提交 · 7601d482bd187bdd06d3aa7ac1e8c7bb805f40a3 · 张重言 / rails

08 10月, 2009 1 次提交

Switch to on-by-default XSS escaping for rails. · 94159359

由 Michael Koziarski 提交于 10月 08, 2009

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

94159359

04 10月, 2009 1 次提交
- J
  
  Moved shared form helper models into fake_models · f5cba5e6
  由 Joshua Peek 提交于 10月 03, 2009
  
  f5cba5e6
12 9月, 2009 1 次提交

Allow fields_for on a nested_attributes association to accept an explicit... · 1b78e9bb

由 Andrew France 提交于 7月 11, 2009

Allow fields_for on a nested_attributes association to accept an explicit collection to be used. [#2648 state:resolved]
Signed-off-by: NEloy Duran <eloy.de.enige@gmail.com>

1b78e9bb

10 8月, 2009 1 次提交
- M
  Fixed to_label_tag to accept id attribute without changing for attribute [#2660 status:resolved] · 920ef4e6
  由 Matt Duncan 提交于 8月 08, 2009
```
Signed-off-by: NJosé Valim <jose.valim@gmail.com>
```
  920ef4e6
09 8月, 2009 1 次提交
- J
  Allow radio buttons to work with booleans. · c34d6279
  由 José Valim 提交于 7月 24, 2009
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  c34d6279
21 7月, 2009 1 次提交
- J
  
  AMo conversion helper · 92c00d75
  由 Joshua Peek 提交于 7月 21, 2009
  
  92c00d75
20 7月, 2009 1 次提交
- Y
  
  Finish convert_to_object updates · b00cac4a
  由 Yehuda Katz 提交于 7月 20, 2009
  
  b00cac4a
19 7月, 2009 2 次提交
- Y
  
  Update some tests and add a to_model to form helpers · 13e18dd9
  由 Yehuda Katz 提交于 7月 20, 2009
  
  13e18dd9
- Y
  
  Move default_form_builder to ActionView so it'll work in environments not using ActionView::Base · b20d6844
  由 Yehuda Katz 提交于 7月 19, 2009
  
  b20d6844
03 7月, 2009 2 次提交
- J
  My suggestion to fix ticket 2401 [#2401 state:resolved] · e61afed6
  由 Jarl Friis 提交于 5月 11, 2009
```
Signed-off-by: NYehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
```
  e61afed6
- Y
  
  Fixes a number of tests that inexplicably didn't fail when we committed the original patch · cf5b2b25
  由 Yehuda Katz + Carl Lerche 提交于 7月 02, 2009
  
  cf5b2b25
18 6月, 2009 1 次提交
- J
  
  Use errors[field] instead of errors.on(field) · 5267addd
  由 Jeremy Kemper 提交于 6月 17, 2009
  
  5267addd
09 6月, 2009 1 次提交

Made label target radio button tags with values. Radio button now respects... · a14df8c9

由 David Stevenson 提交于 3月 11, 2009

Made label target radio button tags with values. Radio button now respects inherited :index options when generating id.
Signed-off-by: NMichael Koziarski <michael@koziarski.com>

a14df8c9

09 4月, 2009 1 次提交
- Y
  
  Temporarily modifies setup to call super directly. This can support more T::U runners. · 6c05b5e9
  由 Yehuda Katz and Carl Lerche 提交于 4月 08, 2009
  
  6c05b5e9
27 2月, 2009 1 次提交
- E
  Pass a custom form builder on to nested fields_for calls. [#2023 status:committed] · 3d1d422b
  由 Eloy Duran 提交于 2月 26, 2009
```
Signed-off-by: NDavid Heinemeier Hansson <david@loudthinking.com>
```
  3d1d422b
13 2月, 2009 1 次提交

Changed API of NestedAttributes to take an array, or hash with index keys, of... · 5dbc9d40

由 Lance Ivy 提交于 2月 08, 2009

Changed API of NestedAttributes to take an array, or hash with index keys, of hashes that have the id on the inside of the attributes hash and updated the FormBuilder to produce such hashes. Also fixed NestedAttributes with composite ids.
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
Signed-off-by: NEloy Duran <eloy.de.enige@gmail.com>
[#1892 state:committed]

5dbc9d40

11 2月, 2009 1 次提交
- J
  Move checkbox hidden field before the actual checkbox so the actual value... · f4002090
  由 Joshua Peek 提交于 2月 10, 2009
```
Move checkbox hidden field before the actual checkbox so the actual value doesn't get clobbered [#1863 state:resolved]
```
  f4002090
06 2月, 2009 1 次提交

Allowing an object to be passed explicitly to a fields_for with... · d15d53cf

由 Pascal Ehlert 提交于 2月 02, 2009

Allowing an object to be passed explicitly to a fields_for with nested_attributes on one-to-one associations
Signed-off-by: NMichael Koziarski <michael@koziarski.com>
[#1849 state:committed]

d15d53cf

01 2月, 2009 1 次提交
- E
  Add support for nested object forms to ActiveRecord and the helpers in ActionPack · ec8f0458
  由 Eloy Duran 提交于 2月 01, 2009
```
Signed-Off-By: NMichael Koziarski <michael@koziarski.com>

[#1202 state:committed]
```
  ec8f0458
21 12月, 2008 1 次提交
- P
  
