RubyGems - actionpack - Versions diffs - 3.2.22.5 → 4.0.0.beta1 - Mend

actionpack 3.2.22.5 → 4.0.0.beta1

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (265) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +641 -418
data/MIT-LICENSE +1 -1
data/README.rdoc +5 -288
data/lib/abstract_controller.rb +1 -8
data/lib/abstract_controller/asset_paths.rb +2 -2
data/lib/abstract_controller/base.rb +39 -37
data/lib/abstract_controller/callbacks.rb +101 -82
data/lib/abstract_controller/collector.rb +7 -3
data/lib/abstract_controller/helpers.rb +23 -11
data/lib/abstract_controller/layouts.rb +68 -73
data/lib/abstract_controller/logger.rb +1 -2
data/lib/abstract_controller/rendering.rb +22 -13
data/lib/abstract_controller/translation.rb +16 -1
data/lib/abstract_controller/url_for.rb +6 -6
data/lib/abstract_controller/view_paths.rb +1 -1
data/lib/action_controller.rb +15 -6
data/lib/action_controller/base.rb +46 -22
data/lib/action_controller/caching.rb +46 -33
data/lib/action_controller/caching/fragments.rb +23 -53
data/lib/action_controller/deprecated.rb +5 -1
data/lib/action_controller/deprecated/integration_test.rb +3 -0
data/lib/action_controller/log_subscriber.rb +11 -8
data/lib/action_controller/metal.rb +16 -30
data/lib/action_controller/metal/conditional_get.rb +76 -32
data/lib/action_controller/metal/data_streaming.rb +20 -26
data/lib/action_controller/metal/exceptions.rb +19 -6
data/lib/action_controller/metal/flash.rb +24 -9
data/lib/action_controller/metal/force_ssl.rb +32 -9
data/lib/action_controller/metal/head.rb +25 -4
data/lib/action_controller/metal/helpers.rb +6 -9
data/lib/action_controller/metal/hide_actions.rb +1 -2
data/lib/action_controller/metal/http_authentication.rb +105 -87
data/lib/action_controller/metal/implicit_render.rb +1 -1
data/lib/action_controller/metal/instrumentation.rb +2 -1
data/lib/action_controller/metal/live.rb +141 -0
data/lib/action_controller/metal/mime_responds.rb +161 -47
data/lib/action_controller/metal/params_wrapper.rb +112 -74
data/lib/action_controller/metal/rack_delegation.rb +9 -3
data/lib/action_controller/metal/redirecting.rb +15 -20
data/lib/action_controller/metal/renderers.rb +11 -9
data/lib/action_controller/metal/rendering.rb +8 -0
data/lib/action_controller/metal/request_forgery_protection.rb +112 -19
data/lib/action_controller/metal/responder.rb +20 -19
data/lib/action_controller/metal/streaming.rb +12 -18
data/lib/action_controller/metal/strong_parameters.rb +516 -0
data/lib/action_controller/metal/testing.rb +13 -18
data/lib/action_controller/metal/url_for.rb +27 -25
data/lib/action_controller/model_naming.rb +12 -0
data/lib/action_controller/railtie.rb +33 -17
data/lib/action_controller/railties/helpers.rb +22 -0
data/lib/action_controller/record_identifier.rb +18 -72
data/lib/action_controller/test_case.rb +215 -123
data/lib/action_controller/vendor/html-scanner.rb +4 -19
data/lib/action_dispatch.rb +27 -19
data/lib/action_dispatch/http/cache.rb +63 -11
data/lib/action_dispatch/http/filter_parameters.rb +18 -8
data/lib/action_dispatch/http/filter_redirect.rb +37 -0
data/lib/action_dispatch/http/headers.rb +27 -19
data/lib/action_dispatch/http/mime_negotiation.rb +25 -2
data/lib/action_dispatch/http/mime_type.rb +145 -113
data/lib/action_dispatch/http/mime_types.rb +1 -1
data/lib/action_dispatch/http/parameter_filter.rb +44 -46
data/lib/action_dispatch/http/parameters.rb +12 -5
data/lib/action_dispatch/http/rack_cache.rb +2 -3
data/lib/action_dispatch/http/request.rb +49 -18
data/lib/action_dispatch/http/response.rb +129 -35
data/lib/action_dispatch/http/upload.rb +60 -17
