Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jul 25, 2010
  1. @spastorino @josevalim

    Changes the usage of Object#returning with Object#tap

    spastorino authored josevalim committed
    Signed-off-by: José Valim <jose.valim@gmail.com>
Commits on May 25, 2010
  1. @jeremy
Commits on May 23, 2010
  1. @nex3 @jeremy

    Mark all raw HTML being concatted as HTML-safe.

    nex3 authored jeremy committed
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Apr 1, 2010
  1. @jeremy

    HTML safety: give a deprecation warning if an array of option tags is…

    jeremy authored
    … passed to select tag. Be sure to join the tag yourself and mark them .html_safe
Commits on Feb 19, 2010
  1. @spastorino

    missings html_safe added

    spastorino authored Yehuda Katz committed
Commits on Feb 5, 2010
  1. @jeremy

    Backport html_safe. Use latest rails_xss plugin for forward-compatibi…

    Santiago Pastorino and José Ignacio Costa authored jeremy committed
    …lity with Rails 3.
Commits on Oct 8, 2009
  1. @NZKoz

    Merge the prerequisites for on-by-default XSS escaping into rails.

    NZKoz authored
    This consists of:
    
    * String#html_safe! a method to mark a string as 'safe'
    * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
    * Calls to String#html_safe! throughout the rails helpers
    * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
    
    Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:
    
    http://github.com/nzkoz/rails_xss
Commits on Jul 2, 2009
  1. @mcmire

    Patch FormTagHelper so that when a form tag is created, the div which…

    mcmire authored Yehuda Katz + Carl Lerche committed
    … holds the form authenticity token is set to display:inline [#2846 state:resolved]
    
    Signed-off-by: Yehuda Katz + Carl Lerche <ykatz+clerche@engineyard.com>
Commits on Jun 27, 2009
  1. @chrismear @NZKoz

    Make text_area_tag escape contents by default.

    chrismear authored NZKoz committed
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
Commits on Jun 9, 2009
  1. @NZKoz

    Sanitized the id generated by text_area_tag helper method. text_area_…

    Stephen Anderson authored NZKoz committed
    …tag('item[description]') should return: <textarea id="item_description" name="item[description]"></textarea> instead of: <textarea id="item[description]" name="item[description]"></textarea> The old id was causing HTML validation failures.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
Commits on Jun 1, 2009
  1. @han @NZKoz

    fix for IE incompatibility of :disable_with in submit_tag

    han authored NZKoz committed
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
Commits on Mar 7, 2009
  1. @lawrencepit @josh

    submit_tag with confirmation and disable_with [#660 state:resolved]

    lawrencepit authored josh committed
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
Commits on Nov 4, 2008
  1. @geekq @dhh

    Fixed that FormTagHelper generates illegal html if name contains e.g.…

    geekq authored dhh committed
    … square brackets [#1238 state:committed]
    
    Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
Commits on Oct 7, 2008
  1. @akaspick @lifo

    Ensure select_tag#name attribute uses [] when :multiple is true. [#1146

    akaspick authored lifo committed
    … state:resolved]
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Sep 29, 2008
  1. @akaspick @NZKoz

    Add options to field_set_tag

    akaspick authored NZKoz committed
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    [#1116 state:committed]
Commits on Sep 10, 2008
  1. @pyrat @dhh

    Added image_submit_tag confirm option [status:committed #784]

    pyrat authored dhh committed
    Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
  2. @dhh

    The FormTagHelper#submit_tag helper will now pass along the original …

    Jose Fernandez authored dhh committed
    …value of the submit button to the params if the :disable_with option is used [status:committed #633]
    
    Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
Commits on Sep 3, 2008
  1. @lifo

    Merge docrails

    lifo authored
Commits on Jul 29, 2008
  1. @DefV @lifo

    Fix that label_tag doesn't take a symbol for a name. [#719 state:reso…

    DefV authored lifo committed
    …lved]
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Jul 2, 2008
  1. @lifo

    Ensure proper output when submit_tag is used with :disabled_with. [#388

    Scott Stewart authored lifo committed
    … state:resolved]
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Jun 20, 2008
  1. @jeremy

    Check whether blocks are called from erb using a special __in_erb_tem…

    jeremy authored
    …plate variable visible in block binding.
Commits on Jun 3, 2008
  1. @jeremy
Commits on May 25, 2008
  1. @lifo

    Merge docrails.

    lifo authored
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on May 9, 2008
  1. @lifo

    Merge docrails:

    lifo authored
    commit e6afd8b
    Author: Xavier Noria <fxn@hashref.com>
    Date:   Thu May 8 23:49:36 2008 +0200
    
        Overall documentation improvement and markup corrections. Zillion changes.
    
    commit 2fead68
    Author: Austin Putman <austin@emmanuel.local>
    Date:   Wed May 7 19:35:46 2008 -0700
    