  Fix duplicate test name [#1058 state:resolved] [Dave Rothlisberger, Pratik Naik] · 462c75b6
  由 Pratik Naik 提交于 12月 20, 2008
  
  462c75b6
20 7月, 2008 1 次提交
- K
  Fixed index and auto index for nested fields_for [#327 state:resolved] · 1b4b1aa7
  由 Kevin Glowacz 提交于 7月 19, 2008
```
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  1b4b1aa7
09 6月, 2008 1 次提交
- J
  Use output_buffer reader and writer methods exclusively instead of hitting the... · ff5f155f
  由 Jeremy Kemper 提交于 6月 08, 2008
```
Use output_buffer reader and writer methods exclusively instead of hitting the instance variable so others can override the methods.
```
  ff5f155f
03 6月, 2008 1 次提交
- J
  
  Work with @output_buffer instead of _erbout · 0bdb7d35
  由 Jeremy Kemper 提交于 6月 02, 2008
  
  0bdb7d35
22 5月, 2008 1 次提交
- E
  Improve check_box_checked? to use include? for Array values. [#193 state:resolved] · 6e3521e6
  由 Erkki Eilonen 提交于 5月 14, 2008
```
Signed-off-by: NPratik Naik <pratiknaik@gmail.com>
```
  6e3521e6
06 5月, 2008 1 次提交
- A
  
  Fixed form helper's name attribute for question methods · 04f52219
  由 Andrew Vit 提交于 5月 05, 2008
  
  04f52219
02 5月, 2008 1 次提交
- D
  Fixed that TextHelper#text_field would corrypt when raw HTML was used as the... · f6ec296a
  由 David Heinemeier Hansson 提交于 5月 01, 2008
```
Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80 state:resolved]
```
  f6ec296a
01 5月, 2008 2 次提交
- K
  Fixed labels that have a bracketed name and an index [#68 state:resolved] · c83f7581
  由 Kevin Glowacz 提交于 4月 30, 2008
```
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  c83f7581
- J
  
  FormHelper#label_tag accepts :for option [encoded] [#38 state:resolved] · 96d9691e
  由 Joshua Peek 提交于 4月 30, 2008
  
  96d9691e
20 4月, 2008 1 次提交
- J
  
  Introduce ActionView::TestCase for testing view helpers. · 17d4164a
  由 Joshua Peek 提交于 4月 19, 2008
  
  17d4164a
25 3月, 2008 1 次提交
- D
  Fixed that FormHelper#radio_button would produce invalid ids (closes #11298) [harlancrystal] · b0bfcca1
  由 David Heinemeier Hansson 提交于 3月 24, 2008
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9088 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  b0bfcca1
02 2月, 2008 1 次提交

Introduce the :index option for form_for and fields_for to simplify... · 0da2aa6d

由 Jeremy Kemper 提交于 2月 02, 2008

Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). Closes #9883.


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8786 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

0da2aa6d

05 1月, 2008 1 次提交
- J
  require abstract_unit directly since test is in load path · 9d755f19
  由 Jeremy Kemper 提交于 1月 05, 2008
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  9d755f19
02 12月, 2007 2 次提交
- D
  Deal with nested fields_for too [DHH] · 84ca7e6e
  由 David Heinemeier Hansson 提交于 12月 02, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8253 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  84ca7e6e
- D
  Added the same record identification guessing rules to fields_for as form_for has [DHH] · d0ce7cd4
  由 David Heinemeier Hansson 提交于 12月 02, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8252 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  d0ce7cd4
28 10月, 2007 1 次提交
- J
  Tested FormHelper#label. Closes #9850 [jarkko] · a55caf66
  由 Jeremy Kemper 提交于 10月 27, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8045 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  a55caf66
26 10月, 2007 1 次提交

FormHelper's auto_index should use #to_param instead of #id_before_type_cast. ... · d5a93b62

由 Rick Olson 提交于 10月 26, 2007

FormHelper's auto_index should use #to_param instead of #id_before_type_cast.  Closes #9994 [mattly]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8033 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

d5a93b62

24 10月, 2007 1 次提交
- J
  Disabled checkboxes don't submit a form value. Closes #9301. · 8091ed54
  由 Jeremy Kemper 提交于 10月 23, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8007 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  8091ed54
08 10月, 2007 1 次提交
- J
  error_messages_for and friends also work with local variables. Closes #9699. · 459cc1ec
  由 Jeremy Kemper 提交于 10月 07, 2007
```
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7779 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
```
  459cc1ec
28 9月, 2007 1 次提交

Allow ability to disable request forgery protection, disable it in test mode... · 5edc81dc

由 Rick Olson 提交于 9月 28, 2007

Allow ability to disable request forgery protection, disable it in test mode by default.  Closes #9693 [lifofifo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

5edc81dc

23 9月, 2007 1 次提交

Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that... · 4e3ed5bc

由 Rick Olson 提交于 9月 23, 2007

Merge csrf_killer plugin into rails.  Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests.  [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

4e3ed5bc