data/lib/action_dispatch/http/url.rb +53 -31
data/lib/action_dispatch/journey.rb +5 -0
data/lib/action_dispatch/journey/backwards.rb +5 -0
data/lib/action_dispatch/journey/formatter.rb +146 -0
data/lib/action_dispatch/journey/gtg/builder.rb +162 -0
data/lib/action_dispatch/journey/gtg/simulator.rb +44 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +156 -0
data/lib/action_dispatch/journey/nfa/builder.rb +76 -0
data/lib/action_dispatch/journey/nfa/dot.rb +36 -0
data/lib/action_dispatch/journey/nfa/simulator.rb +47 -0
data/lib/action_dispatch/journey/nfa/transition_table.rb +163 -0
data/lib/action_dispatch/journey/nodes/node.rb +124 -0
data/lib/action_dispatch/journey/parser.rb +206 -0
data/lib/action_dispatch/journey/parser.y +47 -0
data/lib/action_dispatch/journey/parser_extras.rb +23 -0
data/lib/action_dispatch/journey/path/pattern.rb +196 -0
data/lib/action_dispatch/journey/route.rb +116 -0
data/lib/action_dispatch/journey/router.rb +164 -0
data/lib/action_dispatch/journey/router/strexp.rb +24 -0
data/lib/action_dispatch/journey/router/utils.rb +54 -0
data/lib/action_dispatch/journey/routes.rb +75 -0
data/lib/action_dispatch/journey/scanner.rb +61 -0
data/lib/action_dispatch/journey/visitors.rb +189 -0
data/lib/action_dispatch/journey/visualizer/fsm.css +34 -0
data/lib/action_dispatch/journey/visualizer/fsm.js +134 -0
data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
data/lib/action_dispatch/middleware/callbacks.rb +9 -4
data/lib/action_dispatch/middleware/cookies.rb +168 -57
data/lib/action_dispatch/middleware/debug_exceptions.rb +26 -17
data/lib/action_dispatch/middleware/exception_wrapper.rb +27 -3
data/lib/action_dispatch/middleware/flash.rb +58 -58
data/lib/action_dispatch/middleware/params_parser.rb +14 -29
data/lib/action_dispatch/middleware/public_exceptions.rb +31 -14
data/lib/action_dispatch/middleware/reloader.rb +6 -6
data/lib/action_dispatch/middleware/remote_ip.rb +145 -39
data/lib/action_dispatch/middleware/request_id.rb +2 -6
data/lib/action_dispatch/middleware/session/abstract_store.rb +22 -20
data/lib/action_dispatch/middleware/session/cache_store.rb +3 -3
data/lib/action_dispatch/middleware/session/cookie_store.rb +81 -7
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +12 -45
data/lib/action_dispatch/middleware/ssl.rb +70 -0
data/lib/action_dispatch/middleware/stack.rb +6 -1
data/lib/action_dispatch/middleware/static.rb +5 -24
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb +14 -11
data/lib/action_dispatch/middleware/templates/rescues/_source.erb +25 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +15 -9
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +121 -5
data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb +7 -2
data/lib/action_dispatch/middleware/templates/rescues/routing_error.erb +30 -15
data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +39 -13
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb +6 -2
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +16 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +144 -0
data/lib/action_dispatch/railtie.rb +16 -6
data/lib/action_dispatch/request/session.rb +181 -0
data/lib/action_dispatch/routing.rb +41 -40
data/lib/action_dispatch/routing/inspector.rb +240 -0
data/lib/action_dispatch/routing/mapper.rb +501 -273
data/lib/action_dispatch/routing/polymorphic_routes.rb +16 -20
data/lib/action_dispatch/routing/redirection.rb +46 -29
data/lib/action_dispatch/routing/route_set.rb +203 -164
data/lib/action_dispatch/routing/routes_proxy.rb +2 -0
data/lib/action_dispatch/routing/url_for.rb +48 -33
