提交 · 5861fde01fbe9446666b319dfc8d24514aafda21 · 张重言 / rails

17 6月, 2010 1 次提交
- R
  
  Added titles and description. · 324de199
  由 Rizwan Reza 提交于 6月 16, 2010
  
  324de199
08 6月, 2010 1 次提交
- S
  
  content_tag_string shouldn't escape_html if escape param is false · 399b493c
  由 Santiago Pastorino 提交于 6月 06, 2010
  
  399b493c
28 3月, 2010 1 次提交
- X
  
  adds missing requires for Object#blank? and Object#present? · 76f024ac
  由 Xavier Noria 提交于 3月 28, 2010
  
  76f024ac
15 3月, 2010 1 次提交
- S
  
  Making escaped things more readable · beeb0207
  由 Santiago Pastorino 提交于 3月 14, 2010
  
  beeb0207
12 3月, 2010 1 次提交
- J
  
  Updated documentation for block helpers in tag_helper.rb · 04963f16
  由 Jeroen van Dijk 提交于 3月 12, 2010
  
  04963f16
10 3月, 2010 1 次提交
- C
  
  Deprecate block_called_from_erb? pending a solution for getting it into apps · 4464b8e8
  由 Carlhuda 提交于 3月 09, 2010
  
  4464b8e8
15 2月, 2010 2 次提交
- S
  Explicit html_escape removed when not needed · 98a5bf8f
  由 Santiago Pastorino and José Ignacio Costa 提交于 2月 14, 2010
```
Signed-off-by: NYehuda Katz <yehudakatz@YK.local>
```
  98a5bf8f
- B
  content_tag should escape its input · f86421fb
  由 Bruno Michel 提交于 2月 13, 2010
```
Signed-off-by: NYehuda Katz <yehudakatz@YK.local>
```
  f86421fb
06 2月, 2010 1 次提交
- S
  More html_safe strings now use the safe_concat method · e115eb09
  由 Santiago Pastorino and José Ignacio Costa 提交于 2月 04, 2010
```
[#3856 state:committed]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
```
  e115eb09
01 2月, 2010 2 次提交

S
action_view is requiring the deleted action_view/erb/util.rb file · f439f1d8
由 Santiago Pastorino 提交于 2月 01, 2010
```
Signed-off-by: NYehuda Katz <wycats@Yehuda-Katz.local>
```
f439f1d8

For performance reasons, you can no longer call html_safe! on Strings.... · 4cbb9db0

由 Yehuda Katz 提交于 1月 31, 2010

For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).

  * Additionally, instead of doing concat("</form>".html_safe), you can do
    safe_concat("</form>"), which will skip both the flag set, and the flag
    check.
  * For the first pass, I converted virtually all #html_safe!s to #html_safe,
    and the tests pass. A further optimization would be to try to use
    #safe_concat as much as possible, reducing the performance impact if
    we know up front that a String is safe.

4cbb9db0

08 10月, 2009 1 次提交

Switch to on-by-default XSS escaping for rails. · 94159359

由 Michael Koziarski 提交于 10月 08, 2009

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

94159359

04 9月, 2009 1 次提交
- M
  Clean tag attributes before passing through the escape_once logic. · b16e0c92
  由 Michael Koziarski 提交于 8月 31, 2009
```
Addresses CVE-2009-3009
```
  b16e0c92
09 8月, 2009 1 次提交

Allow content_tag options to take an array [#1741 state:resolved] [rizwanreza, Nick Quaranto] · 57863957

由 rizwanreza 提交于 8月 08, 2009

Example:
  content_tag('p', "limelight", :class => ["song", "play"])
  # => <p class="song play">limelight</p>
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>

57863957

31 7月, 2009 1 次提交

Fix tag helpers so that all HTML element boolean attributes render according... · d860c891

由 Marc Love 提交于 7月 30, 2009

Fix tag helpers so that all HTML element boolean attributes render according to the specs. Added all boolean attributes listed in the XHTML 1.0 specs (http://www.w3.org/TR/xhtml1/guidelines.html) and HTML 5 specs (http://www.whatwg.org/specs/web-apps/current-work). HTML 5 boolean attribute rendering was broken in commit 1e2d7229 / [#2864 state:resolved].
Signed-off-by: NYehuda Katz <wycats@gmail.com>

d860c891

08 7月, 2009 1 次提交

Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML... · 1e2d7229

由 Emilio Tagua 提交于 7月 03, 2009

Adds a audio_tag helper for the HTML5 audio tag. Fixed video_path docs. HTML attributes values should be true or false not attribute's name. [#2864 state:resolved]
Signed-off-by: NYehuda Katz <wycats@yehuda-katzs-macbookpro41.local>

1e2d7229

03 7月, 2009 1 次提交

Adds a video_tag helper for the HTML5 video tag (similar to how the image_tag... · 51d7b307

由 Tieg Zaharia 提交于 6月 26, 2009

Adds a video_tag helper for the HTML5 video tag (similar to how the image_tag works) (tests included); removes a duplicate test line for image_tag; adds boolean attributes for video tag to tag()'s boolean attributes
Signed-off-by: NYehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>

51d7b307

15 5月, 2009 1 次提交
- Y
  
  Cleaning up more render tests · 8fac2c88
  由 Yehuda Katz + Carl Lerche 提交于 5月 14, 2009
  
