actiontext 7.0.8.4 → 7.1.3.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actiontext might be problematic. Click here for more details.

Files changed (33) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +56 -115
  3. data/MIT-LICENSE +1 -1
  4. data/README.md +2 -2
  5. data/app/assets/javascripts/actiontext.esm.js +889 -0
  6. data/app/assets/javascripts/actiontext.js +55 -73
  7. data/app/assets/javascripts/trix.js +12163 -19
  8. data/app/assets/stylesheets/trix.css +67 -30
  9. data/app/helpers/action_text/content_helper.rb +26 -4
  10. data/app/helpers/action_text/tag_helper.rb +11 -7
  11. data/app/models/action_text/encrypted_rich_text.rb +2 -0
  12. data/app/models/action_text/rich_text.rb +29 -1
  13. data/app/views/action_text/attachables/_content_attachment.html.erb +3 -0
  14. data/lib/action_text/attachable.rb +69 -5
  15. data/lib/action_text/attachables/content_attachment.rb +20 -18
  16. data/lib/action_text/attachables/missing_attachable.rb +17 -3
  17. data/lib/action_text/attachment.rb +43 -2
  18. data/lib/action_text/attribute.rb +10 -5
  19. data/lib/action_text/content.rb +45 -3
  20. data/lib/action_text/deprecator.rb +7 -0
  21. data/lib/action_text/engine.rb +15 -9
  22. data/lib/action_text/fixture_set.rb +2 -0
  23. data/lib/action_text/fragment.rb +4 -3
  24. data/lib/action_text/gem_version.rb +3 -3
  25. data/lib/action_text/html_conversion.rb +1 -1
  26. data/lib/action_text/rendering.rb +5 -2
  27. data/lib/action_text/trix_attachment.rb +2 -2
  28. data/lib/action_text/version.rb +1 -1
  29. data/lib/action_text.rb +19 -0
  30. data/lib/generators/action_text/install/install_generator.rb +21 -4
  31. data/lib/generators/action_text/install/templates/actiontext.css +0 -4
  32. data/package.json +7 -7
  33. metadata +15 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e8ace8ec8700bac67f826fdcec6199ed41822e94cc8bcfd7f3d862db7d12047
4
- data.tar.gz: 044b9acfc8061989fb80d59c7d171bfc3da193f9aa4e91a52902297cf4eaeda5
3
+ metadata.gz: d51a41ff03b550ac428a52ce89ee785539d2ac0b386c5597f4c06b763070d054
4
+ data.tar.gz: 85028cdc38e4448c321e17190924c602f7bd940588307ef42206c7e0842ba31a
5
5
  SHA512:
6
- metadata.gz: df7ee6154387f68f1048bfcacc5baf63c5d3ff469e9f811152dfec79a81041682dfe19227eb59c61fa3cffbd2a09a85a3d00b7f0b7c58e33a39230126a1ad560
7
- data.tar.gz: b99f1aff5927bd717595dcb92bb39da1b5ddd0586fcb98274ded2ac3172023f159416d756ebdb18763c277134b46a5343c550d494e5772f624bc837ecffd96ec
6
+ metadata.gz: 417dec3ad3e197b566e52b5b42356481d6a5f54e1a792b5f16c7eeaa45137b2a4bdeeb32e83fd890d884fc60864e7d6062ebe25115710a40de06df3c93812c95
7
+ data.tar.gz: ab1691bf97b79a8f2b644b6bf324c06fc663fd8ca2ba4641a906fcf7062a4c4acb4103b25b405561fc21e81198ce7b7541a9d02921d137ae14de6eb75d01b1c7
data/CHANGELOG.md CHANGED
@@ -1,184 +1,125 @@
1
- ## Rails 7.0.8.4 (June 04, 2024) ##
1
+ ## Rails 7.1.3.4 (June 04, 2024) ##
2
2
 
3
- * No changes.
4
-
5
-
6
- ## Rails 7.0.8.3 (May 17, 2024) ##
7
-
8
- * Fix vendored trix.css to be correct file.
3
+ * Sanitize ActionText HTML ContentAttachment in Trix edit view
4
+ [CVE-2024-32464]
9
5
 
10
- *Hartley McGuire*
11
6
 
12
- ## Rails 7.0.8.2 (May 16, 2024) ##
7
+ ## Rails 7.1.3.3 (May 16, 2024) ##
13
8
 
14
9
  * Upgrade Trix to 1.3.2 to fix [CVE-2024-34341](https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
15
10
 
