| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
```
% git grep -n permited
actionview/test/template/url_helper_test.rb:238: def test_button_to_with_permited_strong_params
actionview/test/template/url_helper_test.rb:245: def test_button_to_with_unpermited_strong_params
activerecord/test/cases/relations_test.rb:1620: def test_update_on_relation_passing_active_record_object_is_not_permited
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you ask to generate multiple nested inputs using:
field_for('comments[]', Comment.new) do |c|
c.text_field :body
Rails should generated the names like `post[comments][][body]`.
To make sure we don't have regression the fake models now use the same
implementation of `#to_param` as `ActiveRecord::Base`
Fixes #26942
|
|
|
|
|
|
| |
When using the hash form of the data option, prevent duplicate
data-disable-with attributes from appearing in the submit tag due to
both string and symbol forms of the hash key being present.
|
|\
| |
| | |
do not mutate `object_name` of class in `fields_for`
|
| |
| |
| |
| |
| |
| | |
Since it affects the entire form, should not mutate `object_name` of class.
Fixes #26931
|
|/
|
|
|
|
| |
Some methods were added to public API in
5b14129d8d4ad302b4e11df6bd5c7891b75f393c and they should be not part of
the public API.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Ensure the support works like form_with.
|
|
|
|
|
|
|
|
| |
Has the handy effect of making the initial examples in the form_with
docs work too.
Had to do some finagling such that form_with's without a scope didn't
wrap their names in braces ala `[title]`.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes that the following ERB template would result in invalid HTML
output:
<%= form_with model: Post.new, local: true do |form| %>
<% end %>
Specifically, the resulting form tag would have a spurious `remote`
attribute:
<form remote="false" ...>
|
|
|
|
|
|
|
|
|
|
|
| |
Continuing 67f81cc where we decided not to output ids
by default in the new form helpers.
Went with @dhh's suggestion of just requiring ids on
fields being labelled:
https://github.com/rails/rails/issues/25197#issuecomment-231797117
Seems okay enough.
|
| |
|
|
|
|
| |
Remove `block` keyword from reserved method names
|
|\
| |
| | |
stop using removed `render :text`
|
| |
| |
| |
| | |
Follow up to 79a5ea9eadb4d43b62afacedc0706cbe88c54496
|
|/
|
|
| |
Now Text class is only used to render text mime type pages
|
|
|
|
|
| |
`Gem.win_platform?` check if it is Windows more accurately.
Ref: https://github.com/ruby/ruby/blob/ruby_2_2/lib/rubygems.rb#L945..L952
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`depend_on` message format is `"No such file to load -- %s.rb"`.
But `require_dependency` message is missing `.rb` suffix.
```
% git grep -n 'No such file to load'
actionview/test/actionpack/abstract/helper_test.rb:112: assert_equal "No such file to load -- very_invalid_file_name.rb", e.message
activesupport/lib/active_support/dependencies.rb:245: def require_dependency(file_name, message = "No such file to load -- %s.rb")
activesupport/lib/active_support/dependencies.rb:333: def depend_on(file_name, message = "No such file to load -- %s.rb")
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add form_with to unify form_tag/form_for.
`form_tag` and `form_for` serve very similar use cases. This
PR unifies that usage such that `form_with` can output just
the opening form tag akin to `form_tag` and can just work with
a url, for instance.
`form_with` by default doesn't attach class or id to the form —
removing them on fields is moved out to a default revisiting PR later.
Ported over old tests where applicable to ensure maximum coverage,
but left some commented out because they don't yet apply (e.g.
`fields_for` later being replaced by `fields`).
[ Kasper Timm Hansen & Marek Kirejczyk ]
* Add fields DSL method.
Strips `_for` and requires models passed as a keyword argument.
* Document form_with.
Graft the `form_for` docs: rewrite, revise and expand where
needed.
Also test that a `format` isn't used when an explicit URL
is passed.
* Enable remote by default.
Brand new world! Forms submit via XHRs by default, woah.
* Invert `include_id` to `skip_id`.
`skip_id: true` reads better than `include_id: false` (since the
`include_id` default is true).
* Invert `remote` to `local`.
Since forms are remote by default, the option name makes more sense
as `local: true`.
* Invert `enforce_utf8` to `skip_enforcing_utf8`.
* Refer to the brand spanking new rails-ujs.
