- 16 3月, 2010 1 次提交
-
-
由 Jeremy Kemper 提交于
-
- 12 3月, 2010 3 次提交
-
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
由 Jeremy Kemper 提交于
-
- 06 2月, 2010 1 次提交
-
-
由 Santiago Pastorino 提交于
[#3848 state:committed] Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>
-
- 01 2月, 2010 1 次提交
-
-
由 Yehuda Katz 提交于
For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self). * Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
-
- 26 12月, 2009 1 次提交
-
-
由 José Valim 提交于
String#<< should work for any object which responds to :to_str, so enable this without the performance hit and make Fixnum safe by default.
-
- 25 12月, 2009 2 次提交
-
-
由 Yehuda Katz 提交于
-
由 Yehuda Katz 提交于
Instead of marking raw text in templates as safe, and then putting them through String#<< which checks if the String is safe, use safe_concat, which uses the original (internal) String#<< and leaves the safe flag as is. Results in a significant performance improvement.
-
- 02 12月, 2009 1 次提交
-
-
由 Joshua Peek 提交于
-
- 08 10月, 2009 1 次提交
-
-
由 Michael Koziarski 提交于
This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
-