aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Ensure simple_format escapes its html attributesMichael Koziarski2013-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
* | | | | Escape the unit value provided to number_to_currencyMichael Koziarski2013-12-022-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415
* | | | | Only use valid mime type symbols as cache keysAaron Patterson2013-12-021-0/+7
| | | | | | | | | | | | | | | | | | | | CVE-2013-6414
* | | | | Merge pull request #13138 from gsamokovarov/remove-cattr-requiresGuillermo Iguaran2013-12-026-6/+6
|\ \ \ \ \ | | | | | | | | | | | | Remove deprecated cattr_* requires
| * | | | | Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-036-6/+6
| | | | | |
* | | | | | Make ActionView::Tags loading tread safeRafael Mendonça França2013-12-024-32/+40
|/ / / / /
* | | | | activemodel isn't a runtime dependency for actionviewGuillermo Iguaran2013-12-021-2/+2
| | | | |
* | | | | Merge pull request #13117 from akshay-vishnoi/typoXavier Noria2013-12-022-2/+2
|\ \ \ \ \ | | | | | | | | | | | | Typo and grammatical fixes [ci skip]
| * | | | | Typo and grammatical fixes [ci skip]Akshay Vishnoi2013-12-022-2/+2
| | | | | |
* | | | | | `ActionView::MissingTemplate` for partials includes underscore.Yves Senn2013-12-024-4/+13
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | Missing partial folder/_partial instead of folder/partial. Closes #13002.
* / / / / unnecessary checking of `size` with `second regex` if matched with first oneKuldeep Aggarwal2013-11-271-2/+5
|/ / / /
* | | | More typo fixesAkira Matsuda2013-11-272-2/+2
| | | |
* | | | Minor typo fixesAkira Matsuda2013-11-274-6/+6
| | | |
* | | | Revert "Merge pull request #13027 from akshay-vishnoi/f-refactor"Carlos Antonio da Silva2013-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f4a5a9ea4d183f4102796215d4502c46dbe3e52b, reversing changes made to 7ccb482181ee6c47c765406009018a15172812de. Reason: The logic is different, the first call to #option_value_selected? is for the :selected option (the argument is the "selected" variable), the second call is for the :disabled option (the argument is the "disabled" variable).
* | | | avoiding calling of #option_value_selected? two timesAkshay Vishnoi2013-11-251-1/+1
|/ / /
* | | _implied_layout_name should be privateRafael Mendonça França2013-11-191-9/+11
| | |
* | | Use the right indentationRafael Mendonça França2013-11-191-1/+1
| | |
* | | Renderer#_render_template should be privateRafael Mendonça França2013-11-191-7/+7
| | | | | | | | | | | | Closes #12831
* | | Improve readability of sentence in partial-renderer docs [ci skip]Mac Martine2013-11-191-1/+1
| | |
* | | Use `set_backtrace` instead of `@backtrace` in ActionView errorShimpei Makimoto2013-11-163-2/+13
| | |
* | | Merge pull request #12853 from joshjordan/masterRafael Mendonça França2013-11-151-1/+1
|\ \ \ | | | | | | | | Allocate one less object using html_safe during content_tag construction
| * | | Allocate one less object using html_safe during content_tag constructionJosh Jordan2013-11-141-1/+1
| | | |
* | | | Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+2
|/ / /
* | | Revert "Used Yield instead of block.call" -- this causes all of ↵David Heinemeier Hansson2013-11-141-2/+2
| | | | | | | | | | | | | | | | | | atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep". This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
* | | Merge pull request #12889 from kuldeepaggarwal/speed_upsRafael Mendonça França2013-11-141-2/+2
|\ \ \ | | | | | | | | Used Yield instead of block.call
| * | | Used Yield instead of block.callKuldeep Aggarwal2013-11-151-2/+2
| | | |
* | | | Fix syntax error in atom_feed example [ci skip]Saulius Grigaliunas2013-11-131-1/+1
|/ / / | | | | | | | | | Builder's #tag! takes either String or Symbol as the first parameter
* | | Make the method name the first argumentRafael Mendonça França2013-11-091-7/+7
| | | | | | | | | | | | | | | This is the only argument that changes over the method calls so it is better to it be the first one
* | | Drop one more string allocationRafael Mendonça França2013-11-091-1/+3
| | |
* | | Improve changelogs formatting [ci skip]Carlos Antonio da Silva2013-11-091-6/+6
| | |
* | | Merge pull request #12760 from pseidemann/masterYves Senn2013-11-093-2/+11
|\ \ \ | | | | | | | | fix simple_format escapes own output when sanitize is set to true
| * | | fix simple_format escapes own output when sanitize is set to truepseidemann2013-11-083-2/+11
| | | |
* | | | Extract common code from number helpers to new delegator method.Vipul A M2013-11-091-30/+13
| | | |
* | | | sub! can return nilArun Agrawal2013-11-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Revert "drop one more string allocation" This reverts commit 4d15661d6c46c86a62ee1fc358f4b3ef9dd9f2ea.
* | | | drop one more string allocationAaron Patterson2013-11-061-1/+1
| | | |
* | | | drop string allocations in the log subscriberAaron Patterson2013-11-061-2/+12
| | | |
* | | | Merge pull request #12788 from kylefritz/patch-1Rafael Mendonça França2013-11-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | rdoc: favicon source shouldn't begin with a slash to reference asset pipeline resource [ci skip] Conflicts: actionview/lib/action_view/helpers/asset_tag_helper.rb
* | | | Refactor File.expand_path usage to remove additional File.joinAlex Johnson2013-11-051-1/+1
|/ / /
* | | Line up the comments for aestheticsDavid Heinemeier Hansson2013-11-031-5/+5
| | |
* | | Warnings removed for ruby trunkArun Agrawal2013-11-011-1/+1
| | | | | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
* | | Fix typo in the CHANGELOGJérémy Lecour2013-10-311-1/+1
| | |
* | | Convert CDATA input to string before gsub'ingCarsten Zimmermann2013-10-292-1/+5
| | | | | | | | | | | | | | | Rails 3.2 API allowed arbitrary input for cdata_section; this change re-introduces the old behaviour.
* | | Remove warning of shadowing outer local variableRafael Mendonça França2013-10-271-2/+2
| |/ |/|
* | Merge pull request #12636 from kongregate/dont_rescue_ExceptionsRafael Mendonça França2013-10-241-2/+2
|\ \ | | | | | | Avoid unnecessary catching of Exception instead of StandardError (conver...
| * | Avoid unnecessary catching of Exception instead of StandardError (converting ↵stopdropandrew2013-10-241-2/+2
| | | | | | | | | | | | Exceptions into StandardErrors)
* | | Merge pull request #10471 from andyw8/button_to_paramsRafael Mendonça França2013-10-242-0/+14
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Add params option for button_to Conflicts: actionpack/CHANGELOG.md
| * | Add params option for button_toAndy Waite2013-09-182-0/+14
| | | | | | | | | | | | | | | | | | The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes.
* | | Ensure the state is clean after one failureRafael Mendonça França2013-10-161-5/+4
| | |
* | | Merge pull request #12540 from wyaeld/bug/fix-recursive-digestRafael Mendonça França2013-10-163-6/+37
|\ \ \ | | | | | | | | | | | | Ensure ActionView::Digestor.cache is correctly cleaned up
| * | | add a new local variable to track if digests are being stored, to ensure the ↵Brad Murray2013-10-171-2/+2
| | | | | | | | | | | | | | | | cleanup works correctly