aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-0/+7
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-221-0/+7
| | | | | | | | | | | | rails view directory CVE-2016-0752
* | html_safe is not supposed to be public API for AV. This change removes usage ↵Vipul A M2016-01-209-33/+33
| | | | | | | | | | | | of html_safe in favour of raw() in AV helpers. Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
* | Merge pull request #20046 from yoongkang/ladidaRafael Mendonça França2016-01-161-0/+13
|\ \ | | | | | | | | | Use ActiveSupport::SafeBuffer when flushing content_for
| * | Use ActiveSupport::SafeBuffer when flushing content_forYoong Kang Lim2015-05-251-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when content_for is flushed, the content was replaced directly by a new value in ActionView::OutputFlow#set. The problem is this new value passed to the method may not be an instance of ActiveSupport::SafeBuffer. This change forces the value to be set to a new instance of ActiveSupport::SafeBuffer.
* | | Merge pull request #20638 from jaimeiniesta/locale-aware-pluralize-helperKasper Timm Hansen2016-01-101-10/+22
|\ \ \ | | | | | | | | Pass the current locale to Inflector from the pluralize text helper.
| * | | Pass the current locale to Inflector from the pluralize text helper.Jaime Iniesta2016-01-101-10/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pluralize text helper uses the Inflector to determine the plural form. The inflector accepts an optional parameter for the locale, so we can pass it from the text helper to have locale-aware pluralizations on the text helpers level. The pluralize text helper now only accepts 2 positional arguments: `count` and `singular`. Passing `plural` as a positional argument is now deprecated.
* | | | Suppress warning (instance variable @persisted not initialized)yui-knk2016-01-071-0/+1
| | | |
* | | | Merge pull request #22275 from mastahyeti/per-form-csrfRafael França2016-01-061-1/+1
|\ \ \ \ | | | | | | | | | | Per-form CSRF tokens
| * | | | add option for per-form CSRF tokensBen Toews2016-01-041-1/+1
| | | | |
* | | | | Add Html template handler that wraps Raw output in an OutputBufferSantiago Pastorino2016-01-053-1/+9
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This fixes the case when you try to render an html you know safe and the file is named something.html. With this commit the content of the html won't be escaped anymore because AV won't use Raw handler and choose Html handler instead.
* | | | Merge pull request #22764 from ↵Rafael França2016-01-042-3/+41
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | stevenspiel/titleize_model_name_for_default_submit_button_value titleize the model name on default submit buttons
| * | | | downcase default submit button value's model nameSteven Spiel2016-01-012-3/+41
| | |_|/ | |/| |
* | | | Fix collection_radio_buttons' hidden_field name and make it appear before ↵Santiago Pastorino2015-12-312-24/+24
| | | | | | | | | | | | | | | | | | | | | | | | the radios Fixes #22773
* | | | Merge pull request #22829 from jcoyne/test_parametersYves Senn2015-12-301-0/+4
|\ \ \ \ | | | | | | | | | | TestController#parameters returns AC::Parameters
| * | | | TestController#parameters returns AC::ParametersJustin Coyne2015-12-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #22827 ActionView::TestCase::TestController#parameters should return an instance of ActionController::Parameters rather than a hash. This enables helper methods to use the correct interface.
* | | | | Fix typoAkshay Vishnoi2015-12-301-1/+1
|/ / / /
* / / / fix TypeError when using submit_tag with Symbol valueyuuji.yaginuma2015-12-241-0/+7
|/ / /
* | | Merge pull request #22462 from lxsameer/i18n_html_wrapRafael França2015-12-181-0/+10
|\ \ \ | | | | | | | | wrapping i18n missing keys made optional
| * | | debug_missing_translation configuration added to action_viewSameer Rahmani2015-12-181-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `I18n.translate` helper will wrap the missing translation keys in a <span> tag only if `debug_missing_translation` configuration has a truthy value. Default value is `true`. For example in `application.rb`: # in order to turn off missing key wrapping config.action_view.debug_missing_translation = false
* | | | Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-181-9/+0
|\ \ \ \ | |/ / / |/| | | Prevent ActionController::Parameters in url_for
| * | | Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-9/+0
| | | |
* | | | Add missing test cases for asset_pathAkshay Vishnoi2015-12-171-0/+2
| | | |
* | | | deletes commented code introduced in db045db (initial commit)Tony Ta2015-12-151-17/+0
| | | |
* | | | deletes commented code introduced in 4673c47dTony Ta2015-12-151-5/+0
| | | |
* | | | Remove ActionView::Helpers::CacheHelper#fragment_cache_keySam Stephenson2015-12-141-0/+4
|/ / / | | | | | | | | | | | | | | | Introduced in e56c63542780fe2fb804636a875f95cae08ab3f4, `CacheHelper#fragment_cache_key` is a duplicate of `ActionController::Caching::Fragments#fragment_cache_key`. We now require the view to provide this method on its own (as with `view_cache_dependencies`); `ActionController::Caching::Fragments` exports its version as a `helper_method`.