data/lib/action_dispatch/testing/assertions/dom.rb +3 -13
data/lib/action_dispatch/testing/assertions/response.rb +32 -40
data/lib/action_dispatch/testing/assertions/routing.rb +40 -39
data/lib/action_dispatch/testing/assertions/selector.rb +15 -20
data/lib/action_dispatch/testing/assertions/tag.rb +20 -23
data/lib/action_dispatch/testing/integration.rb +41 -22
data/lib/action_dispatch/testing/test_process.rb +9 -6
data/lib/action_dispatch/testing/test_request.rb +7 -3
data/lib/action_pack.rb +1 -1
data/lib/action_pack/version.rb +4 -4
data/lib/action_view.rb +17 -8
data/lib/action_view/base.rb +15 -34
data/lib/action_view/buffers.rb +1 -1
data/lib/action_view/context.rb +4 -4
data/lib/action_view/dependency_tracker.rb +91 -0
data/lib/action_view/digestor.rb +85 -0
data/lib/action_view/flows.rb +1 -4
data/lib/action_view/helpers.rb +2 -4
data/lib/action_view/helpers/active_model_helper.rb +3 -4
data/lib/action_view/helpers/asset_tag_helper.rb +211 -353
data/lib/action_view/helpers/asset_url_helper.rb +354 -0
data/lib/action_view/helpers/atom_feed_helper.rb +13 -10
data/lib/action_view/helpers/cache_helper.rb +150 -18
data/lib/action_view/helpers/capture_helper.rb +42 -29
data/lib/action_view/helpers/csrf_helper.rb +0 -2
data/lib/action_view/helpers/date_helper.rb +268 -247
data/lib/action_view/helpers/debug_helper.rb +10 -11
data/lib/action_view/helpers/form_helper.rb +904 -547
data/lib/action_view/helpers/form_options_helper.rb +341 -166
data/lib/action_view/helpers/form_tag_helper.rb +188 -88
data/lib/action_view/helpers/javascript_helper.rb +23 -16
data/lib/action_view/helpers/number_helper.rb +148 -354
data/lib/action_view/helpers/output_safety_helper.rb +3 -3
data/lib/action_view/helpers/record_tag_helper.rb +17 -22
data/lib/action_view/helpers/rendering_helper.rb +2 -4
data/lib/action_view/helpers/sanitize_helper.rb +3 -6
data/lib/action_view/helpers/tag_helper.rb +43 -37
data/lib/action_view/helpers/tags.rb +39 -0
data/lib/action_view/helpers/tags/base.rb +148 -0
data/lib/action_view/helpers/tags/check_box.rb +64 -0
data/lib/action_view/helpers/tags/checkable.rb +16 -0
data/lib/action_view/helpers/tags/collection_check_boxes.rb +43 -0
data/lib/action_view/helpers/tags/collection_helpers.rb +83 -0
data/lib/action_view/helpers/tags/collection_radio_buttons.rb +36 -0
data/lib/action_view/helpers/tags/collection_select.rb +28 -0
data/lib/action_view/helpers/tags/color_field.rb +25 -0
data/lib/action_view/helpers/tags/date_field.rb +13 -0
data/lib/action_view/helpers/tags/date_select.rb +72 -0
data/lib/action_view/helpers/tags/datetime_field.rb +22 -0
data/lib/action_view/helpers/tags/datetime_local_field.rb +19 -0
data/lib/action_view/helpers/tags/datetime_select.rb +8 -0
data/lib/action_view/helpers/tags/email_field.rb +8 -0
data/lib/action_view/helpers/tags/file_field.rb +8 -0
data/lib/action_view/helpers/tags/grouped_collection_select.rb +29 -0
data/lib/action_view/helpers/tags/hidden_field.rb +8 -0
data/lib/action_view/helpers/tags/label.rb +65 -0
data/lib/action_view/helpers/tags/month_field.rb +13 -0
data/lib/action_view/helpers/tags/number_field.rb +18 -0
data/lib/action_view/helpers/tags/password_field.rb +12 -0
data/lib/action_view/helpers/tags/radio_button.rb +31 -0
data/lib/action_view/helpers/tags/range_field.rb +8 -0
data/lib/action_view/helpers/tags/search_field.rb +24 -0
data/lib/action_view/helpers/tags/select.rb +41 -0
data/lib/action_view/helpers/tags/tel_field.rb +8 -0
data/lib/action_view/helpers/tags/text_area.rb +18 -0
data/lib/action_view/helpers/tags/text_field.rb +29 -0
data/lib/action_view/helpers/tags/time_field.rb +13 -0
