Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Action Pack Variants | Łukasz Strzałkowski | 2013-12-04 | 6 | -12/+25 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types. | ||||
* | optimize string literals in erb templates | Aaron Patterson | 2013-12-03 | 1 | -2/+2 |
| | |||||
* | Remove the escaping skip | Rafael Mendonça França | 2013-12-03 | 1 | -1/+1 |
| | | | | | We are generating safe strings in the paragraph, so we can escape the tags | ||||
* | Stop using i18n's built in HTML error handling. | Michael Koziarski | 2013-12-02 | 2 | -14/+10 |
| | | | | | | | | | i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491 | ||||
* | Ensure simple_format escapes its html attributes | Michael Koziarski | 2013-12-02 | 1 | -1/+1 |
| | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb | ||||
* | Escape the unit value provided to number_to_currency | Michael Koziarski | 2013-12-02 | 2 | -1/+3 |
| | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415 | ||||
* | Only use valid mime type symbols as cache keys | Aaron Patterson | 2013-12-02 | 1 | -0/+7 |
| | | | | CVE-2013-6414 | ||||
* | Merge pull request #13138 from gsamokovarov/remove-cattr-requires | Guillermo Iguaran | 2013-12-02 | 6 | -6/+6 |
|\ | | | | | Remove deprecated cattr_* requires | ||||
| * | Remove deprecated cattr_* requires | Genadi Samokovarov | 2013-12-03 | 6 | -6/+6 |
| | | |||||
* | | Make ActionView::Tags loading tread safe | Rafael Mendonça França | 2013-12-02 | 4 | -32/+40 |
|/ | |||||
* | activemodel isn't a runtime dependency for actionview | Guillermo Iguaran | 2013-12-02 | 1 | -2/+2 |
| | |||||
* | Merge pull request #13117 from akshay-vishnoi/typo | Xavier Noria | 2013-12-02 | 2 | -2/+2 |
|\ | | | | | Typo and grammatical fixes [ci skip] | ||||
| * | Typo and grammatical fixes [ci skip] | Akshay Vishnoi | 2013-12-02 | 2 | -2/+2 |
| | | |||||
* | | `ActionView::MissingTemplate` for partials includes underscore. | Yves Senn | 2013-12-02 | 4 | -4/+13 |
|/ | | | | | | Missing partial folder/_partial instead of folder/partial. Closes #13002. | ||||
* | unnecessary checking of `size` with `second regex` if matched with first one | Kuldeep Aggarwal | 2013-11-27 | 1 | -2/+5 |
| | |||||
* | More typo fixes | Akira Matsuda | 2013-11-27 | 2 | -2/+2 |
| | |||||
* | Minor typo fixes | Akira Matsuda | 2013-11-27 | 4 | -6/+6 |
| | |||||
* | Revert "Merge pull request #13027 from akshay-vishnoi/f-refactor" | Carlos Antonio da Silva | 2013-11-25 | 1 | -1/+1 |
| | | | | | | | | | | | This reverts commit f4a5a9ea4d183f4102796215d4502c46dbe3e52b, reversing changes made to 7ccb482181ee6c47c765406009018a15172812de. Reason: The logic is different, the first call to #option_value_selected? is for the :selected option (the argument is the "selected" variable), the second call is for the :disabled option (the argument is the "disabled" variable). | ||||
* | avoiding calling of #option_value_selected? two times | Akshay Vishnoi | 2013-11-25 | 1 | -1/+1 |
| | |||||
* | _implied_layout_name should be private | Rafael Mendonça França | 2013-11-19 | 1 | -9/+11 |
| | |||||
* | Use the right indentation | Rafael Mendonça França | 2013-11-19 | 1 | -1/+1 |
| | |||||
* | Renderer#_render_template should be private | Rafael Mendonça França | 2013-11-19 | 1 | -7/+7 |
| | | | | Closes #12831 | ||||
* | Improve readability of sentence in partial-renderer docs [ci skip] | Mac Martine | 2013-11-19 | 1 | -1/+1 |
| | |||||
* | Use `set_backtrace` instead of `@backtrace` in ActionView error | Shimpei Makimoto | 2013-11-16 | 3 | -2/+13 |
| | |||||
* | Merge pull request #12853 from joshjordan/master | Rafael Mendonça França | 2013-11-15 | 1 | -1/+1 |
|\ | | | | | Allocate one less object using html_safe during content_tag construction | ||||
| * | Allocate one less object using html_safe during content_tag construction | Josh Jordan | 2013-11-14 | 1 | -1/+1 |
