Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | | | | Ensure simple_format escapes its html attributes | Michael Koziarski | 2013-12-02 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb | |||||
* | | | | | Escape the unit value provided to number_to_currency | Michael Koziarski | 2013-12-02 | 2 | -1/+3 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415 | |||||
* | | | | | Only use valid mime type symbols as cache keys | Aaron Patterson | 2013-12-02 | 1 | -0/+7 | |
| | | | | | | | | | | | | | | | | | | | | CVE-2013-6414 | |||||
* | | | | | Merge pull request #13138 from gsamokovarov/remove-cattr-requires | Guillermo Iguaran | 2013-12-02 | 6 | -6/+6 | |
|\ \ \ \ \ | | | | | | | | | | | | | Remove deprecated cattr_* requires | |||||
| * | | | | | Remove deprecated cattr_* requires | Genadi Samokovarov | 2013-12-03 | 6 | -6/+6 | |
| | | | | | | ||||||
* | | | | | | Make ActionView::Tags loading tread safe | Rafael Mendonça França | 2013-12-02 | 4 | -32/+40 | |
|/ / / / / | ||||||
* | | | | | activemodel isn't a runtime dependency for actionview | Guillermo Iguaran | 2013-12-02 | 1 | -2/+2 | |
| | | | | | ||||||
* | | | | | Merge pull request #13117 from akshay-vishnoi/typo | Xavier Noria | 2013-12-02 | 2 | -2/+2 | |
|\ \ \ \ \ | | | | | | | | | | | | | Typo and grammatical fixes [ci skip] | |||||
| * | | | | | Typo and grammatical fixes [ci skip] | Akshay Vishnoi | 2013-12-02 | 2 | -2/+2 | |
| | | | | | | ||||||
* | | | | | | `ActionView::MissingTemplate` for partials includes underscore. | Yves Senn | 2013-12-02 | 4 | -4/+13 | |
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | Missing partial folder/_partial instead of folder/partial. Closes #13002. | |||||
* / / / / | unnecessary checking of `size` with `second regex` if matched with first one | Kuldeep Aggarwal | 2013-11-27 | 1 | -2/+5 | |
|/ / / / | ||||||
* | | | | More typo fixes | Akira Matsuda | 2013-11-27 | 2 | -2/+2 | |
| | | | | ||||||
* | | | | Minor typo fixes | Akira Matsuda | 2013-11-27 | 4 | -6/+6 | |
| | | | | ||||||
* | | | | Revert "Merge pull request #13027 from akshay-vishnoi/f-refactor" | Carlos Antonio da Silva | 2013-11-25 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f4a5a9ea4d183f4102796215d4502c46dbe3e52b, reversing changes made to 7ccb482181ee6c47c765406009018a15172812de. Reason: The logic is different, the first call to #option_value_selected? is for the :selected option (the argument is the "selected" variable), the second call is for the :disabled option (the argument is the "disabled" variable). | |||||
* | | | | avoiding calling of #option_value_selected? two times | Akshay Vishnoi | 2013-11-25 | 1 | -1/+1 | |
|/ / / | ||||||
* | | | _implied_layout_name should be private | Rafael Mendonça França | 2013-11-19 | 1 | -9/+11 | |
| | | | ||||||
* | | | Use the right indentation | Rafael Mendonça França | 2013-11-19 | 1 | -1/+1 | |
| | | | ||||||
* | | | Renderer#_render_template should be private | Rafael Mendonça França | 2013-11-19 | 1 | -7/+7 | |
| | | | | | | | | | | | | Closes #12831 | |||||
* | | | Improve readability of sentence in partial-renderer docs [ci skip] | Mac Martine | 2013-11-19 | 1 | -1/+1 | |
| | | | ||||||
* | | | Use `set_backtrace` instead of `@backtrace` in ActionView error | Shimpei Makimoto | 2013-11-16 | 3 | -2/+13 | |
| | | | ||||||
* | | | Merge pull request #12853 from joshjordan/master | Rafael Mendonça França | 2013-11-15 | 1 | -1/+1 | |
|\ \ \ | | | | | | | | | Allocate one less object using html_safe during content_tag construction | |||||
| * | | | Allocate one less object using html_safe during content_tag construction | Josh Jordan | 2013-11-14 | 1 | -1/+1 | |
| | | | | ||||||
* | | | | Take Hash with options inside Array in #url_for | Andrey Ognevsky | 2013-11-15 | 1 | -0/+2 | |
|/ / / | ||||||
* | | | Revert "Used Yield instead of block.call" -- this causes all of ↵ | David Heinemeier Hansson | 2013-11-14 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep". This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd. | |||||
* | | | Merge pull request #12889 from kuldeepaggarwal/speed_ups | Rafael Mendonça França | 2013-11-14 | 1 | -2/+2 | |
|\ \ \ | | | | | | | | | Used Yield instead of block.call | |||||
