Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jun 25, 2010
  1. @carlosantoniodasilva @josevalim

    Do not wrap hidden fields with error proc [#4962 state:resolved]

    carlosantoniodasilva authored josevalim committed
    Signed-off-by: José Valim <>
Commits on Jun 20, 2010
  1. @rizwanreza

    Action View is now titled.

    rizwanreza authored
Commits on May 31, 2010
  1. @dhh

    Base options cant live in lazy loaded helpers as they then wont be av…

    dhh authored
    …ailable to set for config
Commits on May 20, 2010
  1. @spastorino @josevalim

    refactor evals and adds some __FILE__ and __LINE__

    spastorino authored josevalim committed
    Signed-off-by: José Valim <>
Commits on Apr 24, 2010
  1. @jeremy
Commits on Apr 10, 2010
  1. @josevalim
  2. @josevalim

    Remove input, form, error_messages_for and error_message_on from the …

    josevalim authored
    …framework. If you think you will miss them, feel free to use the dynamic_form plugin available at
Commits on Mar 30, 2010
  1. @wycats

    Replace the placeholder base_hook API with on_load. To specify some c…

    wycats authored
    …ode that
    should run during framework load do:
    ActiveSupport.on_load(:action_controller) do
      # Code run in the context of AC::Base
Commits on Mar 29, 2010
  1. @pacoguzman @wycats

    html_tag option to wrap error_message_on text [#4283 state:resolved]

    pacoguzman authored wycats committed
    Signed-off-by: wycats <>
Commits on Mar 27, 2010
  1. @wycats

    Missing require

    wycats authored
  2. @wycats

    Fixes a bug where error_messages_for was returning an empty div [#4048

    wycats authored
    …state:resolved] (ht: Geoff Garside)
  3. @drodriguez @wycats

    Recovers error_messages for ActiveRecordInstanceTag. [#4078 state:res…

    drodriguez authored wycats committed
    Signed-off-by: wycats <>
Commits on Mar 14, 2010
  1. @spastorino @wycats

    Making escaped things more readable

    spastorino authored wycats committed
Commits on Mar 7, 2010
  1. @wycats

    Make many parts of Rails lazy. In order to facilitate this,

    wycats authored
    add lazy_load_hooks.rb, which allows us to declare code that
    should be run at some later time. For instance, this allows
    us to defer requiring ActiveRecord::Base at boot time purely
    to apply configuration. Instead, we register a hook that should
    apply configuration once ActiveRecord::Base is loaded.
    With these changes, brings down total boot time of a
    new app to 300ms in production and 400ms in dev.
    TODO: rename base_hook
Commits on Feb 21, 2010
  1. @josevalim

    Require persisted? in ActiveModel::Lint and remove new_record? and de…

    josevalim authored
    …stroyed? methods. ActionPack does not care if the resource is new or if it was destroyed, it cares only if it's persisted somewhere or not.
Commits on Feb 14, 2010
  1. Explicit html_escape removed when not needed

    Santiago Pastorino and José Ignacio Costa authored Yehuda Katz committed
    Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
  2. @nono

    content_tag should escape its input

    nono authored Yehuda Katz committed
    Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
Commits on Feb 1, 2010
  1. For performance reasons, you can no longer call html_safe! on Strings…

    Yehuda Katz authored
    …. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will
      * Additionally, instead of doing concat("</form>".html_safe), you can do
        safe_concat("</form>"), which will skip both the flag set, and the flag
      * For the first pass, I converted virtually all #html_safe!s to #html_safe,
        and the tests pass. A further optimization would be to try to use
        #safe_concat as much as possible, reducing the performance impact if
        we know up front that a String is safe.
Commits on Jan 7, 2010
  1. @josevalim
Commits on Oct 21, 2009
  1. @josevalim @josh

    Fix error_messages_for when instance variable names are given.

    josevalim authored josh committed
    Signed-off-by: Joshua Peek <>
Commits on Oct 17, 2009
  1. @josevalim
Commits on Oct 7, 2009
  1. @NZKoz

    error procs have to be safe too

    NZKoz authored
  2. @NZKoz

    Switch to on-by-default XSS escaping for rails.

    NZKoz authored
      This consists of:
      * String#html_safe! a method to mark a string as 'safe'
      * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
      * Calls to String#html_safe! throughout the rails helpers
      * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
      * New ERB implementation based on erubis which uses a SafeBuffer instead of a String
    Hat tip to Django for the inspiration.
Commits on Aug 8, 2009
  1. @jeremy

    Ruby 1.9.2: implicit argument passing of super from method defined by…

    jeremy authored
    … define_method() is not supported
Commits on Jul 29, 2009
  1. @wycats
Commits on Jul 19, 2009
  1. @wycats
Something went wrong with that request. Please try again.