data/lib/action_view/helpers/tags/time_select.rb +8 -0
data/lib/action_view/helpers/tags/time_zone_select.rb +20 -0
data/lib/action_view/helpers/tags/url_field.rb +8 -0
data/lib/action_view/helpers/tags/week_field.rb +13 -0
data/lib/action_view/helpers/text_helper.rb +126 -113
data/lib/action_view/helpers/translation_helper.rb +32 -16
data/lib/action_view/helpers/url_helper.rb +200 -271
data/lib/action_view/locale/en.yml +1 -105
data/lib/action_view/log_subscriber.rb +6 -4
data/lib/action_view/lookup_context.rb +15 -39
data/lib/action_view/model_naming.rb +12 -0
data/lib/action_view/path_set.rb +9 -39
data/lib/action_view/railtie.rb +6 -22
data/lib/action_view/record_identifier.rb +84 -0
data/lib/action_view/renderer/abstract_renderer.rb +10 -19
data/lib/action_view/renderer/partial_renderer.rb +144 -81
data/lib/action_view/renderer/renderer.rb +2 -19
data/lib/action_view/renderer/streaming_template_renderer.rb +2 -5
data/lib/action_view/renderer/template_renderer.rb +14 -13
data/lib/action_view/routing_url_for.rb +107 -0
data/lib/action_view/template.rb +22 -21
data/lib/action_view/template/error.rb +22 -12
data/lib/action_view/template/handlers.rb +12 -9
data/lib/action_view/template/handlers/builder.rb +1 -1
data/lib/action_view/template/handlers/erb.rb +11 -16
data/lib/action_view/template/handlers/raw.rb +11 -0
data/lib/action_view/template/resolver.rb +111 -83
data/lib/action_view/template/text.rb +12 -8
data/lib/action_view/template/types.rb +57 -0
data/lib/action_view/test_case.rb +66 -43
data/lib/action_view/testing/resolvers.rb +3 -2
data/lib/action_view/vendor/html-scanner.rb +20 -0
data/lib/{action_controller → action_view}/vendor/html-scanner/html/document.rb +0 -0
data/lib/{action_controller → action_view}/vendor/html-scanner/html/node.rb +12 -12
data/lib/{action_controller → action_view}/vendor/html-scanner/html/sanitizer.rb +18 -7
data/lib/{action_controller → action_view}/vendor/html-scanner/html/selector.rb +1 -1
data/lib/{action_controller → action_view}/vendor/html-scanner/html/tokenizer.rb +1 -1
data/lib/{action_controller → action_view}/vendor/html-scanner/html/version.rb +0 -0
metadata +135 -125
data/lib/action_controller/caching/actions.rb +0 -185
data/lib/action_controller/caching/pages.rb +0 -187
data/lib/action_controller/caching/sweeping.rb +0 -97
data/lib/action_controller/deprecated/performance_test.rb +0 -1
data/lib/action_controller/metal/compatibility.rb +0 -65
data/lib/action_controller/metal/session_management.rb +0 -14
data/lib/action_controller/railties/paths.rb +0 -25
data/lib/action_dispatch/middleware/best_standards_support.rb +0 -30
data/lib/action_dispatch/middleware/body_proxy.rb +0 -30
data/lib/action_dispatch/middleware/head.rb +0 -18
data/lib/action_dispatch/middleware/rescue.rb +0 -26
data/lib/action_dispatch/testing/performance_test.rb +0 -10
data/lib/action_view/asset_paths.rb +0 -142
data/lib/action_view/helpers/asset_paths.rb +0 -7
data/lib/action_view/helpers/asset_tag_helpers/asset_include_tag.rb +0 -146
data/lib/action_view/helpers/asset_tag_helpers/asset_paths.rb +0 -93
data/lib/action_view/helpers/asset_tag_helpers/javascript_tag_helpers.rb +0 -193
data/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb +0 -148
data/lib/sprockets/assets.rake +0 -99
data/lib/sprockets/bootstrap.rb +0 -37
data/lib/sprockets/compressors.rb +0 -83
data/lib/sprockets/helpers.rb +0 -6
data/lib/sprockets/helpers/isolated_helper.rb +0 -13
data/lib/sprockets/helpers/rails_helper.rb +0 -182
data/lib/sprockets/railtie.rb +0 -62
data/lib/sprockets/static_compiler.rb +0 -56

