| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove unused argument `formats`
|
| | | | | | |
|
| | | | | | |
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | | |
CVE-2015-7579 says rails-html-sanitizer 1.0.2 has XSS vulnerability.
|
| |_|_|/
|/| | |
| | | |
| | | | |
[ci skip]
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Keep the value of `$,` and restore it
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
As unit tests, we do not know the value of `$,` when this
test case started. It' better to keep the value when the
test case fnished.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Erubi offers the following advantages for Rails:
* Works with ruby's --enable-frozen-string-literal option
* Has 88% smaller memory footprint
* Does no freedom patching (Erubis adds a method to Kernel)
* Has simpler internals (1 file, <150 lines of code)
* Has an open development model (Erubis doesn't have a
public source control repository or bug tracker)
* Is not dead (Erubis hasn't been updated since 2011)
Erubi is a simplified fork of Erubis that contains just the
parts that are generally needed (which includes the parts
that Rails uses). The only intentional difference in
behavior is that it does not include support for <%=== tags
for debug output. That could be added to the ActionView ERB
handler if it is desired.
The Erubis template handler remains in a deprecated state
so that code that accesses it directly does not break. It
can be removed after Rails 5.1.
|
| |/
|/| |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
These are followups for 307065f959f2b34bdad16487bae906eb3bfeaf28,
but TBH I'm personally not very much confortable with this style.
Maybe we could override assert_equal in our test_helper not to warn?
|
|\
| |
| | |
compute_asset_extname should explicitly return nil in else clause
|
| | |
|
|\ \
| | |
| | | |
Fix unexpected behavior of `to_sentence` with $,
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add test for `safe_join`
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
we call them only in the tests
|
|\ \ \ \
| | | | |
| | | | | |
make `render` work with AC::Params
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In 4.2, since AC::Params inherited `Hash`, processing in the case of
`Hash` was done. But in 5.x, since AC::Params does not inherit `Hash`,
need to add care for AC::Params.
Related to 00285e7cf75c96553719072a27c27e4ab7d25b40
|
| | | | |
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In #26672 we blocked use of Ruby keywords as identifiers for view
locals but inadvertently broke the use of instance variable names
as identifiers. Whilst not explicitly documented this behavior has
been around for a long time and there's no need to break it now.
Fixes #27480.
|
|/ / |
|
| | |
|
| |
| |
| |
| | |
because Struct.new returns a Class, we just can give it a name and use it directly without inheriting from it
|
|/ |
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
| |
|
| |
|
|
|
|
| |
Actually, private methods cannot be called with `self.`, so it's not just redundant, it's a bad habit in Ruby
|
|\
| |
| | |
Add "check_parameters" option to "current_page?"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Example:
For "http://www.example.com/shop/checkout?order=desc&page=1"
current_page?('http://www.example.com/shop/checkout')
=> true
current_page?(
'http://www.example.com/shop/checkout',
check_parameters: true
)
=> false
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
% git grep -n permited
actionview/test/template/url_helper_test.rb:238: def test_button_to_with_permited_strong_params
actionview/test/template/url_helper_test.rb:245: def test_button_to_with_unpermited_strong_params
activerecord/test/cases/relations_test.rb:1620: def test_update_on_relation_passing_active_record_object_is_not_permited
```
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you ask to generate multiple nested inputs using:
field_for('comments[]', Comment.new) do |c|
c.text_field :body
Rails should generated the names like `post[comments][][body]`.
To make sure we don't have regression the fake models now use the same
implementation of `#to_param` as `ActiveRecord::Base`
Fixes #26942
|
|/
|
|
|
|
| |
When using the hash form of the data option, prevent duplicate
data-disable-with attributes from appearing in the submit tag due to
both string and symbol forms of the hash key being present.
|
|
|
|
|
|
|
|
| |
Per https://www.timeanddate.com/counters/firstnewyear.html, it's already
2017 in a lot of places, so we should bump the Rails license years to
2017.
[ci skip]
|
|\
| |
| | |
do not mutate `object_name` of class in `fields_for`
|
| |
| |
| |
| |
| |
| | |
Since it affects the entire form, should not mutate `object_name` of class.
Fixes #26931
|
| |
| |
| |
| |
| |
| | |
Some methods were added to public API in
5b14129d8d4ad302b4e11df6bd5c7891b75f393c and they should be not part of
the public API.
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|