| * | | | Used Yield instead of block.call | Kuldeep Aggarwal | 2013-11-15 | 1 | -2/+2 | |
| | | | | ||||||
* | | | | Fix syntax error in atom_feed example [ci skip] | Saulius Grigaliunas | 2013-11-13 | 1 | -1/+1 | |
|/ / / | | | | | | | | | | Builder's #tag! takes either String or Symbol as the first parameter | |||||
* | | | Make the method name the first argument | Rafael Mendonça França | 2013-11-09 | 1 | -7/+7 | |
| | | | | | | | | | | | | | | | This is the only argument that changes over the method calls so it is better to it be the first one | |||||
* | | | Drop one more string allocation | Rafael Mendonça França | 2013-11-09 | 1 | -1/+3 | |
| | | | ||||||
* | | | Improve changelogs formatting [ci skip] | Carlos Antonio da Silva | 2013-11-09 | 1 | -6/+6 | |
| | | | ||||||
* | | | Merge pull request #12760 from pseidemann/master | Yves Senn | 2013-11-09 | 3 | -2/+11 | |
|\ \ \ | | | | | | | | | fix simple_format escapes own output when sanitize is set to true | |||||
| * | | | fix simple_format escapes own output when sanitize is set to true | pseidemann | 2013-11-08 | 3 | -2/+11 | |
| | | | | ||||||
* | | | | Extract common code from number helpers to new delegator method. | Vipul A M | 2013-11-09 | 1 | -30/+13 | |
| | | | | ||||||
* | | | | sub! can return nil | Arun Agrawal | 2013-11-07 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | | | Revert "drop one more string allocation" This reverts commit 4d15661d6c46c86a62ee1fc358f4b3ef9dd9f2ea. | |||||
* | | | | drop one more string allocation | Aaron Patterson | 2013-11-06 | 1 | -1/+1 | |
| | | | | ||||||
* | | | | drop string allocations in the log subscriber | Aaron Patterson | 2013-11-06 | 1 | -2/+12 | |
| | | | | ||||||
* | | | | Merge pull request #12788 from kylefritz/patch-1 | Rafael Mendonça França | 2013-11-06 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | rdoc: favicon source shouldn't begin with a slash to reference asset pipeline resource [ci skip] Conflicts: actionview/lib/action_view/helpers/asset_tag_helper.rb | |||||
* | | | | Refactor File.expand_path usage to remove additional File.join | Alex Johnson | 2013-11-05 | 1 | -1/+1 | |
|/ / / | ||||||
* | | | Line up the comments for aesthetics | David Heinemeier Hansson | 2013-11-03 | 1 | -5/+5 | |
| | | | ||||||
* | | | Warnings removed for ruby trunk | Arun Agrawal | 2013-11-01 | 1 | -1/+1 | |
| | | | | | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb | |||||
* | | | Fix typo in the CHANGELOG | Jérémy Lecour | 2013-10-31 | 1 | -1/+1 | |
| | | | ||||||
* | | | Convert CDATA input to string before gsub'ing | Carsten Zimmermann | 2013-10-29 | 2 | -1/+5 | |
| | | | | | | | | | | | | | | | Rails 3.2 API allowed arbitrary input for cdata_section; this change re-introduces the old behaviour. | |||||
* | | | Remove warning of shadowing outer local variable | Rafael Mendonça França | 2013-10-27 | 1 | -2/+2 | |
| |/ |/| | ||||||
* | | Merge pull request #12636 from kongregate/dont_rescue_Exceptions | Rafael Mendonça França | 2013-10-24 | 1 | -2/+2 | |
|\ \ | | | | | | | Avoid unnecessary catching of Exception instead of StandardError (conver... | |||||
| * | | Avoid unnecessary catching of Exception instead of StandardError (converting ↵ | stopdropandrew | 2013-10-24 | 1 | -2/+2 | |
| | | | | | | | | | | | | Exceptions into StandardErrors) | |||||
* | | | Merge pull request #10471 from andyw8/button_to_params | Rafael Mendonça França | 2013-10-24 | 2 | -0/+14 | |
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md | |||||
| * | | Add params option for button_to | Andy Waite | 2013-09-18 | 2 | -0/+14 | |
| | | | | | | | | | | | | | | | | | | The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes. | |||||
* | | | Ensure the state is clean after one failure | Rafael Mendonça França | 2013-10-16 | 1 | -5/+4 | |
| | | | ||||||
* | | | Merge pull request #12540 from wyaeld/bug/fix-recursive-digest | Rafael Mendonça França | 2013-10-16 | 3 | -6/+37 | |
|\ \ \ | | | | | | | | | | | | | Ensure ActionView::Digestor.cache is correctly cleaned up | |||||
| * | | | add a new local variable to track if digests are being stored, to ensure the ↵ | Brad Murray | 2013-10-17 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | cleanup works correctly |