Soon to be bundled in Rails proper, so jquery-ujs is out.
* Make `form_with` a bit more composed.
The flow is still not quite what it should be because the legacy
methods and these new ones pull at opposite ends.
Lots of options have been renamed, so now the new pieces don't fit
in so well.
I'll try to work on this in later commits after this PR (it's likely
there's a much better way to structure this whole part of Action View).
|
| |
|
|
|
|
|
|
| |
Regexp#match? should be considered to be part of the Ruby core library. We are
emulating it for < 2.4, but not having to require the extension is part of the
illusion of the emulation.
|
|\
| |
| |
| | |
Convert ActionController::Parameters to a hash in button_to
|
|/
|
|
|
|
|
|
|
|
|
| |
Before, an error would be raised saying that the method `to_param` was
undefined on the instance of `ActionController::Parameters`. Now, we are
checking to see if the `params` object being passed to `button_to`
responds to the `permitted?` method, and if so, we will call `to_h` on it. If it
does not respond to `permitted?`, then the `params` will remain
unchanged.
[Jon Moss, Rafael Mendonça França]
|
|\
| |
| | |
Undeprecate plural positional argument
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```ruby
pluralize people.count, 'person', 'people'
```
reads more naturally than
```ruby
pluralize people.count, 'person', plural: 'people'
```
so let's not deprecate it.
We could label both, but that's a mouthful:
```ruby
pluralize people.count, singular: 'person', plural: 'people'
```
(The `plural:` kwarg shipped in 5.0.0, so we're keeping it.)
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this lets you pass ruby keywords to templates:
<%= render 'example', class: "cool" %>
<%= render 'example', "spaces are" => "a-ok" %>
<%= render 'example', Foo: "bar" %>
Previously you'd see confusing syntax errors like this:
SyntaxError (.../_example.html.erb:1: syntax error, unexpected '='
Now you can reference invalid identifiers through local_assigns.
If you try to use an invalid keyword (e.g. class) in your template, you
get a syntax error on the line where you use it.
|
|\
| |
| | |
improve error message when include assertions fail
|
| |
| |
| |
| |
| |
| | |
assert [1, 3].includes?(2) fails with unhelpful "Asserting failed" message
assert_includes [1, 3], 2 fails with "Expected [1, 3] to include 2" which makes it easier to debug and more obvious what went wrong
|
|/
|
|
|
|
|
|
|
|
|
| |
Commit d270da569 changed the `form_for` API from `:object_name` to `:as`.
It also change the related test body, but not its title, which is changed here.
See https://github.com/rails/rails/commit/d270da569efeabd7cd563028816452236713aa9f#diff-52455f1e82acf12551bc5e7e26b82008
I realize this is a small commit but I was having trouble understanding what
the test was about since there is no "object_name" in the code.
I imagine the same may happen to other developers, therefore this commit.
|
|
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But comments was still kept absolute position. This commit aligns
comments with method definitions for consistency.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|
|
|
|
| |
Caused by #26092.
|
|
|
|
| |
Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
|
|
|
|
|
|
|
|
|
| |
A few have been left for aesthetic reasons, but have made a pass
and removed most of them.
Note that if the method `foo` returns an array, `foo << 1`
is a regular push, nothing to do with assignments, so
no self required.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement naive partial caching mechanism.
Add test for LogSubscriber
Use ActionView::Base#log_payload to store log_subscriber's payload, so we can pass cache result into it.
Fixed tests
Remove useless settings
Check if #log_payload exists before calling it. Because other classes also includes CacheHelper but don't have is attribute
Use @log_payload_for_partial_reder instead of #log_payload to carry ActionView's payload.
Update test's hash syntax
Add configuration to enable/disable fragment caching logging
Remove unless test and add new test to ensure cache info won't effect next rendering's log
Move :enable_fragment_cache_logging config from ActionView to ActionPack
Apply new config to tests
Update actionview's changelog
Update configuration guide
Improve actionview's changelog
Refactor PartialRenderer#render and log tests
Mute subscriber's log instead of disabling instrumentation.
Fix typo, remove useless comment and use new hash syntax
Improve actionpack's log_subscriber test
Fix rebase mistake
Apply new config to all caching intstrument actions
|
| |
|
| |
|
| |
|
| |
|
| |
|