github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
24,493 Commits 34 Branches 105 Tags
3-1-github
Commit Graph

1294 Commits

Author SHA1 Message Date
Santiago Pastorino
63e67ea1a6 Do not mark strip_tags result as html_safe 
Thanks to Marek Labos & Nethemba

CVE-2012-3465
 2012-08-09 15:58:33 -03:00
Santiago Pastorino
b6a0a1166f escape select_tag :prompt values 
CVE-2012-3463
 2012-08-09 15:49:08 -03:00
Santiago Pastorino
d0c9759d3a html_escape should escape single quotes 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
 2012-08-06 21:39:35 -03:00
Rafael Mendonça França
a74b6a023b Merge pull request #3237 from sakuro/data-url-scheme 
Support data: url scheme
 2012-05-13 19:15:00 -03:00
Arun Agrawal
c1c62e8b1a Build fix for form_options_helper_test.rb ruby-1.8.7 2012-03-19 12:30:39 +05:30
Aaron Patterson
11881ad478 Merge branch '3-1-4' into 3-1-stable 
* 3-1-4:
  bumping to 3.1.4
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
 2012-03-01 09:51:21 -08:00
Arun Agrawal
406ece4729 fixed build for ruby187-p358 2012-02-25 17:50:47 +05:30
Sergey Nartimov
1be2bbec31 fix output safety issue with select options 2012-02-20 15:42:19 -08:00
Santiago Pastorino
b7c7f08c87 Pass extensions to javascript_path and stylesheet_path helpers. Closes #3417 2012-01-03 17:52:00 -02:00
Arun Agrawal
49bbdf29c2 Fix broken encoding test 2011-12-10 19:42:09 +05:30
Aaron Patterson
e568c67b67 load the encoding converter to work around [ruby-core:41556] when switching encodings 2011-12-08 15:12:07 -08:00
Santiago Pastorino
a2f4ef1d80 Merge pull request #3428 from adrianpike/asset_path_conflicts 
Issue #3427 - asset_path_conflicts
 2011-12-06 11:19:06 -02:00
Jon Leighton
1edef70e49 Don't html-escape the :count option to translate if it's a Numeric. Fixes #3685. 
Conflicts:

