TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
1b3195b63c
rails/actionpack/lib/action_view
History
Phil Darnowsky 1b3195b63c ActionView.url_for doesn't escape by default 
ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by
default.  This was most commonly seen when generating a path with multiple
query parameters, e.g.

  url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456)

would return

  http://example.com/foo/bar?that=456&this=123

escaping an ampersand that shouldn't be escaped.  This is both wrong and
inconsistent with the behavior of ActionController#url_for, and is changed.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
2009-10-15 09:49:07 +13:00
..
erb Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
helpers ActionView.url_for doesn't escape by default 2009-10-15 09:49:07 +13:00
locale Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'. 2009-09-28 14:37:31 +13:00
render Fix a bug where render :text could not handle yield :symbol. Fixes guides generation 2009-10-10 00:31:12 -10:00
template Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
base.rb Start adding configuration to ActionView instead of using constants. 2009-10-14 13:36:41 -07:00
context.rb replace _render_*_from_controller with render_* as they are intended to be public 2009-08-06 19:43:28 -03:00
helpers.rb Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
paths.rb Finish porting over the initializers to the app object and fix all the tests 2009-10-08 18:12:28 -07:00
safe_buffer.rb Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00
test_case.rb Switch to on-by-default XSS escaping for rails. 2009-10-08 09:31:20 +13:00