data/lib/action_view/helpers/output_safety_helper.rb CHANGED

@@ -11,7 +11,8 @@ module ActionView #:nodoc:
       #
       # For example:
       #
-      # <%=raw @user.name %>
+      #  raw @user.name
+      #  # => 'Jimmy <alert>Tables</alert>'
       def raw(stringish)
         stringish.to_s.html_safe
       end
@@ -28,11 +29,10 @@ module ActionView #:nodoc:
       #   # => "<p>foo</p><br /><p>bar</p>"
       #
       def safe_join(array, sep=$,)
-        sep ||= "".html_safe
         sep = ERB::Util.html_escape(sep)
         array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe
       end
     end
   end
-end
+end

data/lib/action_view/helpers/record_tag_helper.rb CHANGED

@@ -1,15 +1,13 @@
-require 'action_controller/record_identifier'
 module ActionView
   # = Action View Record Tag Helpers
   module Helpers
     module RecordTagHelper
-      include ActionController::RecordIdentifier
+      include ActionView::RecordIdentifier
       # Produces a wrapper DIV element with id and class parameters that
       # relate to the specified Active Record object. Usage example:
       #
-      #    <%= div_for(@person, :class => "foo") do %>
+      #    <%= div_for(@person, class: "foo") do %>
       #       <%= @person.name %>
       #    <% end %>
       #
@@ -21,7 +19,7 @@ module ActionView
       # get iterated over and yield each record as an argument for the block.
       # For example:
       #
-      #    <%= div_for(@people, :class => "foo") do |person| %>
+      #    <%= div_for(@people, class: "foo") do |person| %>
       #      <%= person.name %>
       #    <% end %>
       #
@@ -67,27 +65,25 @@ module ActionView
       #
       # produces:
       #
-      #   <tr id="person_123" class="person">...</tr>
-      #   <tr id="person_124" class="person">...</tr>
+      #    <tr id="person_123" class="person">...</tr>
+      #    <tr id="person_124" class="person">...</tr>
       #
       # content_tag_for also accepts a hash of options, which will be converted to
       # additional HTML attributes. If you specify a <tt>:class</tt> value, it will be combined
       # with the default class name for your object. For example:
       #
-      #    <%= content_tag_for(:li, @person, :class => "bar") %>...
+      #    <%= content_tag_for(:li, @person, class: "bar") %>...
       #
       # produces:
       #
       #    <li id="person_123" class="person bar">...
       #
       def content_tag_for(tag_name, single_or_multiple_records, prefix = nil, options = nil, &block)
-        if single_or_multiple_records.respond_to?(:to_ary)
-          single_or_multiple_records.to_ary.map do |single_record|
-            capture { content_tag_for_single_record(tag_name, single_record, prefix, options, &block) }
-          end.join("\n").html_safe
-        else
-          content_tag_for_single_record(tag_name, single_or_multiple_records, prefix, options, &block)
-        end
+        options, prefix = prefix, nil if prefix.is_a?(Hash)
+        Array(single_or_multiple_records).map do |single_record|
+          content_tag_for_single_record(tag_name, single_record, prefix, options, &block)
+        end.join("\n").html_safe
       end
       private
@@ -95,15 +91,14 @@ module ActionView
         # Called by <tt>content_tag_for</tt> internally to render a content tag
         # for each record.
         def content_tag_for_single_record(tag_name, record, prefix, options, &block)
-          options, prefix = prefix, nil if prefix.is_a?(Hash)
           options = options ? options.dup : {}
-          options.merge!(:class => "#{dom_class(record, prefix)} #{options[:class]}".strip, :id => dom_id(record, prefix))
-          if !block_given?
-            content_tag(tag_name, "", options)
-          elsif block.arity == 0
-            content_tag(tag_name, capture(&block), options)
-          else
+          options[:class] = [ dom_class(record, prefix), options[:class] ].compact
+          options[:id]    = dom_id(record, prefix)
+          if block_given?
             content_tag(tag_name, capture(record, &block), options)
+          else
+            content_tag(tag_name, "", options)
           end
         end
     end

data/lib/action_view/helpers/rendering_helper.rb CHANGED

@@ -1,5 +1,3 @@
-require "active_support/core_ext/hash/indifferent_access"
 module ActionView
   module Helpers
     # = Action View Rendering
@@ -41,7 +39,7 @@ module ActionView
       # The user can override this default by passing a block to the layout:
       #
       #   # The template
-      #   <%= render :layout => "my_layout" do %>
+      #   <%= render layout: "my_layout" do %>
       #     Content
       #   <% end %>
       #
@@ -61,7 +59,7 @@ module ActionView
       # Finally, the block can take block arguments, which can be passed in by +yield+:
       #
       #   # The template
-      #   <%= render :layout => "my_layout" do |customer| %>
+      #   <%= render layout: "my_layout" do |customer| %>
       #     Hello <%= customer.name %>
       #   <% end %>
       #

data/lib/action_view/helpers/sanitize_helper.rb CHANGED

@@ -1,9 +1,9 @@
 require 'active_support/core_ext/object/try'
-require 'action_controller/vendor/html-scanner'
+require 'action_view/vendor/html-scanner'
 module ActionView
   # = Action View Sanitize Helpers
-  module Helpers #:nodoc:
+  module Helpers
     # The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements.
     # These helper methods extend Action View making them callable within your template files.
     module SanitizeHelper
@@ -29,7 +29,7 @@ module ActionView
       #
       # Custom Use (only the mentioned tags and attributes are allowed, nothing else)
       #
-      #   <%= sanitize @article.body, :tags => %w(table tr td), :attributes => %w(id class style) %>
+      #   <%= sanitize @article.body, tags: %w(table tr td), attributes: %w(id class style) %>
       #
       # Add table tags to the default allowed tags
       #
@@ -69,8 +69,6 @@ module ActionView
       # html-scanner tokenizer and so its HTML parsing ability is limited by
       # that of html-scanner.
       #
-      # ==== Examples
-      #
       #   strip_tags("Strip <i>these</i> tags!")
       #   # => Strip these tags!
       #
@@ -85,7 +83,6 @@ module ActionView
       # Strips all link tags from +text+ leaving just the link text.
       #
-      # ==== Examples
       #   strip_links('<a href="http://www.rubyonrails.org">Ruby on Rails</a>')
       #   # => Ruby on Rails
       #

