Skip to content
This repository

Oct 08, 2009

  1. Michael Koziarski

    Merge the prerequisites for on-by-default XSS escaping into rails.

    This consists of:
    
    * String#html_safe! a method to mark a string as 'safe'
    * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
    * Calls to String#html_safe! throughout the rails helpers
    * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
    
    Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:
    
    http://github.com/nzkoz/rails_xss
    authored October 06, 2009

Jul 16, 2008

  1. Jeremy Kemper

    JavaScriptGenerator should only sets output_buffer for the duration o…

    …f the update block
    authored July 15, 2008

Jul 11, 2008

  1. Michael Koziarski

    Whitespace

    authored July 11, 2008

Jun 20, 2008

  1. Jeremy Kemper

    Check whether blocks are called from erb using a special __in_erb_tem…

    …plate variable visible in block binding.
    authored June 19, 2008

Jun 09, 2008

  1. Jeremy Kemper

    with_output_buffer returns the temporary buffer instead of the result…

    … of the block
    authored June 08, 2008
  2. Jeremy Kemper

    Use output_buffer reader and writer methods exclusively instead of hi…

    …tting the instance variable so others can override the methods.
    authored June 08, 2008

Jun 07, 2008

  1. Jeremy Kemper

    Remove some internal dead code that supported content_for

    authored June 06, 2008

Jun 03, 2008

  1. Jeremy Kemper

    Work with @output_buffer instead of _erbout

    authored June 02, 2008
  2. Jeremy Kemper

    Try replacing _erbout with @output_buffer

    authored June 02, 2008

Mar 28, 2008

  1. David Heinemeier Hansson

    Update doc (closes #11402)

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9116 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored March 28, 2008

Sep 28, 2007

  1. David Heinemeier Hansson

    Fixed spelling errors (closes #9706) [tarmo/rmm5t]

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7666 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored September 28, 2007

Sep 24, 2007

  1. David Heinemeier Hansson

    Stop rdoc from whining

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7622 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored September 24, 2007

Sep 21, 2007

  1. David Heinemeier Hansson

    Fixed CaptureHelper#content_for to work with the optional content par…

    …ameter instead of just the block #9434 [sandofsky/wildchild]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7522 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored September 21, 2007

Jul 24, 2007

  1. David Heinemeier Hansson

    Its just ERb now

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7211 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored July 24, 2007

Jun 28, 2007

  1. Jeremy Kemper

    Improve capture helper documentation. Closes #8796.

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7148 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored June 28, 2007

Jun 23, 2007

  1. David Heinemeier Hansson

    Massive documentation update for all helpers (closes #8223, #8177, #8175

    , #8108, #7977, #7972, #7971, #7969) [jeremymcanally]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored June 23, 2007

Feb 20, 2007

  1. David Heinemeier Hansson

    Added .erb and .builder as preferred aliases to the now deprecated .r…

    …html and .rxml extensions [Chad Fowler]. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to Atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though.
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6178 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored February 20, 2007

Nov 17, 2006

  1. Jeremy Kemper

    ActionView::Base.erb_variable accessor names the buffer variable used…

    … to render templates. Defaults to _erbout; use _buf for erubis.
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5544 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored November 17, 2006

Oct 22, 2006

  1. David Heinemeier Hansson

    Fixed that setting RAILS_ASSET_ID to "" should not add a trailing sla…

    …sh after assets (closes #6454) [BobSilva/chrismear]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5335 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored October 22, 2006

Apr 26, 2006

  1. Fix documentation indentation

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4275 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored April 26, 2006

Apr 25, 2006

  1. Update layout and content_for documentation to use yield rather than …

    …magic @content_for instance variables.
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4262 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored April 25, 2006

Feb 26, 2006

  1. David Heinemeier Hansson

    Added .rxml (and any non-rhtml template, really) supportfor CaptureHe…

    …lper#content_for and CaptureHelper#capture #3287 [Brian Takita]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3669 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored February 26, 2006

Jul 24, 2005

  1. David Heinemeier Hansson

    Simplify content_for implementation

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1914 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored July 24, 2005
  2. David Heinemeier Hansson

    Fixed regression for content_for #1820 [Stefan Kaes]

    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1911 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored July 24, 2005

Jun 21, 2005

  1. David Heinemeier Hansson

    Added option to pass in parameters to CaptureHelper#capture, so you c…

    …an create more advanced view helper methods #1466 [duane.johnson@gmail.com]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1459 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored June 21, 2005

Mar 14, 2005

  1. David Heinemeier Hansson

    Added CaptureHelper with CaptureHelper#capture and CaptureHelper#cont…

    …ent_for. See documentation in helper #837 [Tobias Luetke]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@907 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
    authored March 14, 2005
Something went wrong with that request. Please try again.