        Documented class methods on ActionController::Routing.  These are dangerous, and mostly used for testing.
    
    commit f5b8418
    Author: Teflon Ted <github@rudiment.net>
    Date:   Wed May 7 16:08:49 2008 -0400
    
        Added explanation about errant inflections not being patched in the future in order to avoid breaking legacy applications.
    
    commit 370f4f5
    Author: Sunny Ripert <negatif@gmail.com>
    Date:   Wed May 7 14:00:59 2008 +0200
    
        Applied list conventions in AR::Base
    
    commit 5bd1842
    Author: Sunny Ripert <negatif@gmail.com>
    Date:   Wed May 7 13:53:35 2008 +0200
    
        Renamed Options list to Attributes list whenever they weren't option hashes in AR::Base
    
    commit d912bd5
    Author: Yaroslav Markin <yaroslav@markin.net>
    Date:   Wed May 7 13:50:28 2008 +0400
    
        Add a filter_parameter_logging usage hint to generated ApplicationController.
        This may help to remind the developer to filter sensitive information from application logs.
        Closes #11578
    
    commit b243de0
    Author: Jack Danger Canty <git@6brand.com>
    Date:   Tue May 6 23:39:47 2008 -0700
    
        doc: disambiguating an example ActiveRecord class
    
    commit f81d771
    Author: Jack Danger Canty <git@6brand.com>
    Date:   Tue May 6 23:35:05 2008 -0700
    
        doc: ActiveRecord::Reflection::AssociationReflection#through_reflection
    
        Added documentation demonstrating the use of #through_reflection for
        finding intervening reflection objects for HasManyThrough
        and HasOneThrough.
    
    commit ae6b46f
    Author: Cheah Chu Yeow <chuyeow@gmail.com>
    Date:   Wed May 7 13:47:41 2008 +0800
    
        Document AttributeAssignmentError and MultiparameterAssignmentErrors.
    
    commit 8f46355
    Author: John Barnette <jbarnette@gmail.com>
    Date:   Tue May 6 22:46:44 2008 -0700
    
        Killing/fixing a bunch of outdated language in the AR README.
    
    commit aca44bc
    Author: Cheah Chu Yeow <chuyeow@gmail.com>
    Date:   Wed May 7 13:34:52 2008 +0800
    
        Make a note about ActiveResource::Timeouterror being raised when ARes calls timeout.
    
    commit 284a930
    Author: Jonathan Dance <jd@wuputah.com>
    Date:   Tue May 6 14:58:26 2008 -0400
    
        improvements to the page caching docs
    
    commit 9482da6
    Author: Sunny Ripert <negatif@gmail.com>
    Date:   Mon May 5 18:13:40 2008 +0200
    
        validates_numericality_of() "integer" option really is "only_integer"
    
    commit e9afd67
    Author: Sunny Ripert <negatif@gmail.com>
    Date:   Mon May 5 12:11:59 2008 +0200
    
        Harmonized hash notation in AR::Base
    
    commit 67ebf14
    Author: Sunny Ripert <negatif@gmail.com>
    Date:   Mon May 5 12:06:19 2008 +0200
    
        Turned options into rdoc-lists in AR::Base
    
    commit 0ec7c0a
    Author: Marshall Huss <mwhuss@Macbook.local>
    Date:   Sun May 4 23:21:33 2008 -0400
    
        Added information of how to set element_name in the case the user has a name confliction with an existing model
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on May 2, 2008
  1. @fxn @lifo

    Improve documentation coverage and markup

    fxn authored lifo committed
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Mar 24, 2008
  1. @dhh
Commits on Mar 2, 2008
  1. @NZKoz
Commits on Jan 21, 2008
  1. @NZKoz
Commits on Nov 25, 2007
  1. @dhh

    Docfix (closes #10256)

    dhh authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8203 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Nov 6, 2007
  1. Disambiguate :size option for text area tag. Closes #8955 [redbeard]

    Marcel Molina authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8099 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Oct 19, 2007
  1. @NZKoz

    Rename image_path path_to_image to avoid conflicting with named route…

    NZKoz authored
    …s. Closes #9924 [gbuesing]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7970 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 28, 2007
  1. @technoweenie

    Allow ability to disable request forgery protection, disable it in te…

    technoweenie authored
    …st mode by default. Closes #9693 [lifofifo]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7668 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 23, 2007
  1. @technoweenie

    Rename some RequestForgeryProtection methods. The class method is now…

    technoweenie authored
    … #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  2. @technoweenie

    Merge csrf_killer plugin into rails. Adds RequestForgeryProtection mo…

    technoweenie authored
    …del that verifies session-specific _tokens for non-GET requests. [Rick]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 9, 2007
  1. @dhh

    Rename fieldset_tag to field_set_tag to follow the conventions from t…

    dhh authored
    …ext_area and text_field [DHH]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7423 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.