提交 · 303991288633effea5a1d1774dbd861951303fe5 · 张重言 / rails

22 10月, 2009 1 次提交
- J
  Fix error_messages_for when instance variable names are given. · 9fbb2c57
  由 José Valim 提交于 10月 21, 2009
```
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  9fbb2c57
18 10月, 2009 1 次提交
- J
  
  Bring agnosticism to error_messages_for. · cb873026
  由 José Valim 提交于 10月 17, 2009
  
  cb873026
16 10月, 2009 1 次提交
- J
  
  Unify benchmark APIs. · a15e02d4
  由 José Valim 提交于 10月 09, 2009
  
  a15e02d4
15 10月, 2009 3 次提交

M

Make sure non-escaped urls aren't considered safe · 1d01bad3
由 Michael Koziarski 提交于 10月 15, 2009

1d01bad3

ActionView.url_for doesn't escape by default · 1b3195b6

由 Phil Darnowsky 提交于 10月 07, 2009

ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by
default.  This was most commonly seen when generating a path with multiple
query parameters, e.g.

  url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456)

would return

  http://example.com/foo/bar?that=456&amp;this=123

escaping an ampersand that shouldn't be escaped.  This is both wrong and
inconsistent with the behavior of ActionController#url_for, and is changed.
Signed-off-by: NMichael Koziarski <michael@koziarski.com>

1b3195b6

Start adding configuration to ActionView instead of using constants. · a41c6c35

由 Yehuda Katz 提交于 10月 14, 2009

  By using config rather than hardcoded constants, we can evolve the
  configuration system over time (we'd just need to update the config
  method with more robust capabilities and all consumers would get
  the capabilities with no code changes)

a41c6c35

09 10月, 2009 1 次提交
- J
  
  API change: content_tag_for outputs prefixed class name · 3b6bdfc1
  由 Joshua Peek 提交于 10月 08, 2009
  
  3b6bdfc1
08 10月, 2009 2 次提交

M

error procs have to be safe too · c352ec06
由 Michael Koziarski 提交于 10月 08, 2009

c352ec06

Switch to on-by-default XSS escaping for rails. · 94159359

由 Michael Koziarski 提交于 10月 08, 2009

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

94159359

04 10月, 2009 1 次提交
- J
  
  NumberHelper depends on big decimal extensions · 31319b47
  由 Joshua Peek 提交于 10月 03, 2009
  
  31319b47
28 9月, 2009 2 次提交
- J
  Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'. · c9318e90
  由 John Trupiano 提交于 9月 26, 2009
```
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
[#3266 state:committed]
```
  c9318e90
- J
  Enhancing distance_of_time_in_words to prefix year output with over and about... · 8ef1cd97
  由 Jay Pignata 提交于 9月 04, 2009
```
Enhancing distance_of_time_in_words to prefix year output with over and about depending upon how many months have elapsed
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
[#3106 state:committed]
```
  8ef1cd97
14 9月, 2009 2 次提交
- J
  
  AV::UrlHelper depends on Array#second · 67eb892e
  由 Joshua Peek 提交于 9月 13, 2009
  
  67eb892e
- J
  
  Don't force test suite to use bundler · a9f5f4bb
  由 Joshua Peek 提交于 9月 13, 2009
  
  a9f5f4bb
12 9月, 2009 1 次提交

Allow fields_for on a nested_attributes association to accept an explicit... · 1b78e9bb

由 Andrew France 提交于 7月 11, 2009

Allow fields_for on a nested_attributes association to accept an explicit collection to be used. [#2648 state:resolved]
Signed-off-by: NEloy Duran <eloy.de.enige@gmail.com>

1b78e9bb

04 9月, 2009 2 次提交
- M
  Clean tag attributes before passing through the escape_once logic. · b16e0c92
  由 Michael Koziarski 提交于 8月 31, 2009
```
Addresses CVE-2009-3009
```
  b16e0c92
- S
  Don't raise exceptions for missing javascript_include_tag or... · 4b6321ef
  由 Sam Pohlenz 提交于 9月 03, 2009
```
Don't raise exceptions for missing javascript_include_tag or stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved]
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  4b6321ef
27 8月, 2009 3 次提交
- A
  I18n: use I18n for select helpers' prompt text · cc9af20d
  由 Akira Matsuda 提交于 8月 26, 2009
```
[#2252 state:committed]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
```
  cc9af20d
- J
  Revert "I18n: use I18n for select helpers' prompt text" · a7ca5595
  由 Jeremy Kemper 提交于 8月 26, 2009
```
Broke CI.

[#2252 state:open]

This reverts commit adedf728.
```
  a7ca5595
- A
  I18n: use I18n for select helpers' prompt text · adedf728
  由 Akira Matsuda 提交于 8月 26, 2009
```
[#2252 state:committed]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
```
  adedf728
16 8月, 2009 1 次提交

