| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
Conflicts:
guides/source/4_1_release_notes.md
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
sikachu/master-revert-render-body-remove-content-type
Do note remove `Content-Type` when `render :body`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`render :body` should just not set the `Content-Type` header. By
removing the header, it breaks the compatibility with other parts.
After this commit, `render :body` will returns `text/html` content type,
sets by default from `ActionDispatch::Response`, and it will preserve
the overridden content type if you override it.
Fixes #14197, #14238
This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This method return `Gem::Version.new(Rails.version)`, suggesting a more
reliable way to perform version comparison.
Example:
Rails.version #=> "4.1.2"
Rails.gem_version #=> #<Gem::Version "4.1.2">
Rails.version > "4.1.10" #=> false
Rails.gem_version > Gem::Version.new("4.1.10") #=> true
Gem::Requirement.new("~> 4.1.2") =~ Rails.gem_version #=> true
This was originally introduced as `.version` by @charliesome in #8501
but got reverted in #10002 since it was not backward compatible.
Also, updating template for `rake update_versions`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Take variants into account when calculating template digests in
ActionView::Digest.
Digestor#digest now takes a hash as an argument to support variants and
allow more flexibility in the future. Old-style arguments have been
deprecated.
Fixes #14242
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's no need to rely on Active Support's Hash#reverse_merge for
simple cases with default values, since we can just merge from the
default rather than reverse merge from the options.
This also avoids the creation of one extra hash object by moving to a
Hash#merge! call.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Remove 4-1 related entries from master [ci skip]
|
| | |
|
| |
| |
| |
| |
| | |
This is a follow up to #14170. While backporting I recognized
that this call is not needed at all.
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
|\
| |
| |
| |
| |
| | |
Conflicts:
actionview/CHANGELOG.md
activerecord/CHANGELOG.md
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| |
| |
| |
| |
| | |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
| | |
|
| |
| |
| |
| |
| |
| | |
This test were assuming that the list of render options will always be
the same. Fixing that so this doesn't break when we add/remove render
option in the future.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
| |
| |
| |
| | |
#13618]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow setting `request.variant` as an array - an order in which they will be
rendered.
For example:
request.variant = [:tablet, :phone]
respond_to do |format|
format.html.none
format.html.phone # this gets rendered
end
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
automatically call @foo.to_partial_path
Calling `render @foo` allows local variables but not options to be
passed to the partial renderer. The correct way to render an object AND
pass options to the partial renderer is to pass the object in the
`:partial` parameter. However, there were previously no tests for this
behaviour (in `render_helper_test.rb` at least).
|
|\ \
| | |
| | | |
be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip]
|
| | |
| | |
| | |
| | | |
jquery-rails [ci skip]
|
| | |
| | |
| | | |
I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
|
| | |
| | |
| | |
| | |
| | |
| | | |
LookupContext is eagerly loaded, and FallbackFileSystemResolver is
referenced at the class level. Just require the resolver from the
eagerly loaded class rather than jumping through autoload hoops
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Add a config to setup whether raise exception for missing translation or
not.
|
|\ \ \
| | | |
| | | | |
Improve ERB dependency detection
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Each chunk of text coming after `render` is now handled individually as a possible list of arguments.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current implementation can't handle some special cases of oddly-formatted Ruby. Now we are able to detect them:
* Multi-line arguments on the `render` call
* Strings containing quotes, e.g. `"something's wrong"`
* Multiple kinds of identifiers - instance variables, class variables and globals
* Method chains as arguments for the `render` call
Also, this fix reduces the rate of "false positives" which showed up when we had calls/access to identifiers containing `render`, like `surrender` and `rendering`.
|
| | | | |
|