  8fac2c88
10 12月, 2008 1 次提交
- J
  
  Explicitly require ERB Utils extensions from TagHelper · 014b7994
  由 Joshua Peek 提交于 12月 09, 2008
  
  014b7994
07 12月, 2008 1 次提交
- P
  
  Merge with docrails · dbbae5e0
  由 Pratik Naik 提交于 12月 07, 2008
  
  dbbae5e0
04 12月, 2008 1 次提交
- J
  
  Unnecessary CGI require · 3db59ce0
  由 Jeremy Kemper 提交于 12月 03, 2008
  
  3db59ce0
26 11月, 2008 1 次提交
- V
  Tiny doc example change for escape_once() · d18bfa2a
  由 Vincent Woo 提交于 11月 18, 2008
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  d18bfa2a
19 11月, 2008 1 次提交

由 Hongli Lai (Phusion) 提交于 11月 18, 2008

This way, 'tag :foo, :type => "checkbox", :checked => false' would output
the expected

  <input type="checkbox" />

instead of the old

  <input type="checkbox" checked="false" />

The latter would result in a checkbox that's initially checked.
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

337c361e

14 11月, 2008 1 次提交

Tag helper should output an attribute with the value 'false' instead of... · 4e9abdd7

由 Hongli Lai (Phusion) 提交于 11月 13, 2008

Tag helper should output an attribute with the value 'false' instead of omitting the attribute, if the associated option is false but not nil.

4e9abdd7

16 7月, 2008 3 次提交
- P
  
  Merge with docrails. · 0432d151
  由 Pratik Naik 提交于 7月 16, 2008
  
  0432d151
- J
  
  Ruby 1.9 compat: only eval with block.binding in 1.9, uses more memory than eval with block · 3c282f3a
  由 Jeremy Kemper 提交于 7月 15, 2008
  
  3c282f3a
- 松
  
  Ruby 1.9 compat: call Proc#binding explicitly. [#623 state:resolved] · bb33432b
  由松田明提交于 7月 15, 2008
  
  bb33432b
26 6月, 2008 1 次提交
- A
  
  example output of content_tag block form was incorrectly wrapped in <p></p> tags · 9f25ffdb
  由 Adam Meehan 提交于 6月 26, 2008
  
  9f25ffdb
22 6月, 2008 1 次提交
- J
  Performance: javascript helper tweaks to speed up escaping and reduce object... · f4ccc179
  由 Jeremy Kemper 提交于 6月 21, 2008
```
Performance: javascript helper tweaks to speed up escaping and reduce object allocations when building options strings
```
  f4ccc179
20 6月, 2008 1 次提交
- J
  Check whether blocks are called from erb using a special __in_erb_template... · 72f93b58
  由 Jeremy Kemper 提交于 6月 19, 2008
```
Check whether blocks are called from erb using a special __in_erb_template variable visible in block binding.
```
  72f93b58
09 6月, 2008 1 次提交
- J
  Use output_buffer reader and writer methods exclusively instead of hitting the... · ff5f155f
  由 Jeremy Kemper 提交于 6月 08, 2008
```
Use output_buffer reader and writer methods exclusively instead of hitting the instance variable so others can override the methods.
```
  ff5f155f
06 6月, 2008 1 次提交
- J
  
  Drop a string conversion from the often-called tag_options helper · e2c49e6a
  由 Jeremy Kemper 提交于 6月 06, 2008
  
  e2c49e6a
03 6月, 2008 2 次提交
- J
  
  Don't pass block binding to concat · 4d4c8e29
  由 Jeremy Kemper 提交于 6月 02, 2008
  
  4d4c8e29
- J
  
  Try replacing _erbout with @output_buffer · 933697a5
  由 Jeremy Kemper 提交于 6月 02, 2008
  
  933697a5
24 9月, 2007 2 次提交
- J
  The tag helper may bypass escaping. · 4b33306c
  由 Jeremy Kemper 提交于 9月 24, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  4b33306c
- J
  escape_once uses negative lookahead to avoid double-escaping instead of a second gsub · e711d8fa
  由 Jeremy Kemper 提交于 9月 24, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  e711d8fa
18 9月, 2007 1 次提交

tag_options creates fewer objects · 8fd263cd

由 Jeremy Kemper 提交于 9月 18, 2007

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

8fd263cd

24 6月, 2007 1 次提交

Massive documentation update for all helpers (closes #8223, #8177, #8175,... · b00e6a98

由 David Heinemeier Hansson 提交于 6月 23, 2007

Massive documentation update for all helpers (closes #8223, #8177, #8175, #8108, #7977, #7972, #7971, #7969) [jeremymcanally]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

b00e6a98

03 5月, 2007 1 次提交

Fixed that content_tag with a block will just return the result instead of... · edaf6bae

由 David Heinemeier Hansson 提交于 5月 02, 2007

Fixed that content_tag with a block will just return the result instead of concate it if not used in a ERb view #7857, #7432 [michael.niessner]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6652 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

edaf6bae

06 1月, 2007 1 次提交

Clean up multiple calls to #stringify_keys in TagHelper, add better... · 730c8e83

由 Rick Olson 提交于 1月 05, 2007

Clean up multiple calls to #stringify_keys in TagHelper, add better documentation and testing for TagHelper.  Closes #6394 [Bob Silva]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5857 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

730c8e83