Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 21, 2012
  1. @amatsuda @tenderlove
Commits on Nov 2, 2010
  1. @spastorino
  2. @jeffkreeftmeijer @spastorino

    Make sure capture's output gets html_escaped [#5545 state:resolved]

    jeffkreeftmeijer committed with spastorino
    Also remove a duplicate test_link_to_unless assertion and add .html_safe
    to the remaining one.
    Signed-off-by: Santiago Pastorino <>
Commits on Aug 26, 2010
  1. @jaimeiniesta @fxn

    Fix capture_helper.rb api documentation, unescaped script tag was bre…

    jaimeiniesta committed with fxn
    …aking it on the content_for explanation
Commits on Jul 25, 2010
  1. @sespindola @josevalim

    Fixed output_buffer encoding problem [#5179]

    sespindola committed with josevalim
    Signed-off-by: Santiago Pastorino <>
    Signed-off-by: José Valim <>
Commits on Jun 28, 2010
  1. @jeremy
Commits on Jun 16, 2010
  1. @rizwanreza
Commits on May 15, 2010
  1. @jeroenvandijk
Commits on Mar 28, 2010
  1. @fxn
Commits on Mar 17, 2010
  1. @wycats

    Eliminate warnings for AM on 1.8

    wycats committed
Commits on Mar 16, 2010
  1. @jeremy
Commits on Mar 15, 2010
  1. Add deprecation notices for <% %>.

    Carlhuda committed
      * The approach is to compile <% %> into a method call that checks whether
        the value returned from a block is a String. If it is, it concats to the buffer and
        prints a deprecation warning.
      * <%= %> uses exactly the same logic to compile the template, which first checks
        to see whether it's compiling a block.
      * This should have no impact on other uses of block in templates. For instance, in
        <% [1,2,3].each do |i| %><%= i %><% end %>, the call to each returns an Array,
        not a String, so the result is not concatenated
      * In two cases (#capture and #cache), a String can be returned that should *never*
        be concatenated. We have temporarily created a String subclass called NonConcattingString
        which behaves (and is serialized) identically to String, but is not concatenated
        by the code that handles deprecated <% %> block helpers. Once we remove support
        for <% %> block helpers, we can remove NonConcattingString.
  2. @fxn @jeremy

    with_output_buffer cannot assume there's an output_buffer

    fxn committed with jeremy
    [#4182 state:committed]
    Signed-off-by: Jeremy Kemper <>
Commits on Mar 10, 2010
  1. @wycats
Commits on Feb 1, 2010
  1. @spastorino

    Deleted all references to ActionView::SafeBuffer in favor of ActiveSu…

    spastorino committed with Yehuda Katz
    Signed-off-by: Yehuda Katz <wycats@Yehuda-Katz.local>
Commits on Oct 7, 2009
  1. @NZKoz

    Switch to on-by-default XSS escaping for rails.

    NZKoz committed
      This consists of:
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    Hat tip to Django for the inspiration.
Commits on Jun 21, 2009
  1. @darragh @lifo

    Add content_for?(:name) helper to check if content_for(:name) is pres…

    darragh committed with lifo
    …ent [#1311 state:resolved]
    Signed-off-by: Pratik Naik <>
Commits on Jun 18, 2009
  1. Extract the layout proc into a method, and write documentation explai…

    Yehuda Katz + Carl Lerche committed
    …ning what the proc does in various cases.
  2. Drive the final stake through @content_for_*'s heart!

    Yehuda Katz + Carl Lerche committed
Commits on May 28, 2009
  1. @jeremy
Commits on Mar 13, 2009
  1. @jeremy

    Introduce flush_output_buffer to append the buffer to the response bo…

    jeremy committed
    …dy then start a new buffer. Useful for pushing custom parts to the response body without disrupting template rendering.
Commits on Jul 16, 2008
  1. @jeremy
Commits on Jul 11, 2008
  1. @NZKoz


    NZKoz committed
Commits on Jun 20, 2008
  1. @jeremy

    Check whether blocks are called from erb using a special __in_erb_tem…

    jeremy committed
    …plate variable visible in block binding.
Commits on Jun 9, 2008
  1. @jeremy
  2. @jeremy

    Use output_buffer reader and writer methods exclusively instead of hi…

    jeremy committed
    …tting the instance variable so others can override the methods.
Commits on Jun 7, 2008
  1. @jeremy
Commits on Jun 3, 2008
  1. @jeremy
  2. @jeremy
Commits on Mar 28, 2008
  1. @dhh

    Update doc (closes #11402)

    dhh committed
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 28, 2007
  1. @dhh

    Fixed spelling errors (closes #9706) [tarmo/rmm5t]

    dhh committed
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 24, 2007
  1. @dhh

    Stop rdoc from whining

    dhh committed
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Sep 21, 2007
  1. @dhh

    Fixed CaptureHelper#content_for to work with the optional content par…

    dhh committed
    …ameter instead of just the block #9434 [sandofsky/wildchild]
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jul 24, 2007
  1. @dhh

    Its just ERb now

    dhh committed
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Commits on Jun 28, 2007
  1. @jeremy

    Improve capture helper documentation. Closes #8796.

    jeremy committed
    git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Something went wrong with that request. Please try again.