Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Apr 9, 2010
  1. Xavier Noria

    image_path -> path_to_image in a couple of places, plus motivation fo…

    fxn authored
    …r path_to_image in rdoc
Commits on Apr 8, 2010
  1. David Heinemeier Hansson
  2. Jeremy Kemper

    Remove superfluous condition

    jeremy authored
Commits on Apr 6, 2010
  1. Xavier Noria

    Merge commit 'rails/master'

    fxn authored
Commits on Apr 5, 2010
  1. David Heinemeier Hansson

    Added all the new HTML5 form types as individual form tag methods (se…

    dhh authored
    …arch, url, number, etc) (Closes #3646) [Stephen Celis]
  2. Xavier Noria

    revises some <%= in rdoc

    fxn authored
Commits on Apr 1, 2010
  1. Jeremy Kemper

    HTML safety: give a deprecation warning if an array of option tags is…

    jeremy authored
    … passed to select tag. Be sure to join the tag yourself and mark them .html_safe
Commits on Mar 28, 2010
  1. Xavier Noria
Commits on Mar 12, 2010
  1. Pratik

    Merge remote branch 'mainstream/master'

    lifo authored
  2. Jeroen van Dijk
Commits on Mar 10, 2010
  1. Yehuda Katz
Commits on Feb 14, 2010
  1. Bruno Michel

    content_tag should escape its input

    nono authored Yehuda Katz committed
    Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
Commits on Feb 5, 2010
  1. Jeremy Kemper

    More html_safe strings now use the safe_concat method

    Santiago Pastorino and José Ignacio Costa authored jeremy committed
    [#3856 state:committed]
    Signed-off-by: Jeremy Kemper <>
Commits on Feb 2, 2010
  1. Prem Sichanugrist José Valim

    Modify the behavior of `radio_button_tag` to use `sanitize_to_id` for…

    sikachu authored josevalim committed
    … consistency [#1792 status:resolved]
    Signed-off-by: José Valim <>
Commits on Feb 1, 2010
  1. For performance reasons, you can no longer call html_safe! on Strings…

    Yehuda Katz authored
    …. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will
      * Additionally, instead of doing concat("</form>".html_safe), you can do
        safe_concat("</form>"), which will skip both the flag set, and the flag
      * For the first pass, I converted virtually all #html_safe!s to #html_safe,
        and the tests pass. A further optimization would be to try to use
        #safe_concat as much as possible, reducing the performance impact if
        we know up front that a String is safe.
Commits on Jan 31, 2010
  1. Stefan Penner Joshua Peek

    UJS documentation.

    stefanpenner authored josh committed
  2. Stephen St. Martin Joshua Peek

    add :remote option to form_tag

    stevestmartin authored josh committed
  3. Joshua Peek
  4. Erik St. Martin Joshua Peek

    updating link_to and button_to to support :remote => true and other o…

    erikstmartin authored josh committed
    …ptions such as :confirm in a unobtrusive manor
    Signed-off-by: Joshua Peek <>
Commits on Jan 30, 2010
  1. Joshua Peek

    Revert "Merge branch 'rails/master' into ujs"

    josh authored
    This reverts commit 3aa1ea1, reversing
    changes made to 2c12a71.
Commits on Jan 27, 2010
  1. Erik St. Martin Stefan Penner

    making non remote versions of link_to, button_to, submit_tag and imag…

    erikstmartin authored stefanpenner committed
    …e_submit_tag output data attributes for things like :confirm, :method, :popup, and :disable_with
Commits on Jan 16, 2010
  1. Pratik

    Merge docrails

    lifo authored
Commits on Oct 7, 2009
  1. Michael Koziarski

    Switch to on-by-default XSS escaping for rails.

    NZKoz authored
      This consists of:
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    Hat tip to Django for the inspiration.
Commits on Aug 8, 2009
  1. Rizwan Reza Pratik

    Add :include_blank option for select_tag [#1987 status:resolved]

    rizwanreza authored lifo committed
    Signed-off-by: José Valim <>
    Signed-off-by: Pratik Naik <>
  2. Stephen St. Martin José Valim

    remove duplicate call to stringify_keys [#2587 status:resolved]

    stevestmartin authored josevalim committed
    Signed-off-by: José Valim <>
Commits on Jul 2, 2009
  1. Elliot Winkler

    Patch FormTagHelper so that when a form tag is created, the div which…

    mcmire authored Yehuda Katz + Carl Lerche committed
    … holds the form authenticity token is set to display:inline [#2846 state:resolved]
    Signed-off-by: Yehuda Katz + Carl Lerche <>
Commits on Jun 27, 2009
  1. Chris Mear Michael Koziarski

    Make text_area_tag escape contents by default.

    chrismear authored NZKoz committed
    Signed-off-by: Michael Koziarski <>
    [#2015 state:committed]
Commits on Jun 9, 2009
  1. Michael Koziarski

    Sanitized the id generated by text_area_tag helper method. text_area_…

    Stephen Anderson authored NZKoz committed
    …tag('item[description]') should return: <textarea id="item_description" name="item[description]"></textarea> instead of: <textarea id="item[description]" name="item[description]"></textarea> The old id was causing HTML validation failures.
    Signed-off-by: Michael Koziarski <>
Commits on Jun 3, 2009
  1. Add explicit requirement in a few cases it was missing.

    Yehuda Katz authored
    	TODO: Come up with the minimal core and remove all of these
Commits on Jun 1, 2009
  1. Han Kessels Michael Koziarski

    fix for IE incompatibility of :disable_with in submit_tag

    han authored NZKoz committed
    Signed-off-by: Michael Koziarski <>
Commits on Apr 17, 2009
  1. Merge docrails

    lifo authored
Commits on Mar 7, 2009
  1. Lawrence Pit Joshua Peek

    submit_tag with confirmation and disable_with [#660 state:resolved]

    lawrencepit authored josh committed
    Signed-off-by: Joshua Peek <>
Commits on Nov 4, 2008
  1. Vladimir Dobriakov David Heinemeier Hansson

    Fixed that FormTagHelper generates illegal html if name contains e.g.…

    geekq authored dhh committed
    … square brackets [#1238 state:committed]
    Signed-off-by: David Heinemeier Hansson <>
Commits on Oct 7, 2008
  1. Andrew Kaspick Pratik

    Ensure select_tag#name attribute uses [] when :multiple is true. [#1146

    akaspick authored lifo committed
    … state:resolved]
    Signed-off-by: Pratik Naik <>
Commits on Sep 29, 2008
  1. Andrew Kaspick Michael Koziarski

    Add options to field_set_tag

    akaspick authored NZKoz committed
    Signed-off-by: Michael Koziarski <>
    [#1116 state:committed]
Something went wrong with that request. Please try again.