data/lib/action_view/helpers/tag_helper.rb CHANGED

@@ -1,4 +1,3 @@
-require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/string/output_safety'
 require 'set'
@@ -10,12 +9,11 @@ module ActionView
     module TagHelper
       extend ActiveSupport::Concern
       include CaptureHelper
-      include OutputSafetyHelper
       BOOLEAN_ATTRIBUTES = %w(disabled readonly multiple checked autobuffer
                            autoplay controls loop selected hidden scoped async
                            defer reversed ismap seemless muted required
-                           autofocus novalidate formnovalidate open pubdate).to_set
+                           autofocus novalidate formnovalidate open pubdate itemscope).to_set
       BOOLEAN_ATTRIBUTES.merge(BOOLEAN_ATTRIBUTES.map {|attribute| attribute.to_sym })
       PRE_CONTENT_STRINGS = {
@@ -42,7 +40,7 @@ module ActionView
       # thus accessed as <tt>dataset.userId</tt>.
       #
       # Values are encoded to JSON, with the exception of strings and symbols.
-      # This may come in handy when using jQuery's HTML5-aware <tt>.data()<tt>
+      # This may come in handy when using jQuery's HTML5-aware <tt>.data()</tt>
       # from 1.4.3.
       #
       # ==== Examples
@@ -52,16 +50,16 @@ module ActionView
       #   tag("br", nil, true)
       #   # => <br>
       #
-      #   tag("input", :type => 'text', :disabled => true)
+      #   tag("input", type: 'text', disabled: true)
       #   # => <input type="text" disabled="disabled" />
       #
-      #   tag("img", :src => "open & shut.png")
+      #   tag("img", src: "open & shut.png")
       #   # => <img src="open &amp; shut.png" />
       #
-      #   tag("img", {:src => "open &amp; shut.png"}, false, false)
+      #   tag("img", {src: "open &amp; shut.png"}, false, false)
       #   # => <img src="open &amp; shut.png" />
       #
-      #   tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
+      #   tag("div", data: {name: 'Stephen', city_state: %w(Chicago IL)})
       #   # => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
       def tag(name, options = nil, open = false, escape = true)
         "<#{name}#{tag_options(options, escape) if options}#{open ? ">" : " />"}".html_safe
@@ -81,12 +79,12 @@ module ActionView
       # ==== Examples
       #   content_tag(:p, "Hello world!")
       #    # => <p>Hello world!</p>
-      #   content_tag(:div, content_tag(:p, "Hello world!"), :class => "strong")
+      #   content_tag(:div, content_tag(:p, "Hello world!"), class: "strong")
       #    # => <div class="strong"><p>Hello world!</p></div>
-      #   content_tag("select", options, :multiple => true)
+      #   content_tag("select", options, multiple: true)
       #    # => <select multiple="multiple">...options...</select>
       #
-      #   <%= content_tag :div, :class => "strong" do -%>
+      #   <%= content_tag :div, class: "strong" do -%>
       #     Hello world!
       #   <% end -%>
       #    # => <div class="strong">Hello world!</div>
@@ -104,63 +102,71 @@ module ActionView
       # otherwise be recognized as markup. CDATA sections begin with the string
       # <tt><![CDATA[</tt> and end with (and may not contain) the string <tt>]]></tt>.
       #
-      # ==== Examples
       #   cdata_section("<hello world>")
       #   # => <![CDATA[<hello world>]]>
       #
       #   cdata_section(File.read("hello_world.txt"))
