| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
with the same same."
Applied the wrong version.
This reverts commit 98c0c5db50a7679b3d58769ac22cb0a27a62c930.
|
|
|
|
| |
the same same.
|
|
|
|
| |
version of join to its own method (safe_join) as not to degrade the performance of join for unrelated html_safe use. [#6298 state:resolved]
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Examples running with the text are preferred over separate Example
sections.
* No need to call puts, in # => we show the return value, not STDOUT.
* Say explicitly that double quotes are removed.
* Specify that we are talking \uXXX, rather than, say, HTML entities.
|
|
|
|
|
|
| |
Conflicts:
actionpack/lib/action_view/template/handlers/erb.rb
|
|
|
|
|
|
|
| |
<%== x %> is syntactic sugar for <%= raw(x) %>
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#5918 status:committed]
|
|\ |
|
| | |
|
|/ |
|
|
|
|
| |
there, same for #class_eval to simplify, and adds coverage for class_eval
|
|
|
|
| |
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
| |
warnings are in dependencies.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
[#3848 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
* Additionally, instead of doing concat("</form>".html_safe), you can do
safe_concat("</form>"), which will skip both the flag set, and the flag
check.
* For the first pass, I converted virtually all #html_safe!s to #html_safe,
and the tests pass. A further optimization would be to try to use
#safe_concat as much as possible, reducing the performance impact if
we know up front that a String is safe.
|
|
|
|
| |
this without the performance hit and make Fixnum safe by default.
|
| |
|
|
|
|
| |
through String#<< which checks if the String is safe, use safe_concat, which uses the original (internal) String#<< and leaves the safe flag as is. Results in a significant performance improvement.
|
| |
|
|
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
|