| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| |
| |
| | |
Cycle object should accept an array
Conflicts:
actionview/CHANGELOG.md
|
| |
| |
| |
| | |
with a set of comma-separated objects.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This will fix the regression added on
b068e20b35797aa6deaa377a48c990759734f515.
See tests added at ff08d31 to a better understanding about the problem
|
|\ \
| | |
| | | |
Retain ActionPack dependency on ActionView. Fixes #12979.
|
| | |
| | |
| | |
| | | |
No need to do this in railtie as AM depends on AV either way
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Before ec16ba75a5493b9da972eea08bae630eba35b62f,
ActionView::Helpers::TranslationHelper#translate has raised errors with
specifying options[:raise] to true.
This should work by this fix:
begin
t(:"translations.missing", raise: true)
rescue I18n::MissingTranslationData
p :hello!
end
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Expanded test coverage for html_escape and json_escape
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Now users have to explicit mark the unit as safe if they trust it.
Closes #13161
Conflicts:
actionpack/lib/action_view/helpers/number_helper.rb
actionpack/test/template/number_helper_i18n_test.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
|
| | |
|
| |
| |
| |
| |
| | |
We are generating safe strings in the paragraph, so we can escape the
tags
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
|
| |
| |
| |
| |
| |
| | |
Previously the unit values were trusted leading to potential XSS vulnerabilities.
Fixes: CVE-2013-6415
|
| |
| |
| |
| | |
CVE-2013-6414
|
|\ \
| | |
| | | |
Remove deprecated cattr_* requires
|
| | | |
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Typo and grammatical fixes [ci skip]
|
| | | |
|
|/ /
| |
| |
| |
| |
| | |
Missing partial folder/_partial instead of folder/partial.
Closes #13002.
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f4a5a9ea4d183f4102796215d4502c46dbe3e52b, reversing
changes made to 7ccb482181ee6c47c765406009018a15172812de.
Reason:
The logic is different, the first call to #option_value_selected? is for
the :selected option (the argument is the "selected" variable), the second
call is for the :disabled option (the argument is the "disabled" variable).
|
| |
|
| |
|
| |
|
|
|
|
| |
Closes #12831
|
| |
|
| |
|
|\
| |
| | |
Allocate one less object using html_safe during content_tag construction
|
| | |
|
|/ |
|
|
|
|
|
|
| |
atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep".
This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
|
|\
| |
| | |
Used Yield instead of block.call
|
| | |
|
|/
|
|
| |
Builder's #tag! takes either String or Symbol as the first parameter
|
|
|
|
|
| |
This is the only argument that changes over the method calls so it is
better to it be the first one
|
| |
|
| |
|
|\
| |
| | |
fix simple_format escapes own output when sanitize is set to true
|