actionview 4.2.10 → 5.1.0

data/lib/action_view/helpers/text_helper.rb

@@ -1,5 +1,5 @@
-require 'active_support/core_ext/string/filters'
-require 'active_support/core_ext/array/extract_options'
+require "active_support/core_ext/string/filters"
+require "active_support/core_ext/array/extract_options"
 
 module ActionView
   # = Action View Text Helpers
@@ -103,7 +103,9 @@ module ActionView
       # Highlights one or more +phrases+ everywhere in +text+ by inserting it into
       # a <tt>:highlighter</tt> string. The highlighter can be specialized by passing <tt>:highlighter</tt>
       # as a single-quoted string with <tt>\1</tt> where the phrase is to be inserted (defaults to
-      # '<mark>\1</mark>') or passing a block that receives each matched term.
+      # '<mark>\1</mark>') or passing a block that receives each matched term. By default +text+
+      # is sanitized to prevent possible XSS attacks. If the input is trustworthy, passing false
+      # for <tt>:sanitize</tt> will turn sanitizing off.
       #
       #   highlight('You searched for: rails', 'rails')
       #   # => You searched for: <mark>rails</mark>
@@ -122,6 +124,9 @@ module ActionView
       #
       #   highlight('You searched for: rails', 'rails') { |match| link_to(search_path(q: match, match)) }
       #   # => You searched for: <a href="search?q=rails">rails</a>
+      #
+      #   highlight('<a href="javascript:alert(\'no!\')">ruby</a> on rails', 'rails', sanitize: false)
+      #   # => "<a>ruby</a> on <mark>rails</mark>"
       def highlight(text, phrases, options = {})
         text = sanitize(text) if options.fetch(:sanitize, true)
 
@@ -130,7 +135,7 @@ module ActionView
         else
           match = Array(phrases).map do |p|
             Regexp === p ? p.to_s : Regexp.escape(p)
-          end.join('|')
+          end.join("|")
 
           if block_given?
             text.gsub(/(#{match})(?![^<]*?>)/i) { |found| yield found }
@@ -146,7 +151,7 @@ module ActionView
       # defined in <tt>:radius</tt> (which defaults to 100). If the excerpt radius overflows the beginning or end of the +text+,
       # then the <tt>:omission</tt> option (which defaults to "...") will be prepended/appended accordingly. Use the
       # <tt>:separator</tt> option to choose the delimitation. The resulting string will be stripped in any case. If the +phrase+
-      # isn't found, nil is returned.
+      # isn't found, +nil+ is returned.
       #
       #   excerpt('This is an example', 'an', radius: 5)
       #   # => ...s is an exam...
@@ -182,7 +187,7 @@ module ActionView
         unless separator.empty?
           text.split(separator).each do |value|
             if value.match(regex)
-              regex = phrase = value
+              phrase = value
               break
             end
           end
@@ -199,7 +204,12 @@ module ActionView
 
       # Attempts to pluralize the +singular+ word unless +count+ is 1. If
       # +plural+ is supplied, it will use that when count is > 1, otherwise
-      # it will use the Inflector to determine the plural form.
+      # it will use the Inflector to determine the plural form for the given locale,
+      # which defaults to I18n.locale
+      #
+      # The word will be pluralized using rules defined for the locale
+      # (you must define your own inflection rules for languages other than English).
+      # See ActiveSupport::Inflector.pluralize
       #
       #   pluralize(1, 'person')
       #   # => 1 person
@@ -207,16 +217,19 @@ module ActionView
       #   pluralize(2, 'person')
       #   # => 2 people
       #
-      #   pluralize(3, 'person', 'users')
+      #   pluralize(3, 'person', plural: 'users')
       #   # => 3 users
       #
       #   pluralize(0, 'person')
       #   # => 0 people
-      def pluralize(count, singular, plural = nil)
+      #
+      #   pluralize(2, 'Person', locale: :de)
+      #   # => 2 Personen
+      def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale)
         word = if (count == 1 || count =~ /^1(\.0+)?$/)
           singular
         else
-          plural || singular.pluralize
+          plural || singular.pluralize(locale)
         end
 
