kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
34582 commits 72 branches 493 tags 355 MiB
Commit graph

14 commits

Author SHA1 Message Date
Jeremy Kemper
2797757919 Override <%== to always behave as literal text rather than toggling based on whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. 2012-12-03 10:31:18 -07:00
Santiago Pastorino
b6ab441772 html_escape should escape single quotes 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
 2012-07-31 22:26:52 -03:00
Aaron Patterson
d481170251 deprecate describe without a block. 
minitest/spec provides `describe`, so deprecate the rails version and
have people use the superclass version
 2012-07-09 13:13:59 -07:00
Jose and Yehuda
56cdc81c08 Remove default match without specified method 
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964
 2012-04-24 22:52:26 -05:00
José Valim
654df86b7b Show detailed exceptions no longer returns true if the request is local in production. 2011-12-16 10:45:59 +01:00
José Valim
119e9e2daf Get rid of update_details in favor of passing details to find_template. 2011-09-22 15:03:05 +02:00
Xavier Noria
799a6fa047 realigns a series of hash arrows 2010-11-21 10:25:23 +01:00
Jan Maurits Faber
f04ec6a227 Added support for Erubis <%== tag 
<%== x %> is syntactic sugar for <%= raw(x) %>

Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#5918 status:committed]
 2010-11-08 09:55:55 +13:00
José Valim
c7760809bf Allow cache to be temporarily disabled through lookup_context. 2010-10-07 21:31:31 +02:00
José Valim
c563f10f3e render :template => 'foo/bar.json' now works as it should. 2010-10-07 21:31:31 +02:00
Piotr Sarnacki
c15bb4901b Fixed routes to use new API in a few more actionpack tests 2010-09-05 13:44:37 +02:00
Yehuda Katz
2092351652 Add support for compile-time <%= raw %> 2010-01-31 23:42:35 -08:00
Joshua Peek
61411f2aeb Redraw default routes on all internal integration tests. We don't need SimpleRouteCase anymore 2009-10-03 23:18:32 -05:00
Joshua Peek
018b79dd36 File extra test folders into controller, dispatch, or template 2009-10-03 21:05:51 -05:00
Renamed from actionpack/test/new_base/render_template_test.rb (Browse further)