Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Aug 9, 2012
  1. @spastorino

    escape select_tag :prompt values

    spastorino authored
    CVE-2012-3463
Commits on Aug 11, 2011
  1. @grzuy

    Remove 'parameters_for_url' from 'form_tag' method signature

    Gonzalo Rodriguez and Leonardo Capillera authored grzuy committed
Commits on Dec 15, 2010
  1. @asanghi @fxn

    eternal confusion! fixed doco to inform correctly

    asanghi authored fxn committed
  2. @remear @fxn

    Added :placeholder option to ActionView::Helpers::FormTagHelper text_…

    remear authored fxn committed
    …field_tag
Commits on Dec 5, 2010
  1. @amatsuda @fxn

    Added a space before "do" keyword

    amatsuda authored fxn committed
Commits on Aug 18, 2010
  1. @wycats

    Revert "It's snowing!"

    wycats authored
    This reverts commit e428300.
Commits on Aug 14, 2010
  1. @spastorino

    Deletes trailing whitespaces (over text files only find * -type f -ex…

    spastorino authored
    …ec sed 's/[ \t]*$//' -i {} \;)
Commits on Aug 12, 2010
  1. @jeremy

    It's snowing!

    jeremy authored
  2. @wycats

    Replace snowman with utf8=✓

    wycats authored
Commits on Aug 9, 2010
  1. @wycats

    rename _snowman to _e

    wycats authored
Commits on Jul 25, 2010
  1. @spastorino @josevalim

    Change returning with tap

    spastorino authored josevalim committed
    Signed-off-by: José Valim <jose.valim@gmail.com>
Commits on Jun 29, 2010
  1. @fxn

    s/escape_once/html_escape/, since html safety is the contract that no…

    fxn authored
    …w says whether something has to be escaped
  2. @fxn

    url_for no longer escapes HTML, the :escape option is also gone

    fxn authored
    Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
  3. @josevalim
Commits on Jun 28, 2010
  1. @wycats

    Small typo

    wycats authored
  2. @wycats

    Fix several known web encoding issues:

    wycats authored
    * Specify accept-charset on all forms. All recent browsers,
      as well as IE5+, will use the encoding specified for form
      parameters
    * Unfortunately, IE5+ will not look at accept-charset unless
      at least one character in the form's values is not in the
      page's charset. Since the user can override the default
      charset (which Rails sets to UTF-8), we provide a hidden
      input containing a unicode character, forcing IE to look
      at the accept-charset.
    * Now that the vast majority of web input is UTF-8, we set
      the inbound parameters to UTF-8. This will eliminate many
      cases of incompatible encodings between ASCII-8BIT and
      UTF-8.
    * You can safely ignore params[:_snowman_]
    
    TODO:
    
    * Validate inbound text to confirm it is UTF-8
    * Combine the whole_form implementations in form_helper_test
      and form_tag_helper_test
Commits on Jun 16, 2010
  1. @rizwanreza
Commits on Jun 11, 2010
  1. @dolzenko
Commits on May 25, 2010
  1. @jeremy
Commits on May 15, 2010
  1. @josevalim
  2. @stephencelis @josevalim

    Let label helpers accept blocks.

    stephencelis authored josevalim committed
    Signed-off-by: José Valim <jose.valim@gmail.com>
Commits on Apr 9, 2010
  1. @fxn

    image_path -> path_to_image in a couple of places, plus motivation fo…

    fxn authored
    …r path_to_image in rdoc
Commits on Apr 8, 2010
  1. @dhh
  2. @jeremy

    Remove superfluous condition

    jeremy authored
Commits on Apr 6, 2010
  1. @fxn

    Merge commit 'rails/master'

    fxn authored
Commits on Apr 5, 2010
  1. @dhh

    Added all the new HTML5 form types as individual form tag methods (se…

    dhh authored
    …arch, url, number, etc) (Closes #3646) [Stephen Celis]
  2. @fxn

    revises some <%= in rdoc

    fxn authored
Commits on Apr 1, 2010
  1. @jeremy

    HTML safety: give a deprecation warning if an array of option tags is…

    jeremy authored
    … passed to select tag. Be sure to join the tag yourself and mark them .html_safe
Commits on Mar 28, 2010
  1. @fxn
Commits on Mar 12, 2010
  1. @lifo

    Merge remote branch 'mainstream/master'

    lifo authored
    Conflicts:
    	activerecord/lib/active_record/base.rb
    	railties/lib/rails/configuration.rb
    	railties/lib/rails/log_subscriber.rb
  2. @jeroenvandijk
Commits on Mar 10, 2010
  1. @wycats
Commits on Feb 14, 2010
  1. @nono

    content_tag should escape its input

    nono authored Yehuda Katz committed
    Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
Commits on Feb 5, 2010
  1. @jeremy

    More html_safe strings now use the safe_concat method

    Santiago Pastorino and José Ignacio Costa authored jeremy committed
    [#3856 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Feb 2, 2010
  1. @sikachu @josevalim

    Modify the behavior of `radio_button_tag` to use `sanitize_to_id` for…

    sikachu authored josevalim committed
    … consistency [#1792 status:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
Something went wrong with that request. Please try again.