For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).

  * Additionally, instead of doing concat("</form>".html_safe), you can do
    safe_concat("</form>"), which will skip both the flag set, and the flag
    check.
  * For the first pass, I converted virtually all #html_safe!s to #html_safe,
    and the tests pass. A further optimization would be to try to use
    #safe_concat as much as possible, reducing the performance impact if
    we know up front that a String is safe.

Signed-off-by: NJoshua Peek <josh@joshpeek.com>

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

Ruby 1.9.2: implicit argument passing of super from method defined by define_method() is not supported

  - Define to_model on AR
  - Define to_model on ActiveModel::APICompliant
  - Update test fixtures to be API Compliant
  - Start using to_model in AP

  * Tests can be run in isolation
  * Dependencies added
  * A few tests modified to avoid depending on AS deps 
    not depended on my files they were testing

Signed-off-by: NMichael Koziarski <michael@koziarski.com>
[#2390 state:committed]

Ensure Active Record error related view helpers escape the message [#1280 state:resolved] [Inge Jørgensen, Dan Barry]
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>

Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

Refactored TextHelper#truncate, highlight, excerpt, word_wrap and auto_link to accept options hash [#705 state:resolved]
Signed-off-by: NJoshua Peek <josh@joshpeek.com>

Signed-off-by: NJoshua Peek <josh@joshpeek.com>

Signed-off-by: NPratik Naik <pratiknaik@gmail.com>

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9128 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9126 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8968 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used (closes #10739) [jeremyevans]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8626 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8466 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8029 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and "<count> errors prohibited this <object_name> from being saved". Closes #8270.


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7870 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7779 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7220 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6470 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5870 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5799 5ecf4fe2-1ee6-0310-87b1-e25e094e27de