| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Related with cbb917455f306cf5818644b162f22be09f77d4b2
|
|\
| |
| |
| |
| |
| |
| | |
Remove wrapping div with inline styles for hidden form fields.
Conflicts:
actionview/CHANGELOG.md
|
| |
| |
| |
| |
| |
| | |
We are dropping HTML 4.01 and XHTML strict compliance since input
tags directly inside a form are valid HTML5, and the absense of
inline styles help in validating for Content Security Policy.
|
| | |
|
|/
|
|
| |
closes #14147
|
| |
|
| |
|
|
|
|
|
| |
with_css_classes: true option overwrites other html classes.
Concatenate day month and year classes rather than overwriting.
|
|
|
|
| |
variant -- trying to pass it back in makes a mess of things (oh, and doesnt work)
|
|
|
|
|
|
|
| |
Closes #14405.
This is a follow-up to 9e997e9039435617b6a844158f5437e97f6bc107 to restore
the documented behavior.
|
|\
| |
| |
| |
| |
| |
| |
| | |
add include_hidden option to collection_check_boxes helper
Conflicts:
actionview/CHANGELOG.md
actionview/test/template/form_collections_helper_test.rb
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Before we had a bug in the resolver cache so the disable_cache were not
working when passing options to find
|
| |
| |
| |
| | |
finder object
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Related to: #14242 #14243 14293
Variants passed to LookupContext#find() seem to be ignored, so
I've used the setter instead: `finder.variants = [ variant ]`.
I've also added some more test cases for variants. Hopefully this
time passing tests will mean it actually works.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Take variants into account when calculating template digests in
ActionView::Digest.
Digestor#digest now takes a hash as an argument to support variants and
allow more flexibility in the future. Old-style arguments have been
deprecated.
Fixes #14242
|
| | |
|
| |
| |
| |
| |
| | |
This is a follow up to #14170. While backporting I recognized
that this call is not needed at all.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionview/CHANGELOG.md
activerecord/CHANGELOG.md
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| | |
| | |
| | |
| | |
| | |
| | | |
This test were assuming that the list of render options will always be
the same. Fixing that so this doesn't break when we add/remove render
option in the future.
|
| | |
| | |
| | |
| | | |
#13618]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
automatically call @foo.to_partial_path
Calling `render @foo` allows local variables but not options to be
passed to the partial renderer. The correct way to render an object AND
pass options to the partial renderer is to pass the object in the
`:partial` parameter. However, there were previously no tests for this
behaviour (in `render_helper_test.rb` at least).
|
| | |
| | |
| | | |
I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
|
| | |
| | |
| | |
| | |
| | | |
Add a config to setup whether raise exception for missing translation or
not.
|
|\ \ \
| | | |
| | | | |
Improve ERB dependency detection
|
| | | |
| | | |
| | | |
| | | | |
Each chunk of text coming after `render` is now handled individually as a possible list of arguments.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current implementation can't handle some special cases of oddly-formatted Ruby. Now we are able to detect them:
* Multi-line arguments on the `render` call
* Strings containing quotes, e.g. `"something's wrong"`
* Multiple kinds of identifiers - instance variables, class variables and globals
* Method chains as arguments for the `render` call
Also, this fix reduces the rate of "false positives" which showed up when we had calls/access to identifiers containing `render`, like `surrender` and `rendering`.
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
This Adds helpers(jruby_skip & rbx_skip). In Future, Plan is to use
these helpers instead of calls directly to
RUBY_ENGINE/RbConfig/JRUBY_VERSION
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The use of `display:inline` with the content_tag call in the
extra_tags_for_form method potentially causes display issues with some
browsers, namely Internet Explorer. IE's behaviour of not collapsing
the line height on divs with ostensibly no content means that the
automatically added div containing the hidden authenticity_token, utf8
and _method form input tags may interfere with other visible form
elements in certain circumstances. The use of `display:none` rather
than `display:inline` fixes this problem.
Fixes #6403
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Change most tests to make use of assert_raise returning the raised
exception rather than relying on a combination of flunk + rescue to
check for exception types/messages.
|
|\ \ \
| |/ /
|/| | |
allow video_tag to accept `size` as `Number` for square shaped videos
|
| | | |
|
|/ / |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Cycle object should accept an array
Conflicts:
actionview/CHANGELOG.md
|
| | |
| | |
| | |
| | | |
with a set of comma-separated objects.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Retain ActionPack dependency on ActionView. Fixes #12979.
|