	actionpack/CHANGELOG.md
 2011-11-19 13:29:12 +00:00
lest
1b527d7985 _html translation should escape interpolated arguments 2011-11-17 23:08:10 +00:00
Alexander Uvarov
1d8c5769e3 Fix impractical I18n lookup in nested fields_for 2011-11-17 21:55:04 +06:00
Jon Leighton
75ae4b3492 Stub find_template so that when handle_render_error is called in ActionView::Template, we get to see the actual underlying error rather than a NoMethodError. 
This shows an encoding bug on Ruby 1.9.3.
 2011-11-03 19:08:52 +00:00
Santiago Pastorino
816f0b691d Merge pull request #1796 from jdeseno/master 
link_to doesn't allow rel attribute when also specifying method
 2011-11-01 01:09:55 -02:00
OZAWA Sakuro
c57aec50ef Support data: url scheme in asset paths. 2011-10-06 23:35:04 +09:00
Santiago Pastorino
4f2c238f3a stylesheet_link_tag('/stylesheets/application') and similar helpers doesn't throw Sprockets::FileOutsidePaths exception anymore 2011-10-05 15:42:25 -02:00
José Valim
d9d1bb2fb9 Fix the lame config.action_controller.present? check scattered throughout assets_path. 2011-10-05 02:28:40 +02:00
José Valim
db8db4a466 Ensure default_asset_host_protocol is respected, closes #2980. 2011-10-05 02:07:25 +02:00
Santiago Pastorino
7e2de385fe javascript_path and stylesheet_path should honor the asset pipelining 2011-09-28 20:13:56 -03:00
Santiago Pastorino
00f0fb84aa Merge pull request #3156 from ihower/enhance_button_to_helper_v2 
Make button_to helper support "form" option
 2011-09-28 19:39:33 -03:00
Santiago Pastorino
493077cdc0 Merge pull request #3138 from christos/correct_image_path_with_pipeline 
Correctly override image_path in sprockets rails_helper
 2011-09-26 14:02:34 -03:00
Santiago Pastorino
ceb56f3e5a Just assert_equal here 2011-09-26 12:21:24 -03:00
Santiago Pastorino
7e43dee857 Merge pull request #3135 from christos/respect_assets_digest_value 
Give precedence to `config.digest = false` over the existence of manifest.yml asset digests
 2011-09-26 12:17:02 -03:00
Santiago Pastorino
0cb84f18d6 image_tag should use /assets if asset pipelining is turned on. Closes #3126 2011-09-26 11:21:30 -03:00
Alexey Vakhov
a61d85c49e escape options for the stylesheet_link_tag method 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-09-25 13:05:11 +02:00
Santiago Pastorino
d4f999fba7 Merge pull request #3092 from asee/master 
Sprockets to use config.assets.prefix, with tests
 2011-09-23 14:16:01 -03:00
Santiago Pastorino
64de4dd84a Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. 2011-09-14 15:02:41 -07:00
Santiago Pastorino
c289dea8a2 Merge pull request #2977 from guilleiguaran/fix-relative-root-in-assets 2011-09-13 00:14:21 -07:00
Santiago Pastorino
96d63e1ad7 Merge pull request #2969 from arunagw/warnings_removed_3_1_stable 
Warnings removed 3 1 stable
 2011-09-11 11:35:17 -07:00
Arun Agrawal
1ca38c6681 Warnings removed unused variables. Please don't add them 2011-09-10 13:03:46 +05:30
Arun Agrawal
38c7a670d2 Adding assert for "test_form_for_with_isolated_namespaced_model" 2011-09-10 12:25:13 +05:30
Tom Stuart
f49faeb705 Never return stored content from content_for when a block is given 
The capture helper may return nil when evaluation of the block has
produced a buffer which contains only whitespace, but that doesn't
mean content_for should return stored content.
 2011-09-01 15:06:15 +01:00
Tom Stuart
b14902150b Improve content_for test coverage 2011-09-01 15:05:20 +01:00
Guillermo Iguaran
f443f9cb0c Configuration changes for asset pipeline: remove config.assets.allow_debugging, add config.assets.compile and config.assets.digest 2011-08-30 13:13:39 -05:00
Santiago Pastorino
19c14035a0 Merge pull request #2644 from guilleiguaran/allow-assets-debugging 
Add config.allow_debugging option
 2011-08-24 12:03:51 -03:00
Santiago Pastorino
8ac61f5b16 Merge pull request #2668 from guilleiguaran/debug-assets-media-type 
Debug assets shouldn't ignore media type for stylesheets. Closes #2625
 2011-08-24 11:47:01 -03:00
Santiago Pastorino
b11308928b Merge pull request #2411 from ai/debug_assets_by_config 
Debug assets by config
 2011-08-22 15:53:00 -03:00
Santiago Pastorino
a7afb84982 Merge pull request #2581 from guilleiguaran/debug-assets-in-dev 
Debug assets by default in development and test environments
 2011-08-19 19:31:17 -03:00
Aaron Patterson
66c3e31dcf Tags with invalid names should also be stripped in order to prevent 
XSS attacks.  Thanks Sascha Depold for the report.
 2011-08-16 15:17:49 -07:00
Aaron Patterson
cdf6251c0b Revert "Ensure original exception message is present in both Template::Error#message and Template::Error#inspect." 
This reverts commit 403b06e98e.

The call to `message` calls `inspect` on our exception.  The exception
holds a reference to the environment, and the controller.  This string
becomes very large, and the call to `super` dups the string (in tern
doubling the memory used).  I'm reverting this for 3.1 but leaving the
commit on master.  We should stop holding references to so many objects
and reduce the size of our inspect.
 2011-08-10 14:37:56 -07:00
Joshua Peek
509a98a651 Merge pull request #2448 from igrigorik/master 
Asset pipeline fixes: clear out tmp cache and use environment in digest generation
Conflicts:

	railties/test/application/assets_test.rb
 2011-08-08 09:45:10 -05:00
Dan Gebhardt
b589f0c375 added test case for fix to issue #2094 2011-07-26 14:24:46 -07:00
Damien Mathieu
f44f412902 use sprocket's append_path and assert_match 2011-07-26 17:04:45 +02:00
thedarkone
9395e89b72 Make polymorphic_url calls go through application helpers again. 
This brings back the ability to overwrite/extend url generating methods in application heleprs.
 2011-07-25 15:43:36 +02:00
Oemuer Oezkir
8b30f1d7ea Changed a few instances of of words in the API docs written in British English to 
American English(according to Weber)

Conflicts:

	actionpack/lib/action_controller/metal/request_forgery_protection.rb
	railties/lib/rails/engine.rb
 2011-07-24 21:10:51 +02:00
Aaron Patterson
5b88219acb just use normal ruby for stubbing 2011-07-23 20:55:38 -07:00
Ben Woosley
dbca49bb32 Simple fix to the NoMethodError noted in #2177. 
Unfortunately #respond_to?(:controller) won't work as suggested, nor will respond_to?(:params), as #controller is present and #params is delegated to #controller. #delegate makes respond_to? return true regardless whether the target responds to it.
 2011-07-23 20:40:43 -07:00