kotovalexarian-likes-github
/
heartcombo--simple_form
mirror of https://github.com/heartcombo/simple_form.git
1
0
Fork 0
Code Releases Activity
1,591 Commits 23 Branches 56 Tags 4.1 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
Rafael Mendonça França 7d0ba39309 Always escape error messages 
Before, if your error message contained HTML tags, they were marked as
safe. Some error messages may contain user input so this would
lead a XSS vulnerability.

Error messages are now always escaped. If users need to mark them
as safe they will need to use the explicit `:error` option:

    f.input :name, error: raw('My <b>error</b>')
 2014-11-25 18:02:01 -02:00
Rafael Mendonça França efc1171bc6 Merge branch 'rails-4-2' 
Conflicts:
	.travis.yml
 2014-11-19 13:14:49 -02:00
Rafael Mendonça França 914b58cb9d Assert the absent of tags not the escaped text 
Nokogiri doesn't escape the output
 2014-11-17 17:27:13 -02:00
Michaël Van Damme 879c4d03a6 Added test for full_errors_on_association bugfix 2014-09-29 19:50:01 +02:00
John Voloski 3bff1fa5a1 improve form_builder's tests description and remove 'should' 2014-05-14 14:18:43 -03:00
Rafael Mendonça França 8dba1d9e3a Fix test description 2014-04-03 18:28:28 -03:00
Rafael Mendonça França 4bc71bf55a Remove unneeded variable 2014-04-03 18:24:30 -03:00
Rafael Mendonça França ed7dda96fe Check if error is a string to consider it as custom error 2014-04-03 18:24:17 -03:00
Rafael Mendonça França 7141f1b0ba No need to use interpolation 2014-04-03 18:18:17 -03:00
Rafael Mendonça França 23294b5d67 Show custom error only if we have the error on the attribute 2014-04-03 18:18:00 -03:00
Rafael Mendonça França ea679105dc Merge branch 'master' into rm-custom-error 
Conflicts:
	test/form_builder/error_test.rb
 2014-04-03 18:01:50 -03:00
Rafael Mendonça França 5eb901deec full_error can be disabled with error: false and full_error: false 2014-04-03 18:00:07 -03:00
Rafael Mendonça França 982419b073 No need a custom helper 2014-04-03 17:43:03 -03:00
Rafael Mendonça França 70c334123e Make custom error work with full_error component 2014-04-03 17:38:25 -03:00
Rafael Mendonça França 402623c200 Merge pull request #975 from mantas/master 
Allows custom errors #761

Conflicts:
	lib/simple_form/components/errors.rb
	test/form_builder/error_test.rb
 2014-04-03 17:38:12 -03:00
Lauro Caetano 4e36df53ad Add the `full_error` component. 
With this wrapper, it will call full_messages_for the attribute.
 2014-04-03 16:51:08 -03:00
Mantas 2ca38cd278 Allows custom errors #761 2014-01-26 15:09:19 +02:00
Rafael Mendonça França 77ab6fe0f8 Make sure error_prefix option is escaped if it is not safe 
Signed-off-by: Rafael Mendonça França <rafaelmfranca@gmail.com>
 2013-11-29 13:35:24 -02:00
Renato Mascarenhas 34312c9fbc Use 1.9 hash style on code and docs. 2013-01-28 19:02:59 -02:00
Rafael Mendonça França f4a1ac6f83 FormBuilder methods should not modify the options hash 
Closes #463
 2012-02-21 01:42:06 -02:00
Edison 18b73ddba4 test for errors messages with HTML tags 2012-02-16 15:07:03 -02:00
José Valim bf4d766fcb config.components => config.wrappers 2011-09-08 16:04:37 +02:00
José Valim f93a6be226 Add tests for custom wrappers. 2011-09-08 16:04:36 +02:00
José Valim 3ee59b5d0d Break form builder test into smaller files. 2011-09-08 16:04:36 +02:00