From 4b95405818fee8a07ff0995229eed7d759422dc4 Mon Sep 17 00:00:00 2001 From: Mikhail Dieterle Date: Sat, 22 Feb 2014 21:57:11 +0300 Subject: typos fixes --- guides/source/4_1_release_notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'guides') diff --git a/guides/source/4_1_release_notes.md b/guides/source/4_1_release_notes.md index a859553b1b..69ac442c9d 100644 --- a/guides/source/4_1_release_notes.md +++ b/guides/source/4_1_release_notes.md @@ -457,10 +457,10 @@ for detailed changes. ### Notable changes -* Default scopes are no longer overriden by chained conditions. +* Default scopes are no longer overridden by chained conditions. Before this change when you defined a `default_scope` in a model - it was overriden by chained conditions in the same field. Now it + it was overridden by chained conditions in the same field. Now it is merged like any other scope. [More Details](upgrading_ruby_on_rails.html#changes-on-default-scopes). * Added `ActiveRecord::Base.to_param` for convenient "pretty" URLs derived from @@ -547,10 +547,10 @@ for detailed changes. 3.8.0`. ([Pull Request](https://github.com/rails/rails/pull/13350)) * Make `change_column_null` - revertable. ([Commit](https://github.com/rails/rails/commit/724509a9d5322ff502aefa90dd282ba33a281a96)) + revertible. ([Commit](https://github.com/rails/rails/commit/724509a9d5322ff502aefa90dd282ba33a281a96)) * Added a flag to disable schema dump after migration. This is set to `false` - by defualt in the production environment for new applications. ([Pull Request](https://github.com/rails/rails/pull/13948)) + by default in the production environment for new applications. ([Pull Request](https://github.com/rails/rails/pull/13948)) Active Model -- cgit v1.2.3 From b91d76131b2dd5fbd4d73f6e1e925c9e6f9880f6 Mon Sep 17 00:00:00 2001 From: Gaurish Sharma Date: Sun, 23 Feb 2014 12:35:53 +0530 Subject: Tweak Configuring Guide language the fact that Rails is multi-thread by default is not very relevant. see https://github.com/rails/rails/pull/13998 [ci skip] --- guides/source/configuring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 7b72e27b96..a88591e89c 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -939,4 +939,4 @@ ActiveRecord::ConnectionTimeoutError - could not obtain a database connection wi If you get the above error, you might want to increase the size of connection pool by incrementing the `pool` option in `database.yml` -NOTE. As Rails is multi-threaded by default, there could be a chance that several threads may be accessing multiple connections simultaneously. So depending on your current request load, you could very well have multiple threads contending for a limited amount of connections. +NOTE. If you are running in a multi-threaded environment, there could be a chance that several threads may be accessing multiple connections simultaneously. So depending on your current request load, you could very well have multiple threads contending for a limited amount of connections. -- cgit v1.2.3 From 42417b0013819e573be9ffc5402e179003156e8e Mon Sep 17 00:00:00 2001 From: Hendy Tanata Date: Thu, 27 Feb 2014 19:31:08 -0800 Subject: Improve guide for Hash#transform_keys and related methods. [skip ci] --- guides/source/active_support_core_extensions.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'guides') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index 2ad09f599b..7e6cda4b26 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -2719,11 +2719,14 @@ The method `transform_keys` accepts a block and returns a hash that has applied # => {"" => nil, "A" => :a, "1" => 1} ``` -The result in case of collision is undefined: +The result in case of key collision is not guaranteed: ```ruby {"a" => 1, a: 2}.transform_keys { |key| key.to_s.upcase } -# => {"A" => 2}, in my test, can't rely on this result though +# The result could either be +# => {"A"=>2} +# or +# => {"A"=>1} ``` This method may be useful for example to build specialized conversions. For instance `stringify_keys` and `symbolize_keys` use `transform_keys` to perform their key conversions: @@ -2758,11 +2761,14 @@ The method `stringify_keys` returns a hash that has a stringified version of the # => {"" => nil, "a" => :a, "1" => 1} ``` -The result in case of collision is undefined: +The result in case of key collision is not guaranteed: ```ruby {"a" => 1, a: 2}.stringify_keys -# => {"a" => 2}, in my test, can't rely on this result though +# The result could either be +# => {"a"=>2} +# or +# => {"a"=>1} ``` This method may be useful for example to easily accept both symbols and strings as options. For instance `ActionView::Helpers::FormHelper` defines: @@ -2799,11 +2805,14 @@ The method `symbolize_keys` returns a hash that has a symbolized version of the WARNING. Note in the previous example only one key was symbolized. -The result in case of collision is undefined: +The result in case of key collision is not guaranteed: ```ruby {"a" => 1, a: 2}.symbolize_keys -# => {:a=>2}, in my test, can't rely on this result though +# The result could either be +# => {:a=>2} +# or +# => {:a=>1} ``` This method may be useful for example to easily accept both symbols and strings as options. For instance `ActionController::UrlRewriter` defines -- cgit v1.2.3 From 245574ae02216fcf29c93c2a2fe2ca74c00ffc1f Mon Sep 17 00:00:00 2001 From: Hendy Tanata Date: Thu, 27 Feb 2014 19:39:17 -0800 Subject: Fix code alignment in duplicable? guide. [skip ci] --- guides/source/active_support_core_extensions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index 7e6cda4b26..ad5c9d4466 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -157,9 +157,9 @@ Active Support provides `duplicable?` to programmatically query an object about ```ruby "foo".duplicable? # => true -"".duplicable? # => true +"".duplicable? # => true 0.0.duplicable? # => false -false.duplicable? # => false +false.duplicable? # => false ``` By definition all objects are `duplicable?` except `nil`, `false`, `true`, symbols, numbers, class, and module objects. -- cgit v1.2.3 From 4b1639d8ea33d0a709900bfbb024a6fd6e587d86 Mon Sep 17 00:00:00 2001 From: Brian Thomas Storti Date: Thu, 27 Feb 2014 23:39:58 -0800 Subject: [ci skip] use secrets.yml instead of secret_token.rb in the action controller guide --- guides/source/action_controller_overview.md | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'guides') diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index 5b5f53c9be..1f9342ca25 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -381,16 +381,31 @@ You can also pass a `:domain` key and specify the domain name for the cookie: YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com" ``` -Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb` +Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/secrets.yml` ```ruby # Be sure to restart your server when you modify this file. -# Your secret key for verifying the integrity of signed cookies. +# Your secret key is used for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! + # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -YourApp::Application.config.secret_key_base = '49d3f3de9ed86c74b94ad6bd0...' +# You can use `rake secret` to generate a secure secret key. + +# Make sure the secrets in this file are kept private +# if you're sharing your code publicly. + +development: + secret_key_base: a75d... + +test: + secret_key_base: 492f... + +# Do not keep production secrets in the repository, +# instead read values from the environment. +production: + secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> ``` NOTE: Changing the secret when using the `CookieStore` will invalidate all existing sessions. -- cgit v1.2.3 From 3bdc7eb94d5da8c531f5d89a3e4c333f5679e920 Mon Sep 17 00:00:00 2001 From: Robin Dupret Date: Fri, 28 Feb 2014 19:21:18 +0100 Subject: Improve a bit the 4.1 release notes [ci skip] Fix a few typos. #present_in has been changed to #presence_in through commit d61baee5. --- guides/source/4_1_release_notes.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'guides') diff --git a/guides/source/4_1_release_notes.md b/guides/source/4_1_release_notes.md index a859553b1b..a01031ca96 100644 --- a/guides/source/4_1_release_notes.md +++ b/guides/source/4_1_release_notes.md @@ -543,14 +543,15 @@ for detailed changes. * Make `touch` fire the `after_commit` and `after_rollback` callbacks. ([Pull Request](https://github.com/rails/rails/pull/12031)) -* Enable partial indexes for `sqlite >= - 3.8.0`. ([Pull Request](https://github.com/rails/rails/pull/13350)) +* Enable partial indexes for `sqlite >= 3.8.0`. + ([Pull Request](https://github.com/rails/rails/pull/13350)) * Make `change_column_null` revertable. ([Commit](https://github.com/rails/rails/commit/724509a9d5322ff502aefa90dd282ba33a281a96)) * Added a flag to disable schema dump after migration. This is set to `false` - by defualt in the production environment for new applications. ([Pull Request](https://github.com/rails/rails/pull/13948)) + by default in the production environment for new applications. + ([Pull Request](https://github.com/rails/rails/pull/13948)) Active Model @@ -709,7 +710,8 @@ for detailed changes. responsibilities within a class. ([Commit](https://github.com/rails/rails/commit/1eee0ca6de975b42524105a59e0521d18b38ab81)) -* Added `Object#present_in` to simplify value whitelisting. ([Commit](https://github.com/rails/rails/commit/4edca106daacc5a159289eae255207d160f22396)) +* Added `Object#presence_in` to simplify value whitelisting. + ([Commit](https://github.com/rails/rails/commit/4edca106daacc5a159289eae255207d160f22396)) Credits -- cgit v1.2.3 From cee7a06746ef194c922f96209a876648b8be0d59 Mon Sep 17 00:00:00 2001 From: Hendy Tanata Date: Fri, 28 Feb 2014 11:28:24 -0800 Subject: Improve collision explanation for Hash#transform_keys. Based on comments at https://github.com/rails/docrails/commit/42417b0013819e573be9ffc5402e179003156e8e#commitcomment-5527251 [skip ci] --- guides/source/active_support_core_extensions.