16
11
  *Rafael Mendonça França*
17
12
 
18
13
 
19
- ## Rails 7.0.8.1 (February 21, 2024) ##
20
-
21
- * No changes.
22
-
23
-
24
- ## Rails 7.0.8 (September 09, 2023) ##
25
-
26
- * No changes.
27
-
28
-
29
- ## Rails 7.0.7.2 (August 22, 2023) ##
30
-
31
- * No changes.
32
-
33
-
34
- ## Rails 7.0.7.1 (August 22, 2023) ##
35
-
36
- * No changes.
37
-
38
-
39
- ## Rails 7.0.7 (August 09, 2023) ##
40
-
41
- * No changes.
42
-
43
-
44
- ## Rails 7.0.6 (June 29, 2023) ##
45
-
46
- * No changes.
47
-
48
-
49
- ## Rails 7.0.5.1 (June 26, 2023) ##
50
-
51
- * No changes.
52
-
53
-
54
- ## Rails 7.0.5 (May 24, 2023) ##
55
-
56
- * Fix `ActionText::Attachable#as_json`.
57
-
58
- *Alexandre Ruban*
59
-
60
-
61
- ## Rails 7.0.4.3 (March 13, 2023) ##
62
-
63
- * No changes.
64
-
65
-
66
- ## Rails 7.0.4.2 (January 24, 2023) ##
67
-
68
- * No changes.
69
-
70
-
71
- ## Rails 7.0.4.1 (January 17, 2023) ##
72
-
73
- * No changes.
74
-
75
-
76
- ## Rails 7.0.4 (September 09, 2022) ##
14
+ ## Rails 7.1.3.2 (February 21, 2024) ##
77
15
 
78
16
  * No changes.
79
17
 
80
18
 
81
- ## Rails 7.0.3.1 (July 12, 2022) ##
19
+ ## Rails 7.1.3.1 (February 21, 2024) ##
82
20
 
83
21
  * No changes.
84
22
 
85
23
 
86
- ## Rails 7.0.3 (May 09, 2022) ##
24
+ ## Rails 7.1.3 (January 16, 2024) ##
87
25
 
88
26
  * No changes.
89
27
 
90
28
 
91
- ## Rails 7.0.2.4 (April 26, 2022) ##
92
-
93
- * No changes.
94
-
29
+ ## Rails 7.1.2 (November 10, 2023) ##
95
30
 
96
- ## Rails 7.0.2.3 (March 08, 2022) ##
31
+ * Compile ESM package that can be used directly in the browser as `actiontext.esm.js`.
97
32
 
98
- * No changes.
33
+ *Matias Grunberg*
99
34
 
35
+ * Fix using actiontext.js with Sprockets.
100
36
 
101
- ## Rails 7.0.2.2 (February 11, 2022) ##
37
+ *Matias Grunberg*
102
38
 
103
- * No changes.
39
+ * Upgrade Trix to 2.0.7.
104
40
 
41
+ *Hartley McGuire*
105
42
 
106
- ## Rails 7.0.2.1 (February 11, 2022) ##
43
+ * Fix using Trix with Sprockets.
107
44
 
108
- * No changes.
45
+ *Hartley McGuire*
109
46
 
110
47
 
111
- ## Rails 7.0.2 (February 08, 2022) ##
48
+ ## Rails 7.1.1 (October 11, 2023) ##
112
49
 
113
50
  * No changes.
114
51
 
115
52
 
116
- ## Rails 7.0.1 (January 06, 2022) ##
53
+ ## Rails 7.1.0 (October 05, 2023) ##
117
54
 
118
55
  * No changes.
119
56
 
120
57
 
121
- ## Rails 7.0.0 (December 15, 2021) ##
58
+ ## Rails 7.1.0.rc2 (October 01, 2023) ##
122
59
 
123
60
  * No changes.
124
61
 
125
62
 
126
- ## Rails 7.0.0.rc3 (December 14, 2021) ##
63
+ ## Rails 7.1.0.rc1 (September 27, 2023) ##
127
64
 
128
65
  * No changes.
129
66
 
130
67
 
131
- ## Rails 7.0.0.rc2 (December 14, 2021) ##
132
-
133
- * No changes.
68
+ ## Rails 7.1.0.beta1 (September 13, 2023) ##
134
69
 
135
- ## Rails 7.0.0.rc1 (December 06, 2021) ##
70
+ * Use `Rails::HTML5::SafeListSanitizer` by default in the Rails 7.1 configuration if it is
71
+ supported.
136
72
 
137
- * Fix an issue with how nested lists were displayed when converting to plain text
73
+ Action Text's sanitizer can be configured by setting
74
+ `config.action_text.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
75
+ `Rails::HTML5::Sanitizer`.
138
76
 
