| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|
|
|
|
| |
Caused by #26092.
|
|
|
|
|
|
| |
Thinking .. relative to files is not natural, we are used
to think "parent of a directory", and we have __dir__
nowadays.
|
|
|
|
| |
Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
|
| |
|
|
|
|
|
|
|
|
|
| |
A few have been left for aesthetic reasons, but have made a pass
and removed most of them.
Note that if the method `foo` returns an array, `foo << 1`
is a regular push, nothing to do with assignments, so
no self required.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement naive partial caching mechanism.
Add test for LogSubscriber
Use ActionView::Base#log_payload to store log_subscriber's payload, so we can pass cache result into it.
Fixed tests
Remove useless settings
Check if #log_payload exists before calling it. Because other classes also includes CacheHelper but don't have is attribute
Use @log_payload_for_partial_reder instead of #log_payload to carry ActionView's payload.
Update test's hash syntax
Add configuration to enable/disable fragment caching logging
Remove unless test and add new test to ensure cache info won't effect next rendering's log
Move :enable_fragment_cache_logging config from ActionView to ActionPack
Apply new config to tests
Update actionview's changelog
Update configuration guide
Improve actionview's changelog
Refactor PartialRenderer#render and log tests
Mute subscriber's log instead of disabling instrumentation.
Fix typo, remove useless comment and use new hash syntax
Improve actionpack's log_subscriber test
Fix rebase mistake
Apply new config to all caching intstrument actions
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
| |
We can safely assume we're not dealing with an infinite collection as
we're about to call `each` on it and collect the results until it
terminates on its own. Given that, `to_a` is implemented by the normal
Array-like objects, and less Array-like objects like `Enumerator` and
`Enumerator::Lazy`.
|
|
|
|
|
|
|
| |
This will ensure we attempt to render an empty collection, meaning we
don't actually render anything at all. Allowing `nil` or a falsey value
through results in calling `render_partial` rather than
`render_collection`, which isn't what we want.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An optimization was introduced in
https://github.com/rails/rails/commit/27f4ffd11a91b534fde9b484cb7c4e515ec0fe77
which tried to `#to_ary` the collection to prevent unnecessary queries
for ActiveRecord scopes/relations. If the given collection did not
respond to `#to_ary`, and empty collection was returned. That meant you
couldn't use collections built from `Enumerator` nor `Enumerable`.
With this change, `#collection_from_options` will attempt the
optimization, but fall back to passing along the given collection,
as-is.
|
|
|
|
|
| |
Where appropriate, prefer the more concise Regexp#match?,
String#include?, String#start_with?, or String#end_with?
|
|
|
|
|
|
| |
Code like `render(topics) => render("topics/topic")` adds confusion
for the readers. On first impression, that code feels like hash kind
of data, but it's not. So make it more clear and meaningful.
|
| |
|
|\
| |
| | |
Fix ActionView::Helpers#current_page? with trailing space issue.
|
| |
| |
| |
| | |
https://github.com/rails/rails/issues/19472
|
| |
| |
| |
| | |
[ci skip] Just some english and `<tt>` tags.
|
| |
| |
| |
| |
| |
| | |
setup in ActiveSupport::LogSubscriber::TestHelper call set_logger that
will change ActionController::Base.logger to the MockLogger so that
logger will be always MockLogger
|
|\ \
| | |
| | |
| | | |
Mention that layout can call a Proc [ci skip]
|
|/ /
| |
| |
| | |
Also document return values for Proc/Symbol arguments
|
| | |
|
| |
| |
| |
| |
| |
| | |
Fix a link to use RDoc syntax and make sure that the titles' level
match the section we are in since we are both documenting the new
and the legacy syntax.
|
| |
| |
| |
| | |
- `partial` option is not used anymore, this was removed in https://github.com/rails/rails/pull/23724
|
|\ \
| | |
| | | |
25543 docs cleanup
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Remove repetative docs
- Fix grammar on sentences
- Add escaping for literals
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | | |
- Renamed test to be more descriptive
|
| | | |
|
| | |
| | |
| | |
| | | |
Removes littering `freeze` calls with Ruby 2.3's magic comment.
|
|\ \ \
| | | |
| | | | |
Bring Boolean Attributes list for AV Tags helper upto speed with current spec
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is based on https://github.com/kangax/html-minifier/blob/6b2d4536d82819143b468b41a89c700b6c61631f/src/htmlminifier.js#L197 and
spec from https://www.w3.org/TR/html51/single-page.html.
Couple of other changes to tests due to support update:
- autobuffer has been dropped in favour of preload attribute, ref: https://msdn.microsoft.com/en-us/library/ff974743(v=vs.85).aspx
- pubdate attribute has been dropped from spec, ref: https://www.w3.org/html/wg/tracker/issues/185
|
|\ \ \
| | | |
| | | | |
Expand list of void elements to match spec
|
| |/ /
| | |
| | |
| | | |
https://html.spec.whatwg.org/multipage/syntax.html#void-elements
|
|/ /
| |
| |
| | |
create new content. This should also be inline with content being passed should not be mutable
|
| |
| |
| |
| |
| |
| |
| | |
`simple_format` handles `\r\n` and `\r` but previously did not document
this behavior. The handling is done with a `gsub` in `split_paragraphs`.
[ci skip]
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Make select_year work with include_position: true option, fix #25267
|
| | |
|