       #   # => <![CDATA[<hello from a text file]]>
+      #
+      #   cdata_section("hello]]>world")
+      #   # => <![CDATA[hello]]]]><![CDATA[>world]]>
       def cdata_section(content)
-        "<![CDATA[#{content}]]>".html_safe
+        splitted = content.gsub(']]>', ']]]]><![CDATA[>')
+        "<![CDATA[#{splitted}]]>".html_safe
       end
       # Returns an escaped version of +html+ without affecting existing escaped entities.
       #
-      # ==== Examples
       #   escape_once("1 < 2 &amp; 3")
       #   # => "1 &lt; 2 &amp; 3"
       #
       #   escape_once("&lt;&lt; Accept & Checkout")
       #   # => "&lt;&lt; Accept &amp; Checkout"
       def escape_once(html)
-        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+        ERB::Util.html_escape_once(html)
       end
       private
         def content_tag_string(name, content, options, escape = true)
           tag_options = tag_options(options, escape) if options
-          "<#{name}#{tag_options}>#{PRE_CONTENT_STRINGS[name.to_sym]}#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
+          content     = ERB::Util.h(content) if escape
+          "<#{name}#{tag_options}>#{PRE_CONTENT_STRINGS[name.to_sym]}#{content}</#{name}>".html_safe
         end
         def tag_options(options, escape = true)
-          unless options.blank?
-            attrs = []
-            options.each_pair do |key, value|
-              if key.to_s == 'data' && value.is_a?(Hash)
-                value.each do |k, v|
-                  unless v.is_a?(String) || v.is_a?(Symbol) || v.is_a?(BigDecimal)
-                    v = v.to_json
-                  end
-                  attrs << tag_option("data-#{k.to_s.dasherize}", v, escape)
-                end
-              elsif BOOLEAN_ATTRIBUTES.include?(key)
-                attrs << %(#{key}="#{key}") if value
-              elsif !value.nil?
-                attrs << tag_option(key, value, escape)
+          return if options.blank?
+          attrs = []
+          options.each_pair do |key, value|
+            if key.to_s == 'data' && value.is_a?(Hash)
+              value.each_pair do |k, v|
+                attrs << data_tag_option(k, v, escape)
               end
+            elsif BOOLEAN_ATTRIBUTES.include?(key)
+              attrs << boolean_tag_option(key) if value
+            elsif !value.nil?
+              attrs << tag_option(key, value, escape)
             end
-            " #{attrs.sort * ' '}".html_safe unless attrs.empty?
           end
+          " #{attrs.sort * ' '}".html_safe unless attrs.empty?
         end
-        def tag_option(key, value, escape)
-          if value.is_a?(Array)
-            value = escape ? safe_join(value, " ") : value.join(" ")
-          else
-            value = escape ? ERB::Util.html_escape(value) : value.to_s
+        def data_tag_option(key, value, escape)
+          key   = "data-#{key.to_s.dasherize}"
+          unless value.is_a?(String) || value.is_a?(Symbol) || value.is_a?(BigDecimal)
+            value = value.to_json
           end
-          %(#{key}="#{value.gsub(/"/, '&quot;'.freeze)}")
+          tag_option(key, value, escape)
+        end
+        def boolean_tag_option(key)
+          %(#{key}="#{key}")
+        end
+        def tag_option(key, value, escape)
+          value = value.join(" ") if value.is_a?(Array)
+          value = ERB::Util.h(value) if escape
+          %(#{key}="#{value}")
         end
     end
   end

