aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Escape format, negative_format and units options of number helpersRafael Mendonça França2014-02-182-5/+53
| | | | | | | | | | | | | | | | | | | | | Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081
* | | Add `#no_content_type` attribute to `AD::Response`Prem Sichanugrist2014-02-181-0/+5
| | | | | | | | | | | | | | | Setting this attribute to `true` will remove the content type header from the request. This is use in `render :body` feature.
* | | Add missing CHANGELOG entry to Action ViewPrem Sichanugrist2014-02-181-0/+5
| | |
* | | Fix a fragile test on `action_view/render`Prem Sichanugrist2014-02-181-1/+1
| | | | | | | | | | | | | | | | | | This test were assuming that the list of render options will always be the same. Fixing that so this doesn't break when we add/remove render option in the future.
* | | Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-185-1/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* | | Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-183-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* | | Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-184-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* | | implements new option :month_format_string for date select helpers [Closes ↵Xavier Noria2014-02-153-9/+48
| | | | | | | | | | | | #13618]
* | | Variant negotiationLukasz Strzalkowski2014-02-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow setting `request.variant` as an array - an order in which they will be rendered. For example: request.variant = [:tablet, :phone] respond_to do |format| format.html.none format.html.phone # this gets rendered end
* | | Added tests to render helper that expect `render partial: @foo` toIain Beeston2014-02-122-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | automatically call @foo.to_partial_path Calling `render @foo` allows local variables but not options to be passed to the partial renderer. The correct way to render an object AND pass options to the partial renderer is to pass the object in the `:partial` parameter. However, there were previously no tests for this behaviour (in `render_helper_test.rb` at least).
* | | Merge pull request #11770 from timruffles/doc_ajax_xhrYves Senn2014-02-031-2/+5
|\ \ \ | | | | | | | | be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip]
| * | | be more specific about csrf token and ajax - not whitelisted outside of ↵Tim Ruffles2013-08-061-2/+5
| | | | | | | | | | | | | | | | jquery-rails [ci skip]
* | | | Adding an documentation example and a test to button_to with pathAttila Domokos2014-02-022-0/+12
| | | | | | | | | | | | I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
* | | | just require the template resolverAaron Patterson2014-01-312-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | LookupContext is eagerly loaded, and FallbackFileSystemResolver is referenced at the class level. Just require the resolver from the eagerly loaded class rather than jumping through autoload hoops
* | | | only ask for the location filters onceAaron Patterson2014-01-311-2/+2
| | | |
* | | | Minor changelog improvements [ci skip]Carlos Antonio da Silva2014-01-311-1/+1
| | | |
* | | | tidy CHANGELOGs [ci skip]Yves Senn2014-01-301-8/+10
| | | |
* | | | Rails config for raise on missing translationsKassio Borges2014-01-274-4/+25
| | | | | | | | | | | | | | | | | | | | Add a config to setup whether raise exception for missing translation or not.
* | | | Merge pull request #13414 from britto/jb-fix-dependency-matchingRafael Mendonça França2014-01-163-29/+184
|\ \ \ \ | | | | | | | | | | Improve ERB dependency detection
| * | | | Update changelogJoão Britto2014-01-091-0/+7
| | | | |
| * | | | Avoid scanning multiple render calls as a single match.João Britto2014-01-092-21/+45
| | | | | | | | | | | | | | | | | | | | Each chunk of text coming after `render` is now handled individually as a possible list of arguments.
| * | | | Improve ERB dependency detection.João Britto2014-01-092-21/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation can't handle some special cases of oddly-formatted Ruby. Now we are able to detect them: * Multi-line arguments on the `render` call * Strings containing quotes, e.g. `"something's wrong"` * Multiple kinds of identifiers - instance variables, class variables and globals * Method chains as arguments for the `render` call Also, this fix reduces the rate of "false positives" which showed up when we had calls/access to identifiers containing `render`, like `surrender` and `rendering`.
* | | | | "serie" => "series"Waynn Lue2014-01-131-2/+2
| | | | |
* | | | | standardize on jruby_skip & rbx_skipGaurish Sharma2014-01-131-0/+8
|/ / / / | | | | | | | | | | | | | | | | | | | | This Adds helpers(jruby_skip & rbx_skip). In Future, Plan is to use these helpers instead of calls directly to RUBY_ENGINE/RbConfig/JRUBY_VERSION
* | | | Fix typo in image_tag documentationAdrien2014-01-071-1/+1
| | | | | | | | | | | | image_tag only supports :alt and :size as additional keys, not three.