Got tests to pass with some more changes. · 1310231c

由 Yehuda Katz 提交于 8月 14, 2009

  * request.formats is much simpler now
    * For XHRs or Accept headers with a single item, we use the Accept header
    * For other requests, we use params[:format] or fallback to HTML
    * This is primarily to work around the fact that browsers provide completely
      broken Accept headers, so we have to whitelist the few cases we can
      specifically isolate and treat other requests as coming from the browser
    * For APIs, we can support single-item Accept headers, which disambiguates
      from the browsers
  * Requests to an action that only has an XML template from the browser will
    no longer find the template. This worked previously because most browsers
    provide a catch-all */*, but this was mostly accidental behavior. If you
    want to serve XML, either use the :xml format in links, or explicitly
    specify the XML template: render "template.xml".

1310231c

10 8月, 2009 3 次提交
- C
  Introduce grouped_collection_select helper. · 8c32248a
  由 codeape 提交于 8月 09, 2009
```
[#1249 state:committed]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
```
  8c32248a
- M
  Make sure link_to generates the form with the specified :href if any [#2254 state:resolved] · 0af4b075
  由 Max Lapshin 提交于 3月 16, 2009
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  0af4b075
- M
  Fixed to_label_tag to accept id attribute without changing for attribute [#2660 status:resolved] · 920ef4e6
  由 Matt Duncan 提交于 8月 08, 2009
```
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
```
  920ef4e6
09 8月, 2009 7 次提交
- R
  Support passing Redcloth options via textilize helper [#2973 state:resolved] · 7dbb2b6f
  由 rizwanreza 提交于 8月 09, 2009
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  7dbb2b6f
- Y
  
  Clean up initializer and some of the internals of PartialRenderer · bf412c9e
  由 Yehuda Katz 提交于 8月 08, 2009
  
  bf412c9e
- M
  Don't call additional methods on builders passed to the atom_feed helper. · 370bf140
  由 Michael Koziarski 提交于 8月 09, 2009
```
Additionally, actually test that the atom_feed helper works with :xml as an option.

[#1836 state:committed]
```
  370bf140
- S
  Update truncate documentation / examples to more clearly demonstrate its actual behavior · 618771be
  由 Steve St. Martin 提交于 8月 08, 2009
```
[#3016 state:committed]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
```
  618771be
- R
  Allow content_tag options to take an array [#1741 state:resolved] [rizwanreza, Nick Quaranto] · 57863957
  由 rizwanreza 提交于 8月 08, 2009
```
Example:
  content_tag('p', "limelight", :class => ["song", "play"])
  # => <p class="song play">limelight</p>
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  57863957
- J
  Allow radio buttons to work with booleans. · c34d6279
  由 José Valim 提交于 7月 24, 2009
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  c34d6279
- R
  Add :include_blank option for select_tag [#1987 status:resolved] · 1191e3ff
  由 rizwanreza 提交于 8月 08, 2009
```
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  1191e3ff
08 8月, 2009 3 次提交
- S
  remove duplicate call to stringify_keys [#2587 status:resolved] · a8645593
  由 Steve St. Martin 提交于 8月 07, 2009
```
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
```
  a8645593
- W
  Fix number_to_precision rounding error [#2071 state:resolved] · 98450fd1
  由 wmoxam 提交于 8月 07, 2009
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  98450fd1
- J
  Ruby 1.9.2: implicit argument passing of super from method defined by... · 12c271d1
  由 Jeremy Kemper 提交于 8月 07, 2009
```
Ruby 1.9.2: implicit argument passing of super from method defined by define_method() is not supported
```
  12c271d1
07 8月, 2009 1 次提交
- Y
  
  Improve a path in _render_partial · 4ac9d391
  由 Yehuda Katz 提交于 8月 06, 2009
  
  4ac9d391
05 8月, 2009 1 次提交

Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or... · 64268a0b

由 Matthew Rudy Jacobs 提交于 8月 05, 2009

Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls [#1664 state:resolved]
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>

64268a0b

31 7月, 2009 1 次提交

Fix tag helpers so that all HTML element boolean attributes render according... · d860c891

由 Marc Love 提交于 7月 30, 2009

Fix tag helpers so that all HTML element boolean attributes render according to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229 / [#2864 state:resolved].
Signed-off-by: NYehuda Katz <wycats@gmail.com>

d860c891

29 7月, 2009 1 次提交
- Y
  
  Add support for error_messages_for(@obj) · c4d1075b
  由 Yehuda Katz 提交于 7月 28, 2009
  
  c4d1075b
25 7月, 2009 1 次提交
- P
  
  Merge docrails · e033b5d0
  由 Pratik Naik 提交于 7月 25, 2009
  
  e033b5d0
21 7月, 2009 1 次提交
- Y
  
  First effort at new Ajax helpers · d80316ad
  由 Yehuda Katz 提交于 7月 20, 2009
  
  d80316ad