- 04 11月, 2015 1 次提交
-
-
由 Damien Burke 提交于
`link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
-
- 06 9月, 2015 1 次提交
-
-
由 Aaron Patterson 提交于
`hfvalue` parts should always be percent encoded, so lets do that! Revert "use path escaping for email addresses" This reverts commit 21ffef38.
-
- 05 9月, 2015 1 次提交
-
-
由 Aaron Patterson 提交于
Due to e25fdad2, we are correctly using path escaping for email addresses. This commit fixes the tests to expect path escaping.
-
- 30 7月, 2015 2 次提交
-
-
由 schneems 提交于
content_tag's first argument is will generate a string with an html tag so `:a` will generate: `<a></a>`. When this happens, the symbol is implicitly `to_s`-d so a new string is allocated. We can get around that by using a frozen string instead which This change buys us 74,236 bytes of memory and 1,855 fewer objects per request.
-
由 schneems 提交于
No idea why on earth this hash key isn't already optimized by MRI, but it isn't.
💩 This change buys us 74,077 bytes of memory and 1,852 fewer objects per request.
-
- 24 7月, 2015 1 次提交
-
-
由 Clayton Smith 提交于
-
- 01 5月, 2015 1 次提交
-
-
由 Yves Senn 提交于
This reverts commit d459b001, reversing changes made to 4d4950fa.
😓 The block is not supposed to be passed to `link_to`. It's used for a customized behavior of the `condtion = false` case. The docs illustrate that like so: ``` <%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user }) end %> ```
-
- 21 4月, 2015 1 次提交
-
-
由 Steven Spiel 提交于
add block to link_to_if when condition is true
-
- 10 4月, 2015 1 次提交
-
-
由 Aditya Kapoor 提交于
-
- 04 4月, 2015 1 次提交
-
-
由 Anton Davydov 提交于
-
- 01 4月, 2015 1 次提交
-
-
由 Anton Davydov 提交于
-
- 23 3月, 2015 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
No need to merge hashes when simply setting options does the job.
-
- 18 3月, 2015 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
This logic was just doing duplicated work, since the button_to helper relies on tag/content_tag to generate the button html, which already handles all boolean attributes it knows about. The code dates back to 2005: 43c470fa.
-
- 07 2月, 2015 1 次提交
-
-
由 Colin Rymer 提交于
The `link_to` helper generates an HTML anchor element (consisting of opening and closing anchor tags and an element body). The docs currently state the a link tag is generated (which would indicate a tag like `<link>`, which is another valid HTML tag), so this change clarifies that an anchor element is actually generated. [ci skip]
-
- 21 12月, 2014 1 次提交
-
-
由 Mark Dodwell 提交于
-
- 02 10月, 2014 1 次提交
-
-
由 Kuldeep Aggarwal 提交于
when mail_to generate blank options for any passed options(cc, bcc, body, subject) then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
-
- 22 9月, 2014 1 次提交
-
- 14 6月, 2014 1 次提交
-
-
由 Paul Grayson 提交于
In actionview, eliminate calls to tag that use html_safe parameter values. This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.
-
- 07 6月, 2014 1 次提交
-
-
由 Aaron Patterson 提交于
-
- 18 4月, 2014 1 次提交
-
-
由 Rafael Mendonça França 提交于
Related with cbb91745
-
- 19 3月, 2014 1 次提交
-
-
由 David Pedersen 提交于
According to the best practice that "unless not" and "unless else" is hard to follow logically the link_to_unless and link_to_if were reversed.
-
- 25 2月, 2014 1 次提交
-
-
由 Matt Campbell 提交于
-
- 03 2月, 2014 1 次提交
-
-
由 Attila Domokos 提交于
I did not see in the docs that `button_to` supports not only URLs but paths as well. I documented this functionality with a unit tests and added an example to the docs as well.
-
- 28 10月, 2013 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 13 10月, 2013 1 次提交
-
-
由 Vipul A M 提交于
-
- 19 9月, 2013 1 次提交
-
-
由 Andy Waite 提交于
The parameters are rendered as hidden form fields within the generated form. This is useful for when a record has multiple buttons associated with it, each of which target the same controller method, but which need to submit different attributes.
-
- 03 8月, 2013 1 次提交
-
-
由 Arun Agrawal 提交于
Fixes warning warning: URI.unescape is obsolete
-
- 02 8月, 2013 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 01 8月, 2013 1 次提交
-
-
由 Rafael Mendonça França 提交于
In some cases webservers like nginx send the escaped characters lowercased to the Rails application. The current_page? helper was comparing the escaped strings that are different since Ruby escapes the URL using uppercased characters.
-
- 20 7月, 2013 1 次提交
-
-
由 Vipul A M 提交于
-
- 07 7月, 2013 2 次提交
- 20 6月, 2013 1 次提交
-
-
由 Piotr Sarnacki 提交于
-
- 17 6月, 2013 1 次提交
-
-
由 dtaniwaki 提交于
-
- 13 6月, 2013 1 次提交
-
-
由 wangjohn 提交于
concerning the options that it inherits from +url_for+. The way that +polymorhpic_url+ is built allows it to have options like +:anchor+, +:script_name+, etc. but this is currently not documented.
-
- 01 6月, 2013 1 次提交
-
-
由 kennyj 提交于
Remove :confirm and :disable_with options for ActionView::Helpers::UrlHelper#link_to and #button_to were deprecated.
-
- 05 4月, 2013 2 次提交
-
-
由 Carlos Antonio da Silva 提交于
There's no need to use Hash#merge with a new hash just for setting the href option to pass it through. Since we're always dealing with a new html_options hash, we're free to just set the value instead.
-
由 Carlos Antonio da Silva 提交于
-
- 03 4月, 2013 1 次提交
-
-
由 Sam Pohlenz 提交于
-
- 07 2月, 2013 1 次提交
-
-
由 Marc Baumbach 提交于
The examples do not generate the output they intend to due to not explicitly declaring the hash separations. This causes it to be treated as one parameter instead of the intended two parameters.
-