         "#{count || 0} #{word}"
@@ -237,19 +250,23 @@ module ActionView
       #
       #   word_wrap('Once upon a time', line_width: 1)
       #   # => Once\nupon\na\ntime
-      def word_wrap(text, options = {})
-        line_width = options.fetch(:line_width, 80)
-
+      #
+      #   You can also specify a custom +break_sequence+ ("\n" by default)
+      #
+      #   word_wrap('Once upon a time', line_width: 1, break_sequence: "\r\n")
+      #   # => Once\r\nupon\r\na\r\ntime
+      def word_wrap(text, line_width: 80, break_sequence: "\n")
         text.split("\n").collect! do |line|
-          line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1\n").strip : line
-        end * "\n"
+          line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1#{break_sequence}").strip : line
+        end * break_sequence
       end
 
       # Returns +text+ transformed into HTML using simple formatting rules.
-      # Two or more consecutive newlines(<tt>\n\n</tt>) are considered as a
-      # paragraph and wrapped in <tt><p></tt> tags. One newline (<tt>\n</tt>) is
-      # considered as a linebreak and a <tt><br /></tt> tag is appended. This
-      # method does not remove the newlines from the +text+.
+      # Two or more consecutive newlines(<tt>\n\n</tt> or <tt>\r\n\r\n</tt>) are
+      # considered a paragraph and wrapped in <tt><p></tt> tags. One newline
+      # (<tt>\n</tt> or <tt>\r\n</tt>) is considered a linebreak and a
+      # <tt><br /></tt> tag is appended. This method does not remove the
+      # newlines from the +text+.
       #
       # You can pass any HTML attributes into <tt>html_options</tt>. These
       # will be added to all created paragraphs.
@@ -309,7 +326,7 @@ module ActionView
       #   <table>
       #   <% @items.each do |item| %>
       #     <tr class="<%= cycle("odd", "even") -%>">
-      #       <td>item</td>
+      #       <td><%= item %></td>
       #     </tr>
       #   <% end %>
       #   </table>
@@ -334,7 +351,7 @@ module ActionView
       #  <% end %>
       def cycle(first_value, *values)
         options = values.extract_options!
-        name = options.fetch(:name, 'default')
+        name = options.fetch(:name, "default")
 
         values.unshift(*first_value)
 
@@ -408,17 +425,17 @@ module ActionView
 
         private
 
-        def next_index
-          step_index(1)
-        end
+          def next_index
+            step_index(1)
+          end
 
-        def previous_index
-          step_index(-1)
-        end
+          def previous_index
+            step_index(-1)
+          end
 
-        def step_index(n)
-          (@index + n) % @values.size
-        end
+          def step_index(n)
+            (@index + n) % @values.size
+          end
       end
 
       private

data/lib/action_view/helpers/translation_helper.rb

@@ -1,40 +1,61 @@
-require 'action_view/helpers/tag_helper'
-require 'active_support/core_ext/string/access'
-require 'i18n/exceptions'
+require "action_view/helpers/tag_helper"
+require "active_support/core_ext/string/access"
+require "i18n/exceptions"
 
