aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-258-16/+56
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * bumping versionAaron Patterson2016-01-251-1/+1
| |
| * allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-227-15/+55
| | | | | | | | | | | | rails view directory CVE-2016-0752
* | html_safe is not supposed to be public API for AV. This change removes usage ↵Vipul A M2016-01-2012-43/+43
| | | | | | | | | | | | of html_safe in favour of raw() in AV helpers. Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
* | Remove ActionView dependence on ActionPack's Mime implementationJon Moss2016-01-174-4/+4
| |
* | Store the symbols as an array.Kasper Timm Hansen2016-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A Set can't be implicitly converted into an Array: ``` irb(main):012:0> formats = [ :rss ] => [:rss] irb(main):013:0> formats &= SET.symbols TypeError: no implicit conversion of Set into Array from (irb):13:in `&' from (irb):13 from /Users/kasperhansen/.rbenv/versions/2.2.3/bin/irb:11:in `<main>' ``` Besides `Mime::SET.symbols` returns an Array, so we're closer to that.
* | Enrich the SET constant to respond to symbols.Kasper Timm Hansen2016-01-171-1/+5
| | | | | | | | Match `Mime::SET.symbols`.
* | Don't bother looking up the types.Kasper Timm Hansen2016-01-171-3/+3
| | | | | | | | If they aren't symbols, then they aren't likely to be in the set anyway.
* | Replace class attribute with SET constant.Kasper Timm Hansen2016-01-171-3/+2
| | | | | | | | We'll be using this to map over to Action Dispatch's Mime::Set.
* | Remove register abstraction.Kasper Timm Hansen2016-01-171-7/+1
| | | | | | | | | | The template types is a private abstraction to fill in basic blanks from Action Dispatch's mime types. As such we can modify the data structure ourselves.
* | Replace delegate calls with standard method defs.Kasper Timm Hansen2016-01-171-1/+4
| | | | | | | | | | | | Spares a to_sym call by aliasing to_sym to ref. Then the delegate felt meager for one method; ditch and define method ourselves.
* | Spare to_sym call in `==`.Kasper Timm Hansen2016-01-171-2/+1
| | | | | | | | | | | | | | The @symbol has already been converted to a symbol in initialize, so no need to call to_sym when comparing it. Ditch early return for a simple unless statement.
* | Make ref return the internal symbol.Kasper Timm Hansen2016-01-171-1/+1
| | | | | | | | | | | | | | | | | | We delegate to_sym to the internal symbol, which we've already called to_sym on in initialize, so we don't need to do that. We also know to_sym will never return a falsy value, so we'll never hit to_s. Just return the symbolized symbol.
* | Merge pull request #20046 from yoongkang/ladidaRafael Mendonça França2016-01-163-1/+20
|\ \ | | | | | | | | | Use ActiveSupport::SafeBuffer when flushing content_for
| * | Use ActiveSupport::SafeBuffer when flushing content_forYoong Kang Lim2015-05-253-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when content_for is flushed, the content was replaced directly by a new value in ActionView::OutputFlow#set. The problem is this new value passed to the method may not be an instance of ActiveSupport::SafeBuffer. This change forces the value to be set to a new instance of ActiveSupport::SafeBuffer.
* | | docs, formatting pass over changelogs. [ci skip]Yves Senn2016-01-131-1/+1
| | |
* | | Merge pull request #20638 from jaimeiniesta/locale-aware-pluralize-helperKasper Timm Hansen2016-01-102-17/+36
|\ \ \ | | | | | | | | Pass the current locale to Inflector from the pluralize text helper.
| * | | Pass the current locale to Inflector from the pluralize text helper.Jaime Iniesta2016-01-102-17/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pluralize text helper uses the Inflector to determine the plural form. The inflector accepts an optional parameter for the locale, so we can pass it from the text helper to have locale-aware pluralizations on the text helpers level. The pluralize text helper now only accepts 2 positional arguments: `count` and `singular`. Passing `plural` as a positional argument is now deprecated.
* | | | [ci skip] fix typoAkshay Vishnoi2016-01-101-1/+1
| | | |
* | | | [doc] The capture method isn't always used inside views to create a variableAkira Matsuda & saya2016-01-081-2/+2
| | | | | | | | | | | | | | | | | | | | but rather very often used inside helpers to directly return a String value. [ci skip]
* | | | Suppress warning (instance variable @persisted not initialized)yui-knk2016-01-071-0/+1
| | | |
* | | | Merge pull request #22275 from mastahyeti/per-form-csrfRafael França2016-01-063-6/+16
|\ \ \ \ | | | | | | | | | | Per-form CSRF tokens
| * | | | add option for per-form CSRF tokensBen Toews2016-01-043-6/+16
| | | | |
* | | | | Prefer inspect over escaping and sorround by quote marksSantiago Pastorino2016-01-051-3/+1
| | | | |
* | | | | Add Html template handler that wraps Raw output in an OutputBufferSantiago Pastorino2016-01-055-2/+21
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This fixes the case when you try to render an html you know safe and the file is named something.html. With this commit the content of the html won't be escaped anymore because AV won't use Raw handler and choose Html handler instead.