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'guides') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index ad5c9d4466..5698dc0413 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -2719,7 +2719,7 @@ The method `transform_keys` accepts a block and returns a hash that has applied # => {"" => nil, "A" => :a, "1" => 1} ``` -The result in case of key collision is not guaranteed: +In case of key collision, one of the values will be chosen. The chosen value may not always be the same given the same hash: ```ruby {"a" => 1, a: 2}.transform_keys { |key| key.to_s.upcase } @@ -2761,7 +2761,7 @@ The method `stringify_keys` returns a hash that has a stringified version of the # => {"" => nil, "a" => :a, "1" => 1} ``` -The result in case of key collision is not guaranteed: +In case of key collision, one of the values will be chosen. The chosen value may not always be the same given the same hash: ```ruby {"a" => 1, a: 2}.stringify_keys @@ -2805,7 +2805,7 @@ The method `symbolize_keys` returns a hash that has a symbolized version of the WARNING. Note in the previous example only one key was symbolized. -The result in case of key collision is not guaranteed: +In case of key collision, one of the values will be chosen. The chosen value may not always be the same given the same hash: ```ruby {"a" => 1, a: 2}.symbolize_keys -- cgit v1.2.3 From ae75289260dcb7f3d40ad3e5e75d4cad28e1fc40 Mon Sep 17 00:00:00 2001 From: Kuldeep Aggarwal Date: Sat, 1 Mar 2014 01:35:29 +0530 Subject: [ci skip] use secrets.secret_key_base instead of config.secret_key_base use secrets.yml instead of secret_token.rb --- guides/source/configuring.md | 2 +- guides/source/security.md | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'guides') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 7b72e27b96..443135ed5f 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -118,7 +118,7 @@ numbers. New applications filter out passwords by adding the following `config.f * `config.reload_classes_only_on_change` enables or disables reloading of classes only when tracked files change. By default tracks everything on autoload paths and is set to true. If `config.cache_classes` is true, this option is ignored. -* `config.secret_key_base` used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `config.secret_key_base` initialized to a random key in `config/initializers/secret_token.rb`. +* `secrets.secret_key_base` is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`. * `config.serve_static_assets` configures Rails itself to serve static assets. Defaults to true, but in the production environment is turned off as the server software (e.g. Nginx or Apache) used to run the application should serve static assets instead. Unlike the default setting set this to true when running (absolutely not recommended!) or testing your app in production mode using WEBrick. Otherwise you won't be able use page caching and requests for files that exist regularly under the public directory will anyway hit your Rails app. diff --git a/guides/source/security.md b/guides/source/security.md index ece431dae7..a40c99cbfd 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -95,9 +95,16 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA1, for compatibility). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters_. -`config.secret_key_base` is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `config.secret_key_base` initialized to a random key in `config/initializers/secret_token.rb`, e.g.: +`secrets.secret_key_base` is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `secrets.secret_key_base` initialized to a random key present in `config/secrets.yml`, e.g.: - YourApp::Application.config.secret_key_base = '49d3f3de9ed86c74b94ad6bd0...' + development: + secret_key_base: a75d... + + test: + secret_key_base: 492f... + + production: + secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> Older versions of Rails use CookieStore, which uses `secret_token` instead of `secret_key_base` that is used by EncryptedCookieStore. Read the upgrade documentation for more information. @@ -1005,7 +1012,7 @@ Used to control which sites are allowed to bypass same origin policies and send Environmental Security ---------------------- -It is beyond the scope of this guide to inform you on how to secure your application code and environments. However, please secure your database configuration, e.g. `config/database.yml`, and your server-side secret, e.g. stored in `config/initializers/secret_token.rb`. You may want to further restrict access, using environment-specific versions of these files and any others