 module ActionView
   # = Action View Translation Helpers
   module Helpers
     module TranslationHelper
+      extend ActiveSupport::Concern
+
       include TagHelper
-      # Delegates to <tt>I18n#translate</tt> but also performs three additional functions.
+
+      included do
+        mattr_accessor :debug_missing_translation
+        self.debug_missing_translation = true
+      end
+
+      # Delegates to <tt>I18n#translate</tt> but also performs three additional
+      # functions.
+      #
+      # First, it will ensure that any thrown +MissingTranslation+ messages will
+      # be rendered as inline spans that:
+      #
+      # * Have a <tt>translation-missing</tt> class applied
+      # * Contain the missing key as the value of the +title+ attribute
+      # * Have a titleized version of the last key segment as text
       #
-      # First, it will ensure that any thrown +MissingTranslation+ messages will be turned
-      # into inline spans that:
+      # For example, the value returned for the missing translation key
+      # <tt>"blog.post.title"</tt> will be:
       #
-      #   * have a "translation-missing" class set,
-      #   * contain the missing key as a title attribute and
-      #   * a titleized version of the last key segment as a text.
+      #    <span
+      #      class="translation_missing"
+      #      title="translation missing: en.blog.post.title">Title</span>
       #
-      # E.g. the value returned for a missing translation key :"blog.post.title" will be
-      # <span class="translation_missing" title="translation missing: en.blog.post.title">Title</span>.
-      # This way your views will display rather reasonable strings but it will still
-      # be easy to spot missing translations.
+      # This allows for views to display rather reasonable strings while still
+      # giving developers a way to find missing translations.
       #
-      # Second, it'll scope the key by the current partial if the key starts
-      # with a period. So if you call <tt>translate(".foo")</tt> from the
-      # <tt>people/index.html.erb</tt> template, you'll actually be calling
-      # <tt>I18n.translate("people.index.foo")</tt>. This makes it less repetitive
-      # to translate many keys within the same partials and gives you a simple framework
-      # for scoping them consistently. If you don't prepend the key with a period,
-      # nothing is converted.
+      # If you would prefer missing translations to raise an error, you can
+      # opt out of span-wrapping behavior globally by setting
+      # <tt>ActionView::Base.raise_on_missing_translations = true</tt> or
+      # individually by passing <tt>raise: true</tt> as an option to
+      # <tt>translate</tt>.
       #
-      # Third, it'll mark the translation as safe HTML if the key has the suffix
-      # "_html" or the last element of the key is the word "html". For example,
-      # calling translate("footer_html") or translate("footer.html") will return
-      # a safe HTML string that won't be escaped by other HTML helper methods. This
-      # naming convention helps to identify translations that include HTML tags so that
-      # you know what kind of output to expect when you call translate in a template.
+      # Second, if the key starts with a period <tt>translate</tt> will scope
+      # the key by the current partial. Calling <tt>translate(".foo")</tt> from
+      # the <tt>people/index.html.erb</tt> template is equivalent to calling
+      # <tt>translate("people.index.foo")</tt>. This makes it less
+      # repetitive to translate many keys within the same partial and provides
+      # a convention to scope keys consistently.
+      #
+      # Third, the translation will be marked as <tt>html_safe</tt> if the key
+      # has the suffix "_html" or the last element of the key is "html". Calling
+      # <tt>translate("footer_html")</tt> or <tt>translate("footer.html")</tt>
+      # will return an HTML safe string that won't be escaped by other HTML
+      # helper methods. This naming convention helps to identify translations
+      # that include HTML tags so that you know what kind of output to expect
+      # when you call translate in a template and translators know which keys
+      # they can provide HTML values for.
       def translate(key, options = {})
         options = options.dup
         has_default = options.has_key?(:default)
@@ -47,11 +68,11 @@ module ActionView
         # If the user has explicitly decided to NOT raise errors, pass that option to I18n.
         # Otherwise, tell I18n to raise an exception, which we rescue further in this method.
         # Note: `raise_error` refers to us re-raising the error in this method. I18n is forced to raise by default.
-        if options[:raise] == false || (options.key?(:rescue_format) && options[:rescue_format].nil?)
+        if options[:raise] == false
           raise_error = false
           i18n_raise = false
         else
-          raise_error = options[:raise] || options[:rescue_format] || ActionView::Base.raise_on_missing_translations
+          raise_error = options[:raise] || ActionView::Base.raise_on_missing_translations
           i18n_raise = true
         end
 
@@ -75,7 +96,16 @@ module ActionView
           raise e if raise_error
 
           keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope])
-          content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}")
+          title = "translation missing: #{keys.join('.')}"
+
+          interpolations = options.except(:default, :scope)
+          if interpolations.any?
+            title << ", " << interpolations.map { |k, v| "#{k}: #{ERB::Util.html_escape(v)}" }.join(", ")
+          end
+
+          return title unless ActionView::Base.debug_missing_translation
+
+          content_tag("span", keys.last.to_s.titleize, class: "translation_missing", title: title)
         end
       end
       alias :t :translate
@@ -103,7 +133,7 @@ module ActionView
         end
 
         def html_safe_translation_key?(key)
-          key.to_s =~ /(\b|_|\.)html$/
+          /(\b|_|\.)html$/.match?(key.to_s)
         end
     end
   end