* | | Merge pull request #21241 from pdg137/masterArthur Nogueira Neves2015-11-261-0/+4
|\ \ \ | | | | | | | | In url_for, never append ? when the query string is empty anyway.
| * | | In url_for, never append ? when the query string is empty anyway.Paul Grayson2015-10-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
* | | | Bring back `===` stubbing in `time_zone_select` test.Kasper Timm Hansen2015-11-221-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Erroneously removed in 58910dc7. The stubbing was a regression test to ensure `time_zone_select` wasn't implemented with `grep`. Rename the test and add a comment to make the intent clearer.
* | | | Ditch `each_with_index` for `each`.Kasper Timm Hansen2015-11-221-1/+1
| | | | | | | | | | | | | | | | We never touch the index, so don't bother.
* | | | Don't cache fake time zones.Kasper Timm Hansen2015-11-221-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling `test_time_zone_select_with_priority_zones_as_regexp` it would define `=~` on the fake zones, but it would never be cleaned up because of the zone cache. Nuke it so `test_time_zone_select_with_priority_zones_as_regexp_using_grep_finds_no_zones` accidentally find any zones because of `=~` being implemented.
* | | | Merge pull request #21615 from ronakjangir47/actionViewpart2Kasper Timm Hansen2015-11-225-79/+133
|\ \ \ \ | | | | | | | | | | Removed Mocha from Action View
| * | | | Removed Mocha from Action ViewRonak Jangir2015-09-235-79/+133
| | | | |
* | | | | Example of setting data attributes for image_tagNishant Modak2015-11-201-1/+2
| | | | |
* | | | | Respect value of `:object` if `:object` is false when renderingyui-knk2015-11-132-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes the bug convering `false` to `locals[as]` when `options[:object]` is `false` (close #22260).
* | | | | Fix week_field returning invalid valueChristoph2015-11-101-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the W3 spec[1] the value should use a 1-based index and not a 0-based index for the week number. [1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
* | | | | Allow `host` option in javscript and css helpersGrzegorz Witek2015-11-081-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option to provide custom host for the asset
* | | | | Don’t allow arbitrary data in back urlsDamien Burke2015-11-031-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
* | | | | Add tests to make sure mail_to work with nil and SafeBufferRafael Mendonça França2015-11-031-0/+14
| | | | |
* | | | | Deprecate exception#original_exception in favor of exception#causeYuki Nishijima2015-11-032-9/+24
| |/ / / |/| | |
* | | | making selected value to accept Hash like the default option. E.g. selected: ↵Lecky Lao2015-10-291-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | {day: params[:day].to_i, month: params[:month].to_id} Adds in test test_date_select_with_selected_in_hash and change log fixes typo in CHANGELOG
* | | | Merge pull request #22116 from gsamokovarov/fix-form-for-block-testYves Senn2015-10-291-2/+3
|\ \ \ \ | | | | | | | | | | Fix a faulty form_for test
| * | | | Fix a faulty form_for testGenadi Samokovarov2015-10-291-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stumbled upon this one while trying to deprecate the String/Symbol passing to `form_for`. This test passed on an accident, because the signature of `form_for` currently accepts 2 positional arguments and a block. Calling it with the wrong number of arguments caused: ```ruby (byebug) form_for(:post, @post, html: { id: 'create-post' }) *** ArgumentError Exception: wrong number of arguments (3 for 1..2) ``` This made the test pass, because it was still an `ArgumentError`. :-)
* | | | | Ignore scope in missing translation input.Kasper Timm Hansen2015-10-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's already represented in the key name. Demonstrate with a test. Also test that the default isn't output.
* | | | | Tweaked wording used in some tests.Sebastian McKenzie2015-10-251-1/+1
| |_|/ / |/| | |
* | | | Collection check boxes propagates input's id to the label's for attribute.Vasiliy Ermolovich2015-10-201-0/+11
| | | |
* | | | Delete needless `require 'active_support/deprecation'`yui-knk2015-10-201-1/+0
| | | | | | | | | | | | | | | | | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* | | | Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-062-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* | | | render should return a stringAaron Patterson2015-10-051-1/+1
| | | |
* | | | Add test cases for checkbox_tagPrakash Laxkar2015-10-011-0/+12
| | | |