that may contain sensitive information. +It is beyond the scope of this guide to inform you on how to secure your application code and environments. However, please secure your database configuration, e.g. `config/database.yml`, and your server-side secret, e.g. stored in `config/secrets.yml`. You may want to further restrict access, using environment-specific versions of these files and any others that may contain sensitive information. Additional Resources -------------------- -- cgit v1.2.3 From 8d486c63d63eeb503fd18be615d5dd26dfa34fb5 Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Wed, 5 Mar 2014 09:53:39 +0100 Subject: docs, flash message keys are normalized to strings. [ci skip] This is a follow up to a668beffd64106a1e1fedb71cc25eaaa11baf0c1 --- guides/source/upgrading_ruby_on_rails.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'guides') diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index da124e21a4..7467648d49 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -111,6 +111,26 @@ in your application, you can add an initializer file with the following content: This would transparently migrate your existing `Marshal`-serialized cookies into the new `JSON`-based format. +### Flash structure changes + +Flash message keys are +[normalized to strings](https://github.com/rails/rails/commit/a668beffd64106a1e1fedb71cc25eaaa11baf0c1). They +can still be accessed using either symbols or strings. Lopping through the flash +will always yield string keys: + +```ruby +flash["string"] = "a string" +flash[:symbol] = "a symbol" + +# Rails < 4.1 +flash.keys # => ["string", :symbol] + +# Rails >= 4.1 +flash.keys # => ["string", "symbol"] +``` + +Make sure you are comparing Flash message keys against strings. + ### Changes in JSON handling There are a few major changes related to JSON handling in Rails 4.1. -- cgit v1.2.3 From ed88a601f7b37de0f89b64249aaeed884faed836 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Fri, 28 Feb 2014 19:39:22 -0500 Subject: Do note remove `Content-Type` when `render :body` `render :body` should just not set the `Content-Type` header. By removing the header, it breaks the compatibility with other parts. After this commit, `render :body` will returns `text/html` content type, sets by default from `ActionDispatch::Response`, and it will preserve the overridden content type if you override it. Fixes #14197, #14238 This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da. --- guides/source/layouts_and_rendering.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'guides') diff --git a/guides/source/layouts_and_rendering.md b/guides/source/layouts_and_rendering.md index 66ed6f2e08..bd33c5a146 100644 --- a/guides/source/layouts_and_rendering.md +++ b/guides/source/layouts_and_rendering.md @@ -304,10 +304,13 @@ type, by using the `:body` option to `render`: render body: "raw" ``` -TIP: This option should be used only if you explicitly want the content type to -be unset. Using `:plain` or `:html` might be more appropriate in most of the +TIP: This option should be used only if you don't care about the content type of +the response. Using `:plain` or `:html` might be more appropriate in most of the time. +NOTE: Unless overriden, your response returned from this render option will be +`text/html`, as that is the default content type of Action Dispatch response. + #### Options for `render` Calls to the `render` method generally accept four options: -- cgit v1.2.3 From d361d9303b3673f73d541ffe0c5e0e81abe5391c Mon Sep 17 00:00:00 2001 From: Nikolay Shebanov Date: Mon, 3 Mar 2014 15:54:52 +0300 Subject: [ci skip] Add "Low-Level Caching" part to "Caching With Rails" --- guides/source/caching_with_rails.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'guides') diff --git a/guides/source/caching_with_rails.md b/guides/source/caching_with_rails.md index 0d45e5fb28..e898d75d1a 100644 --- a/guides/source/caching_with_rails.md +++ b/guides/source/caching_with_rails.md @@ -140,6 +140,26 @@ You can also combine the two schemes which is called "Russian Doll Caching": It's called "Russian Doll Caching" because it nests multiple fragments. The advantage is that if a single product is updated, all the other inner fragments can be reused when regenerating the outer fragment. +### Low-Level Caching + +Sometimes you need to cache a particular value or query result, instead of caching view fragments. Rails caching mechanism works great for storing __any__ kind of information. + +The most efficient way to implement low-level caching is using the `Rails.cache.fetch` method. This method does both reading and writing to the cache. When passed only a single argument, the key is fetched and value from the cache is returned. If a block is passed, the result of the block will be cached to the given key and the result is returned. + +Consider the following example. An