1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Commit graph

7 commits

Author SHA1 Message Date
Kir Shatrov
424117281e Use frozen string literal in actionview/ 2017-07-24 11:53:43 +03:00
Matthew Draper
87b3e226d6 Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"
This reverts commit 3420a14590, reversing
changes made to afb66a5a59.
2017-07-02 02:15:17 +09:30
Kir Shatrov
cfade1ec7e Enforce frozen string in Rubocop 2017-07-01 02:11:03 +03:00
Andrey Molchanov
525736a407 DRYing duplicate methods 2016-09-16 17:28:58 +03:00
Xavier Noria
66a7cfa910 applies new string literal convention in actionview/lib
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
2016-08-06 18:48:35 +02:00
Rafael Mendonça França
33cb47ee48 Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
2014-02-18 16:12:51 -03:00
Prem Sichanugrist
920f3ba266 Introduce render :html for render HTML string
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.

Please see #12374 for more detail.
2014-02-18 12:08:36 -05:00