This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

Ruby 1.9: Strip encoding from ERB source since you can not change character encoding during a method

Check whether blocks are called from erb using a special __in_erb_template variable visible in block binding.

Move erb_trim_mode setting to the ERB template handler. Keep a Base.erb_trim_mode= delegator around.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9242 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8689 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

 * Move compilation, rendering and 'compilable?' checks into the Handlers [Koz]
 * Remove delegate_* methods as the handler is now an instance [Koz]


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8624 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8619 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. Closes #10549.


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8578 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8422 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8341 5ecf4fe2-1ee6-0310-87b1-e25e094e27de