- 22 10月, 2009 1 次提交
-
-
由 José Valim 提交于
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
-
- 18 10月, 2009 1 次提交
-
-
由 José Valim 提交于
-
- 16 10月, 2009 1 次提交
-
-
由 José Valim 提交于
-
- 15 10月, 2009 3 次提交
-
-
由 Michael Koziarski 提交于
-
由 Phil Darnowsky 提交于
ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: NMichael Koziarski <michael@koziarski.com>
-
由 Yehuda Katz 提交于
By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
-
- 09 10月, 2009 1 次提交
-
-
由 Joshua Peek 提交于
-
- 08 10月, 2009 2 次提交
-
-
由 Michael Koziarski 提交于
-
由 Michael Koziarski 提交于
This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
-
- 04 10月, 2009 1 次提交
-
-
由 Joshua Peek 提交于
-
- 28 9月, 2009 2 次提交
-
-
由 John Trupiano 提交于
Signed-off-by: NMichael Koziarski <michael@koziarski.com> [#3266 state:committed]
-
由 Jay Pignata 提交于
Enhancing distance_of_time_in_words to prefix year output with over and about depending upon how many months have elapsed Signed-off-by: NMichael Koziarski <michael@koziarski.com> [#3106 state:committed]
-
- 14 9月, 2009 2 次提交
-
-
由 Joshua Peek 提交于
-
由 Joshua Peek 提交于
-
- 12 9月, 2009 1 次提交
-
-
由 Andrew France 提交于
Allow fields_for on a nested_attributes association to accept an explicit collection to be used. [#2648 state:resolved] Signed-off-by: NEloy Duran <eloy.de.enige@gmail.com>
-
- 04 9月, 2009 2 次提交
-
-
由 Michael Koziarski 提交于
Addresses CVE-2009-3009
-
由 Sam Pohlenz 提交于
Don't raise exceptions for missing javascript_include_tag or stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved] Signed-off-by: NJoshua Peek <josh@joshpeek.com>
-
- 27 8月, 2009 3 次提交
-
-
由 Akira Matsuda 提交于
[#2252 state:committed] Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
-
由 Jeremy Kemper 提交于
Broke CI. [#2252 state:open] This reverts commit adedf728.
-
由 Akira Matsuda 提交于
[#2252 state:committed] Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
-
- 16 8月, 2009 1 次提交
-
-
由 Yehuda Katz 提交于
* request.formats is much simpler now * For XHRs or Accept headers with a single item, we use the Accept header * For other requests, we use params[:format] or fallback to HTML * This is primarily to work around the fact that browsers provide completely broken Accept headers, so we have to whitelist the few cases we can specifically isolate and treat other requests as coming from the browser * For APIs, we can support single-item Accept headers, which disambiguates from the browsers * Requests to an action that only has an XML template from the browser will no longer find the template. This worked previously because most browsers provide a catch-all */*, but this was mostly accidental behavior. If you want to serve XML, either use the :xml format in links, or explicitly specify the XML template: render "template.xml".
-
- 10 8月, 2009 3 次提交
-
-
由 codeape 提交于
[#1249 state:committed] Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
-
由 Max Lapshin 提交于
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
由 Matt Duncan 提交于
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
- 09 8月, 2009 7 次提交
-
-
由 rizwanreza 提交于
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
由 Yehuda Katz 提交于
-
由 Michael Koziarski 提交于
Additionally, actually test that the atom_feed helper works with :xml as an option. [#1836 state:committed]
-
由 Steve St. Martin 提交于
[#3016 state:committed] Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
-
由 rizwanreza 提交于
Example: content_tag('p', "limelight", :class => ["song", "play"]) # => <p class="song play">limelight</p> Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
由 José Valim 提交于
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
由 rizwanreza 提交于
Signed-off-by: NJosé Valim <jose.valim@gmail.com> Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
- 08 8月, 2009 3 次提交
-
-
由 Steve St. Martin 提交于
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
由 wmoxam 提交于
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
由 Jeremy Kemper 提交于
Ruby 1.9.2: implicit argument passing of super from method defined by define_method() is not supported
-
- 07 8月, 2009 1 次提交
-
-
由 Yehuda Katz 提交于
-
- 05 8月, 2009 1 次提交
-
-
由 Matthew Rudy Jacobs 提交于
Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls [#1664 state:resolved] Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
-
- 31 7月, 2009 1 次提交
-
-
由 Marc Love 提交于
Fix tag helpers so that all HTML element boolean attributes render according to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229 / [#2864 state:resolved]. Signed-off-by: NYehuda Katz <wycats@gmail.com>
-
- 29 7月, 2009 1 次提交
-
-
由 Yehuda Katz 提交于
-
- 25 7月, 2009 1 次提交
-
-
由 Pratik Naik 提交于
-
- 21 7月, 2009 1 次提交
-
-
由 Yehuda Katz 提交于
-