* | | | Require actionview/versionWashington Luiz2014-01-061-0/+1
| | | | | | | | | | | | | | | | just like all the other modules do require their version file
* | | | Switched to use `display:none` in extra_tags_for_form method.Gaelian Ditchburn2014-01-056-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The use of `display:inline` with the content_tag call in the extra_tags_for_form method potentially causes display issues with some browsers, namely Internet Explorer. IE's behaviour of not collapsing the line height on divs with ostensibly no content means that the automatically added div containing the hidden authenticity_token, utf8 and _method form input tags may interfere with other visible form elements in certain circumstances. The use of `display:none` rather than `display:inline` fixes this problem. Fixes #6403
* | | | provide correct example of `datetime_select` helper [ci skip]Kuldeep Aggarwal2014-01-041-1/+1
| | | |
* | | | Fixed documentation. [ci skip]Konstantin Wlasow2014-01-041-0/+3
| | | |
* | | | Change all "can not"s to the correct "cannot".T.J. Schuck2014-01-031-2/+2
| | | |
* | | | No need to use fixed size font [ci skip]Rafael Mendonça França2014-01-031-2/+2
| | | |
* | | | Fix documentation for end_year option of date_helper [ci skip]Prathamesh Sonpatki2014-01-031-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - While editing an existing record, end_year is equal to current selected year plus 5 by default. - While editing an existing record, start_year is equal to current selected year value minus 5 by default. - Fixes #13552 Acked-by: Prathamesh Sonpatki <csonpatki@gmail.com> Acked-by: Prathamesh Sonpatki <csonpatki@gmail.com>
* | | | provide correct information [ci skip]Kuldeep Aggarwal2014-01-021-2/+2
| | | |
* | | | update copyright notices to 2014. [ci skip]Vipul A M2014-01-012-2/+2
| | | |
* | | | Unused class in AV testAkira Matsuda2013-12-251-2/+0
| | | |
* | | | Unused classes in AV testsAkira Matsuda2013-12-243-18/+0
| | | |
* | | | Add a changelog entry for #13363 [ci skip]Robin Dupret2013-12-211-0/+8
| | | |
* | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-203-4/+4
|\ \ \ \
| * | | | Typos. return -> returns. [ci skip]Lauro Caetano2013-12-033-4/+4
| | | | |
* | | | | Prefer assert_raise instead of flunk + rescue to test for exceptionsCarlos Antonio da Silva2013-12-192-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change most tests to make use of assert_raise returning the raised exception rather than relying on a combination of flunk + rescue to check for exception types/messages.
* | | | | duplication removed(DRY)abhishek2013-12-181-16/+10
| | | | |
* | | | | Merge pull request #13363 from kuldeepaggarwal/f-video-optionsGuillermo Iguaran2013-12-172-5/+11
|\ \ \ \ \ | |_|_|/ / |/| | | | allow video_tag to accept `size` as `Number` for square shaped videos
| * | | | allow video_tag to accept `size` as `Number` for square shaped videosKuldeep Aggarwal2013-12-182-5/+11
| | | | |
* | | | | Get ready to release 4.1.0.beta1David Heinemeier Hansson2013-12-171-1/+1
| | | | |
* | | | | Fix integration test to pass same-origin verificationJeremy Kemper2013-12-171-1/+1
|/ / / /
* | | | Disable available locales checks to avoid warnings running the testsCarlos Antonio da Silva2013-12-171-0/+3
| | | |
* | | | Merge pull request #13255 from strzalek/bump-builderRafael Mendonça França2013-12-121-1/+1
|\ \ \ \ | | | | | | | | | | Bump up builder
| * | | | More liberal builder dependencyŁukasz Strzałkowski2013-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | Allowing us to get 3.2.x versions if needed.
* | | | | Merge pull request #13284 from aayushkhandelwal11/typos_correctedGodfrey Chan2013-12-111-1/+1
|\ \ \ \ \ | | | | | | | | | | | | s/everytime/every time/
| * | | | | typos rectified [ci skip]Aayush khandelwal2013-12-121-1/+1
| | | | | |