data/lib/action_view/helpers/tags.rb ADDED

@@ -0,0 +1,39 @@
+module ActionView
+  module Helpers
+    module Tags #:nodoc:
+      extend ActiveSupport::Autoload
+      autoload :Base
+      autoload :CheckBox
+      autoload :CollectionCheckBoxes
+      autoload :CollectionRadioButtons
+      autoload :CollectionSelect
+      autoload :ColorField
+      autoload :DateField
+      autoload :DateSelect
+      autoload :DatetimeField
+      autoload :DatetimeLocalField
+      autoload :DatetimeSelect
+      autoload :EmailField
+      autoload :FileField
+      autoload :GroupedCollectionSelect
+      autoload :HiddenField
+      autoload :Label
+      autoload :MonthField
+      autoload :NumberField
+      autoload :PasswordField
+      autoload :RadioButton
+      autoload :RangeField
+      autoload :SearchField
+      autoload :Select
+      autoload :TelField
+      autoload :TextArea
+      autoload :TextField
+      autoload :TimeField
+      autoload :TimeSelect
+      autoload :TimeZoneSelect
+      autoload :UrlField
+      autoload :WeekField
+    end
+  end
+end

data/lib/action_view/helpers/tags/base.rb ADDED

@@ -0,0 +1,148 @@
+module ActionView
+  module Helpers
+    module Tags
+      class Base #:nodoc:
+        include Helpers::ActiveModelInstanceTag, Helpers::TagHelper, Helpers::FormTagHelper
+        include FormOptionsHelper
+        attr_reader :object
+        def initialize(object_name, method_name, template_object, options = {})
+          @object_name, @method_name = object_name.to_s.dup, method_name.to_s.dup
+          @template_object = template_object
+          @object_name.sub!(/\[\]$/,"") || @object_name.sub!(/\[\]\]$/,"]")
+          @object = retrieve_object(options.delete(:object))
+          @options = options
+          @auto_index = retrieve_autoindex(Regexp.last_match.pre_match) if Regexp.last_match
+        end
+        # This is what child classes implement.
+        def render
+          raise NotImplementedError, "Subclasses must implement a render method"
+        end
+        private
+        def value(object)
+          object.send @method_name if object
+        end
+        def value_before_type_cast(object)
+          unless object.nil?
+            method_before_type_cast = @method_name + "_before_type_cast"
+            object.respond_to?(method_before_type_cast) ?
+              object.send(method_before_type_cast) :
+              value(object)
+          end
+        end
+        def retrieve_object(object)
+          if object
+            object
+          elsif @template_object.instance_variable_defined?("@#{@object_name}")
+            @template_object.instance_variable_get("@#{@object_name}")
+          end
+        rescue NameError
+          # As @object_name may contain the nested syntax (item[subobject]) we need to fallback to nil.
+          nil
+        end
+        def retrieve_autoindex(pre_match)
+          object = self.object || @template_object.instance_variable_get("@#{pre_match}")
+          if object && object.respond_to?(:to_param)
+            object.to_param
+          else
+            raise ArgumentError, "object[] naming but object param and @object var don't exist or don't respond to to_param: #{object.inspect}"
+          end
+        end
+        def add_default_name_and_id_for_value(tag_value, options)
+          if tag_value.nil?
+            add_default_name_and_id(options)
+          else
+            specified_id = options["id"]
+            add_default_name_and_id(options)
+            if specified_id.blank? && options["id"].present?
+              options["id"] += "_#{sanitized_value(tag_value)}"
+            end
+          end
+        end
+        def add_default_name_and_id(options)
+          if options.has_key?("index")
+            options["name"] ||= options.fetch("name"){ tag_name_with_index(options["index"]) }
+            options["id"] = options.fetch("id"){ tag_id_with_index(options["index"]) }
+            options.delete("index")
+          elsif defined?(@auto_index)
+            options["name"] ||= options.fetch("name"){ tag_name_with_index(@auto_index) }
+            options["id"] = options.fetch("id"){ tag_id_with_index(@auto_index) }
+          else
+            options["name"] ||= options.fetch("name"){ tag_name }
+            options["id"] = options.fetch("id"){ tag_id }
+          end
+          options["name"] += "[]" if options["multiple"]
+          options["id"] = [options.delete('namespace'), options["id"]].compact.join("_").presence
+        end
+        def tag_name
+          "#{@object_name}[#{sanitized_method_name}]"
+        end
+        def tag_name_with_index(index)
+          "#{@object_name}[#{index}][#{sanitized_method_name}]"
+        end
+        def tag_id
+          "#{sanitized_object_name}_#{sanitized_method_name}"
+        end
+        def tag_id_with_index(index)
+          "#{sanitized_object_name}_#{index}_#{sanitized_method_name}"
+        end
+        def sanitized_object_name
+          @sanitized_object_name ||= @object_name.gsub(/\]\[|[^-a-zA-Z0-9:.]/, "_").sub(/_$/, "")
+        end
+        def sanitized_method_name
+          @sanitized_method_name ||= @method_name.sub(/\?$/,"")
+        end
+        def sanitized_value(value)
+          value.to_s.gsub(/\s/, "_").gsub(/[^-\w]/, "").downcase
+        end
+        def select_content_tag(option_tags, options, html_options)
+          html_options = html_options.stringify_keys
+          add_default_name_and_id(html_options)
+          options[:include_blank] ||= true unless options[:prompt] || select_not_required?(html_options)
+          select = content_tag("select", add_options(option_tags, options, value(object)), html_options)
+          if html_options["multiple"] && options.fetch(:include_hidden, true)
+            tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select
+          else
+            select
+          end
+        end
+        def select_not_required?(html_options)
+          !html_options["required"] || html_options["multiple"] || html_options["size"].to_i > 1
+        end
+        def add_options(option_tags, options, value = nil)
+          if options[:include_blank]
+            option_tags = content_tag_string('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
+          end
+          if value.blank? && options[:prompt]
+            option_tags = content_tag_string('option', prompt_text(options[:prompt]), :value => '') + "\n" + option_tags
+          end
+          option_tags
+        end
+      end
+    end
+  end
+end