application has a `Product` model with an instance method that looks up the product’s price on a competing website. The data returned by this method would be perfect for low-level caching: + +```ruby +class Product < ActiveRecord::Base + def competing_price + Rails.cache.fetch("#{cache_key}/competing_price", expires_in: 12.hours) do + Competitor::API.find_price(id) + end + end +end +``` + +NOTE: Notice that in this example we used `cache_key` method, so the resulting cache-key will be something like `products/233-20140225082222765838000/competing_price`. `cache_key` generates a string based on the model’s `id` and `updated_at` attributes. This is a common convention and has the benefit of invalidating the cache whenever the product is updated. In general, when you use low-level caching for instance level information, you need to generate a cache key. + ### SQL Caching Query caching is a Rails feature that caches the result set returned by each query so that if Rails encounters the same query again for that request, it will use the cached result set as opposed to running the query against the database again. -- cgit v1.2.3 From 64816dacc5ecbc9d26aed4869e6b9ffb8a02f14f Mon Sep 17 00:00:00 2001 From: joker1007 Date: Thu, 6 Mar 2014 18:57:29 +0900 Subject: Fix guide about `config.active_record.default_timezone` [ci skip] Now the initial value of ActiveRecord.default_timezone is always :utc --- guides/source/configuring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 443135ed5f..eb04007016 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -274,7 +274,7 @@ All these configuration options are delegated to the `I18n` library. * `config.active_record.pluralize_table_names` specifies whether Rails will look for singular or plural table names in the database. If set to true (the default), then the Customer class will use the `customers` table. If set to false, then the Customer class will use the `customer` table. -* `config.active_record.default_timezone` determines whether to use `Time.local` (if set to `:local`) or `Time.utc` (if set to `:utc`) when pulling dates and times from the database. The default is `:utc` for Rails, although Active Record defaults to `:local` when used outside of Rails. +* `config.active_record.default_timezone` determines whether to use `Time.local` (if set to `:local`) or `Time.utc` (if set to `:utc`) when pulling dates and times from the database. The default is `:utc`. * `config.active_record.schema_format` controls the format for dumping the database schema to a file. The options are `:ruby` (the default) for a database-independent version that depends on migrations, or `:sql` for a set of (potentially database-dependent) SQL statements. -- cgit v1.2.3 From 91156b6f0ced65b5681874e2cf2a95e045d708e9 Mon Sep 17 00:00:00 2001 From: Patrick Perey Date: Fri, 7 Mar 2014 10:46:27 -0800 Subject: Add preventDefault() on click event --- guides/source/working_with_javascript_in_rails.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index a8695ec034..aba3c9ed61 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -111,7 +111,9 @@ paintIt = (element, backgroundColor, textColor) -> element.style.color = textColor $ -> - $("a[data-background-color]").click -> + $("a[data-background-color]").click (e) -> + e.preventDefault() + backgroundColor = $(this).data("background-color") textColor = $(this).data("text-color") paintIt(this, backgroundColor, textColor) -- cgit v1.2.3 From 2883cb97663ec4cc41932d4e8d0878af96262372 Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Sat, 8 Mar 2014 13:41:38 +0100 Subject: added CSRF helper to rails guide documentation. Closes #11615. [ci skip] --- guides/source/action_view_overview.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'guides') diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index 6a355a5177..f31bc4552c 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1550,7 +1550,7 @@ end Sanitizes a block of CSS code. -#### strip_links(html) +#### strip_links(html) Strips all link tags from text leaving just the link text. ```ruby @@ -1568,9 +1568,9 @@ strip_links('Blog: Visit.') # => Blog: Visit. ``` -#### strip_tags(html) +#### strip_tags(html) -Strips all HTML tags from the html, including comments. +Strips all HTML tags from the html, including comments. This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner. ```ruby @@ -1585,6 +1585,22 @@ strip_tags("Bold no more! See more") NB: The output may still contain unescaped '<', '>', '&' characters and confuse browsers. +### CsrfHelper + +Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site +request forgery protection parameter and token, respectively. + +```html + <%= csrf_meta_tags %> +``` + +These are used to generate the dynamic forms that implement non-remote links +with `:method`. + +Note that regular forms generate hidden fields, and that Ajax calls are +whitelisted, so they do not use these tags. + +More details can be found in the [Rails Security Guide](security.html). Localized Views --------------- -- cgit v1.2.3 From dc8bfc8ab62c3e3a776297226ef43027bc7d09c1 Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Sat, 8 Mar 2014 15:46:43 +0100 Subject: docs, shorten CsrfHelper description and refer to security guide. [ci skip] --- guides/source/action_view_overview.