139
- *Matt Swanson*
77
+ The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
78
+ fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
79
+ `Rails::HTML4::Sanitizer`.
140
80
 
141
- * Allow passing in a custom `direct_upload_url` or `blob_url_template` to `rich_text_area_tag`.
81
+ As a result of this change, the defaults for `ActionText::ContentHelper.allowed_tags` and
82
+ `.allowed_attributes` are applied at runtime, so the value of these attributes is now 'nil'
83
+ unless set by the application. You may call `sanitizer_allowed_tags` or
84
+ `sanitizer_allowed_attributes` to inspect the tags and attributes being allowed by the
85
+ sanitizer.
142
86
 
143
- *Lucas Mansur*
87
+ *Mike Dalessio*
144
88
 
89
+ * Attachables now can override default attachment missing template.
145
90
 
146
- ## Rails 7.0.0.alpha2 (September 15, 2021) ##
91
+ When rendering Action Text attachments where the underlying attachable model has
92
+ been removed, a fallback template is used. You now can override this template on
93
+ a per-model basis. For example, you could render a placeholder image for a file
94
+ attachment or the text "Deleted User" for a User attachment.
147
95
 
148
- * No changes.
96
+ *Matt Swanson*, *Joel Drapper*
149
97
 
98
+ * Update bundled Trix version from `1.3.1` to `2.0.4`.
150
99
 
151
- ## Rails 7.0.0.alpha1 (September 15, 2021) ##
100
+ *Sarah Ridge*, *Sean Doyle*
152
101
 
153
- * Make the Action Text + Trix JavaScript and CSS available through the asset pipeline.
102
+ * Apply `field_error_proc` to `rich_text_area` form fields.
154
103
 
155
- *DHH*
104
+ *Kaíque Kandy Koga*
156
105
 
157
- * OpenSSL constants are now used for Digest computations.
106
+ * Action Text attachment URLs rendered in a background job (a la Turbo
107
+ Streams) now use `Rails.application.default_url_options` and
108
+ `Rails.application.config.force_ssl` instead of `http://example.org`.
158
109
 
159
- *Dirkjan Bussink*
110
+ *Jonathan Hefner*
160
111
 
161
- * Add support for passing `form:` option to `rich_text_area_tag` and
162
- `rich_text_area` helpers to specify the `<input type="hidden" form="...">`
163
- value.
112
+ * Support `strict_loading:` option for `has_rich_text` declaration
164
113
 
165
114
  *Sean Doyle*
166
115
 
167
- * Add `config.action_text.attachment_tag_name`, to specify the HTML tag that contains attachments.
168
-
169
- *Mark VanLandingham*
170
-
171
- * Expose how we render the HTML _surrounding_ rich text content as an
172
- extensible `layouts/action_view/contents/_content.html.erb` template to
173
- encourage user-land customizations, while retaining private API control over how
174
- the rich text itself is rendered by `action_text/contents/_content.html.erb`
175
- partial.
176
-
177
- *Sean Doyle*
116
+ * Update ContentAttachment so that it can encapsulate arbitrary HTML content in a document.
178
117
 
179
- * Add `with_all_rich_text` method to eager load all rich text associations on a model at once.
118
+ *Jamis Buck*
180
119
 
181
- *Matt Swanson*, *DHH*
120
+ * Fix an issue that caused the content layout to render multiple times when a
121
+ rich_text field was updated.
182
122
 
123
+ *Jacob Herrington*
183
124
 
184
- Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actiontext/CHANGELOG.md) for previous changes.
125
+ Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actiontext/CHANGELOG.md) for previous changes.
data/MIT-LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2020-2022 Basecamp, LLC
3
+ Copyright (c) 37signals LLC
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # Action Text
2
2
 
3
- Action Text brings rich text content and editing to Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
3
+ Action Text brings rich text content and editing to \Rails. It includes the [Trix editor](https://trix-editor.org) that handles everything from formatting to links to quotes to lists to embedded images and galleries. The rich text content generated by the Trix editor is saved in its own RichText model that's associated with any existing Active Record model in the application. Any embedded images (or other attachments) are automatically stored using Active Storage and associated with the included RichText model.
4
4
 
5
- You can read more about Action Text in the [Action Text Overview](https://edgeguides.rubyonrails.org/action_text_overview.html) guide.
5
+ You can read more about Action Text in the [Action Text Overview](https://guides.rubyonrails.org/action_text_overview.html) guide.
6
6
 
7
7
  ## Development
8
8