| | | |||||
* | | Take Hash with options inside Array in #url_for | Andrey Ognevsky | 2013-11-15 | 1 | -0/+2 |
|/ | |||||
* | Revert "Used Yield instead of block.call" -- this causes all of ↵ | David Heinemeier Hansson | 2013-11-14 | 1 | -2/+2 |
| | | | | | | atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep". This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd. | ||||
* | Merge pull request #12889 from kuldeepaggarwal/speed_ups | Rafael Mendonça França | 2013-11-14 | 1 | -2/+2 |
|\ | | | | | Used Yield instead of block.call | ||||
| * | Used Yield instead of block.call | Kuldeep Aggarwal | 2013-11-15 | 1 | -2/+2 |
| | | |||||
* | | Fix syntax error in atom_feed example [ci skip] | Saulius Grigaliunas | 2013-11-13 | 1 | -1/+1 |
|/ | | | | Builder's #tag! takes either String or Symbol as the first parameter | ||||
* | Make the method name the first argument | Rafael Mendonça França | 2013-11-09 | 1 | -7/+7 |
| | | | | | This is the only argument that changes over the method calls so it is better to it be the first one | ||||
* | Drop one more string allocation | Rafael Mendonça França | 2013-11-09 | 1 | -1/+3 |
| | |||||
* | Improve changelogs formatting [ci skip] | Carlos Antonio da Silva | 2013-11-09 | 1 | -6/+6 |
| | |||||
* | Merge pull request #12760 from pseidemann/master | Yves Senn | 2013-11-09 | 3 | -2/+11 |
|\ | | | | | fix simple_format escapes own output when sanitize is set to true | ||||
| * | fix simple_format escapes own output when sanitize is set to true | pseidemann | 2013-11-08 | 3 | -2/+11 |
| | | |||||
* | | Extract common code from number helpers to new delegator method. | Vipul A M | 2013-11-09 | 1 | -30/+13 |
| | | |||||
* | | sub! can return nil | Arun Agrawal | 2013-11-07 | 1 | -1/+1 |
| | | | | | | | | | | | | Revert "drop one more string allocation" This reverts commit 4d15661d6c46c86a62ee1fc358f4b3ef9dd9f2ea. | ||||
* | | drop one more string allocation | Aaron Patterson | 2013-11-06 | 1 | -1/+1 |
| | | |||||
* | | drop string allocations in the log subscriber | Aaron Patterson | 2013-11-06 | 1 | -2/+12 |
| | | |||||
* | | Merge pull request #12788 from kylefritz/patch-1 | Rafael Mendonça França | 2013-11-06 | 1 | -2/+2 |
| | | | | | | | | | | | | rdoc: favicon source shouldn't begin with a slash to reference asset pipeline resource [ci skip] Conflicts: actionview/lib/action_view/helpers/asset_tag_helper.rb | ||||
* | | Refactor File.expand_path usage to remove additional File.join | Alex Johnson | 2013-11-05 | 1 | -1/+1 |
|/ | |||||
* | Line up the comments for aesthetics | David Heinemeier Hansson | 2013-11-03 | 1 | -5/+5 |
| | |||||
* | Warnings removed for ruby trunk | Arun Agrawal | 2013-11-01 | 1 | -1/+1 |
| | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb | ||||
* | Fix typo in the CHANGELOG | Jérémy Lecour | 2013-10-31 | 1 | -1/+1 |
| | |||||
* | Convert CDATA input to string before gsub'ing | Carsten Zimmermann | 2013-10-29 | 2 | -1/+5 |
| | | | | | Rails 3.2 API allowed arbitrary input for cdata_section; this change re-introduces the old behaviour. | ||||
* | Remove warning of shadowing outer local variable | Rafael Mendonça França | 2013-10-27 | 1 | -2/+2 |
| | |||||
* | Merge pull request #12636 from kongregate/dont_rescue_Exceptions | Rafael Mendonça França | 2013-10-24 | 1 | -2/+2 |
|\ | | | | | Avoid unnecessary catching of Exception instead of StandardError (conver... | ||||
| * | Avoid unnecessary catching of Exception instead of StandardError (converting ↵ | stopdropandrew | 2013-10-24 | 1 | -2/+2 |
| | | | | | | | | Exceptions into StandardErrors) | ||||
* | | Merge pull request #10471 from andyw8/button_to_params | Rafael Mendonça França | 2013-10-24 | 2 | -0/+14 |
|\ \ | |/ |/| | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md |