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'guides') diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index f31bc4552c..74f95bfcfd 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1591,16 +1591,11 @@ Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site request forgery protection parameter and token, respectively. ```html - <%= csrf_meta_tags %> +<%= csrf_meta_tags %> ``` -These are used to generate the dynamic forms that implement non-remote links -with `:method`. - -Note that regular forms generate hidden fields, and that Ajax calls are -whitelisted, so they do not use these tags. - -More details can be found in the [Rails Security Guide](security.html). +NOTE: Regular forms generate hidden fields so they do not use these tags. More +details can be found in the [Rails Security Guide](security.html#cross-site-request-forgery-csrf). Localized Views --------------- -- cgit v1.2.3 From a1ad848469ce15f18a0452f6771632d1d0bc9ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 10 Mar 2014 10:31:43 -0300 Subject: The 4.1 release notes is already a thing so lets show in the guides links --- guides/source/documents.yaml | 1 - 1 file changed, 1 deletion(-) (limited to 'guides') diff --git a/guides/source/documents.yaml b/guides/source/documents.yaml index e4653b47fc..a160c462b2 100644 --- a/guides/source/documents.yaml +++ b/guides/source/documents.yaml @@ -167,7 +167,6 @@ - name: Ruby on Rails 4.1 Release Notes url: 4_1_release_notes.html - work_in_progress: true description: Release notes for Rails 4.1. - name: Ruby on Rails 4.0 Release Notes -- cgit v1.2.3 From 2c634f01fa6c4f90c4ec098a9f88f904aba01bf6 Mon Sep 17 00:00:00 2001 From: "Gary S. Weaver" Date: Mon, 10 Mar 2014 12:39:24 -0400 Subject: minor fix to 4.1 rel notes for begin_transaction joinable option [CI skip] --- guides/source/4_1_release_notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/4_1_release_notes.md b/guides/source/4_1_release_notes.md index 6abbb799c8..f368268a37 100644 --- a/guides/source/4_1_release_notes.md +++ b/guides/source/4_1_release_notes.md @@ -388,7 +388,7 @@ for detailed changes. * Removed deprecated `scope` use without passing a callable object. * Removed deprecated `transaction_joinable=` in favor of `begin_transaction` - with `d:joinable` option. + with a `:joinable` option. * Removed deprecated `decrement_open_transactions`. -- cgit v1.2.3 From 69ba49dd85929dc3672bc839b647dd0a96886470 Mon Sep 17 00:00:00 2001 From: sukolsak Date: Wed, 12 Mar 2014 14:08:57 -0700 Subject: Fix a grammatical error in the i18n guide [ci skip] --- guides/source/i18n.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides') diff --git a/guides/source/i18n.md b/guides/source/i18n.md index d72717fa3b..bef738b75b 100644 --- a/guides/source/i18n.md +++ b/guides/source/i18n.md @@ -137,7 +137,7 @@ If you want to translate your Rails application to a **single language other tha However, you would probably like to **provide support for more locales** in your application. In such case, you need to set and pass the locale between requests. -WARNING: You may be tempted to store the chosen locale in a _session_ or a cookie, however **do not do this**. The locale should be transparent and a part of the URL. This way you won't break people's basic assumptions about the web itself: if you send a URL to a friend, they should see the same page and content as you. A fancy word for this would be that you're being [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer). Read more about the RESTful approach in [Stefan Tilkov's articles](http://www.infoq.com/articles/rest-introduction). Sometimes there are exceptions to this rule and those are discussed below. +WARNING: You may be tempted to store the chosen locale in a _session_ or a cookie. However, **do not do this**. The locale should be transparent and a part of the URL. This way you won't break people's basic assumptions about the web itself: if you send a URL to a friend, they should see the same page and content as you. A fancy word for this would be that you're being [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer). Read more about the RESTful approach in [Stefan Tilkov's articles](http://www.infoq.com/articles/rest-introduction). Sometimes there are exceptions to this rule and those are discussed below. The _setting part_ is easy. You can set the locale in a `before_action` in the `ApplicationController` like this: -- cgit v1.2.3