Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Nov 2, 2010
  1. @spastorino
  2. @jeffkreeftmeijer @spastorino

    Make sure capture's output gets html_escaped [#5545 state:resolved]

    jeffkreeftmeijer authored spastorino committed
    Also remove a duplicate test_link_to_unless assertion and add .html_safe
    to the remaining one.
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Aug 26, 2010
  1. @jaimeiniesta @fxn

    Fix capture_helper.rb api documentation, unescaped script tag was bre…

    jaimeiniesta authored fxn committed
    …aking it on the content_for explanation
Commits on Jul 25, 2010
  1. @sespindola @josevalim

    Fixed output_buffer encoding problem [#5179]

    sespindola authored josevalim committed
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    Signed-off-by: José Valim <jose.valim@gmail.com>
Commits on Jun 28, 2010
  1. @jeremy
Commits on Jun 16, 2010
  1. @rizwanreza
Commits on May 15, 2010
  1. @jeroenvandijk
Commits on Mar 28, 2010
  1. @fxn
Commits on Mar 17, 2010
  1. @wycats
Commits on Mar 16, 2010
  1. @jeremy
Commits on Mar 15, 2010
  1. Add deprecation notices for <% %>.

    Carlhuda authored
      * The approach is to compile <% %> into a method call that checks whether
        the value returned from a block is a String. If it is, it concats to the buffer and
        prints a deprecation warning.
      * <%= %> uses exactly the same logic to compile the template, which first checks
        to see whether it's compiling a block.
      * This should have no impact on other uses of block in templates. For instance, in
        <% [1,2,3].each do |i| %><%= i %><% end %>, the call to each returns an Array,
        not a String, so the result is not concatenated
      * In two cases (#capture and #cache), a String can be returned that should *never*
        be concatenated. We have temporarily created a String subclass called NonConcattingString
        which behaves (and is serialized) identically to String, but is not concatenated
        by the code that handles deprecated <% %> block helpers. Once we remove support
        for <% %> block helpers, we can remove NonConcattingString.
  2. @fxn @jeremy

    with_output_buffer cannot assume there's an output_buffer

    fxn authored jeremy committed
    [#4182 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Mar 10, 2010
  1. @wycats

    Deprecate block_called_from_erb? pending a solution for getting it in…

    Carlhuda authored wycats committed
    …to apps
Commits on Feb 1, 2010
  1. @spastorino

    Deleted all references to ActionView::SafeBuffer in favor of ActiveSu…

    spastorino authored Yehuda Katz committed
    …pport::SafeBuffer
    
    Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
Commits on Oct 7, 2009
  1. @NZKoz

    Switch to on-by-default XSS escaping for rails.

    NZKoz authored
      This consists of:
    
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    
    Hat tip to Django for the inspiration.
Commits on Jun 21, 2009
  1. @darragh @lifo

    Add content_for?(:name) helper to check if content_for(:name) is pres…

    darragh authored lifo committed
    …ent [#1311 state:resolved]
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
Commits on Jun 18, 2009
  1. Extract the layout proc into a method, and write documentation explai…

    Yehuda Katz + Carl Lerche authored
    …ning what the proc does in various cases.
  2. Drive the final stake through @content_for_*'s heart!

    Yehuda Katz + Carl Lerche authored
Commits on May 28, 2009
  1. @jeremy
Commits on Mar 13, 2009
  1. @jeremy

    Introduce flush_output_buffer to append the buffer to the response bo…

    jeremy authored
    …dy then start a new buffer. Useful for pushing custom parts to the response body without disrupting template rendering.
Commits on Jul 16, 2008
  1. @jeremy
Commits on Jul 11, 2008
  1. @NZKoz

    Whitespace

    NZKoz authored
Commits on Jun 20, 2008
  1. @jeremy

    Check whether blocks are called from erb using a special __in_erb_tem…

    jeremy authored
    …plate variable visible in block binding.
Commits on Jun 9, 2008
  1. @jeremy
  2. @jeremy

    Use output_buffer reader and writer methods exclusively instead of hi…

    jeremy authored
    …tting the instance variable so others can override the methods.
Commits on Jun 7, 2008
  1. @jeremy
Commits on Jun 3, 2008
  1. @jeremy
  2. @jeremy
Commits on Mar 28, 2008
  1. @dhh

    Update doc (closes #11402)

    dhh authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9116 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 28, 2007
  1. @dhh

    Fixed spelling errors (closes #9706) [tarmo/rmm5t]

    dhh authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7666 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 24, 2007
  1. @dhh

    Stop rdoc from whining

    dhh authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7622 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 21, 2007
  1. @dhh

    Fixed CaptureHelper#content_for to work with the optional content par…

    dhh authored
    …ameter instead of just the block #9434 [sandofsky/wildchild]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7522 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jul 24, 2007
  1. @dhh

    Its just ERb now

    dhh authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7211 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jun 28, 2007
  1. @jeremy

    Improve capture helper documentation. Closes #8796.

    jeremy authored
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7148 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jun 23, 2007
  1. @dhh

    Massive documentation update for all helpers (closes #8223, #8177, #8175

    dhh authored
    , #8108, #7977, #7972, #7971, #7969) [jeremymcanally]
    
    git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7106 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.