
| | | | [ci skip]
* Fix Rubocop violations and fix documentation visibilityRafael Mendonça França2016-12-282-15/+15
| | | | | | Some methods were added to public API in 5b14129d8d4ad302b4e11df6bd5c7891b75f393c and they should be not part of the public API.
* stop using removed `render :text`yuuji.yaginuma2016-12-031-1/+1
| | | | Follow up to 79a5ea9eadb4d43b62afacedc0706cbe88c54496
* Add UJS testsGuillermo Iguaran2016-11-2620-0/+5266