* | | | Merge pull request #22764 from ↵Rafael França2016-01-043-3/+43
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | stevenspiel/titleize_model_name_for_default_submit_button_value titleize the model name on default submit buttons
| * | | | downcase default submit button value's model nameSteven Spiel2016-01-013-3/+43
| | | | |
* | | | | Update copyright notices to 2016 [ci skip]Rashmi Yadav2015-12-312-2/+2
| | | | |
* | | | | Fix collection_radio_buttons' hidden_field name and make it appear before ↵Santiago Pastorino2015-12-315-26/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the radios Fixes #22773
* | | | | Merge pull request #22829 from jcoyne/test_parametersYves Senn2015-12-303-1/+10
|\ \ \ \ \ | | | | | | | | | | | | TestController#parameters returns AC::Parameters
| * | | | | TestController#parameters returns AC::ParametersJustin Coyne2015-12-293-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #22827 ActionView::TestCase::TestController#parameters should return an instance of ActionController::Parameters rather than a hash. This enables helper methods to use the correct interface.
* | | | | | Fix typoAkshay Vishnoi2015-12-301-1/+1
|/ / / / /
* | | | | Merge pull request #22759 from akshay-vishnoi/human-size-helperEileen M. Uchitelle2015-12-271-0/+2
|\ \ \ \ \ | | | | | | | | | | | | Add support for Petabyte and Exabyte in number to human size
| * | | | | Add support for Petabyte and Exabyte in number to human sizeAkshay Vishnoi2015-12-221-0/+2
| |/ / / /
* | | | | Merge pull request #22778 from y-yagi/fix_submit_tag_with_symbol_valueYves Senn2015-12-243-1/+13
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | fix TypeError when using submit_tag with Symbol value
| * | | | | fix TypeError when using submit_tag with Symbol valueyuuji.yaginuma2015-12-242-1/+8
|/ / / / /
* | | | | Add caveat to number_to_currency docs [ci skip]Derek Prior2015-12-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I've worked on a few applications that have gone through the internationalization process and had issues because they were using `number_to_currency`. The minute a user is allowed to change their locale, they can change the price displayed on a page from 10 US dollars to 10 Mexican Pesos, which is far from the same amount of money. Unlike other helpers that rely on i18n, `number_to_currency` does not produce equivalent results when the locale is changed. As I've explained this to a few groups of developers now, I thought it might make for a good caveat in the docs.
* | | | | Require only the concurrent/map featureRafael Mendonça França2015-12-231-1/+1
|/ / / /
* | | | release notes, extract notable changes from Action View CHANGELOG.Yves Senn2015-12-221-4/+4
| | | | | | | | | | | | | | | | [ci skip]
* | | | do not use `div_for` in example [ci skip]yuuji.yaginuma2015-12-221-8/+9
| | | | | | | | | | | | | | | | `div_for` removed in 01e94ef
* | | | No more no changes entries in the CHANGELOGsGenadi Samokovarov2015-12-211-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the `5.0.0.beta1` release, the CHANGELOGs got an entry like the following: ``` * No changes. ``` It is kinda confusing as there are indeed changes after it. Not a biggie, just a small pass over the CHANGELOGs. [ci skip]
* | | | fix typo in config value [ci skip]yuuji.yaginuma2015-12-191-1/+1
| |_|/ |/| |
* | | Add CHANGELOG headers for Rails 5.0.0.beta1eileencodes2015-12-181-0/+5
| | |
* | | Merge pull request #22462 from lxsameer/i18n_html_wrapRafael França2015-12-184-0/+30
|\ \ \ | | | | | | | | wrapping i18n missing keys made optional
| * | | debug_missing_translation configuration added to action_viewSameer Rahmani2015-12-184-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `I18n.translate` helper will wrap the missing translation keys in a <span> tag only if `debug_missing_translation` configuration has a truthy value. Default value is `true`. For example in `application.rb`: # in order to turn off missing key wrapping config.action_view.debug_missing_translation = false
* | | | Change `alpha` to `beta1` to prep for release of Rails 5eileencodes2015-12-181-1/+1
| | | | | | | | | | | | | | | | :tada: :beers:
* | | | Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-181-9/+0
|\ \ \ \ | |/ / / |/| | | Prevent ActionController::Parameters in url_for
| * | | Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-151-9/+0
| | | |
* | | | Merge pull request #21914 from zachalewel/zachalewel-patch-1Matthew Draper2015-12-181-8/+8
|\ \ \ \ | | | | | | | | | | | | | | | Update CHANGELOG.md for readability
| * | | | Update CHANGELOG.mdZach Alewel2015-10-081-1/+1
| | | | |