actionview 4.2.11.1 → 5.2.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +88 -286
- data/MIT-LICENSE +1 -1
- data/README.rdoc +5 -6
- data/lib/action_view/base.rb +38 -28
- data/lib/action_view/buffers.rb +3 -1
- data/lib/action_view/context.rb +3 -3
- data/lib/action_view/dependency_tracker.rb +54 -20
- data/lib/action_view/digestor.rb +94 -83
- data/lib/action_view/flows.rb +11 -11
- data/lib/action_view/gem_version.rb +5 -3
- data/lib/action_view/helpers/active_model_helper.rb +17 -11
- data/lib/action_view/helpers/asset_tag_helper.rb +244 -62
- data/lib/action_view/helpers/asset_url_helper.rb +170 -67
- data/lib/action_view/helpers/atom_feed_helper.rb +19 -17
- data/lib/action_view/helpers/cache_helper.rb +105 -42
- data/lib/action_view/helpers/capture_helper.rb +16 -13
- data/lib/action_view/helpers/controller_helper.rb +15 -4
- data/lib/action_view/helpers/csp_helper.rb +24 -0
- data/lib/action_view/helpers/csrf_helper.rb +7 -5
- data/lib/action_view/helpers/date_helper.rb +170 -112
- data/lib/action_view/helpers/debug_helper.rb +7 -6
- data/lib/action_view/helpers/form_helper.rb +521 -127
- data/lib/action_view/helpers/form_options_helper.rb +109 -63
- data/lib/action_view/helpers/form_tag_helper.rb +110 -67
- data/lib/action_view/helpers/javascript_helper.rb +24 -11
- data/lib/action_view/helpers/number_helper.rb +77 -58
- data/lib/action_view/helpers/output_safety_helper.rb +36 -4
- data/lib/action_view/helpers/record_tag_helper.rb +14 -99
- data/lib/action_view/helpers/rendering_helper.rb +6 -5
- data/lib/action_view/helpers/sanitize_helper.rb +20 -15
- data/lib/action_view/helpers/tag_helper.rb +198 -73
- data/lib/action_view/helpers/tags/base.rb +134 -97
- data/lib/action_view/helpers/tags/check_box.rb +20 -18
- data/lib/action_view/helpers/tags/checkable.rb +4 -2
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +12 -33
- data/lib/action_view/helpers/tags/collection_helpers.rb +70 -36
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +6 -11
- data/lib/action_view/helpers/tags/collection_select.rb +4 -2
- data/lib/action_view/helpers/tags/color_field.rb +3 -1
- data/lib/action_view/helpers/tags/date_field.rb +2 -0
- data/lib/action_view/helpers/tags/date_select.rb +38 -36
- data/lib/action_view/helpers/tags/datetime_field.rb +4 -2
- data/lib/action_view/helpers/tags/datetime_local_field.rb +2 -0
- data/lib/action_view/helpers/tags/datetime_select.rb +2 -0
- data/lib/action_view/helpers/tags/email_field.rb +2 -0
- data/lib/action_view/helpers/tags/file_field.rb +2 -0
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +4 -2
- data/lib/action_view/helpers/tags/hidden_field.rb +2 -0
- data/lib/action_view/helpers/tags/label.rb +3 -1
- data/lib/action_view/helpers/tags/month_field.rb +2 -0
- data/lib/action_view/helpers/tags/number_field.rb +2 -0
- data/lib/action_view/helpers/tags/password_field.rb +3 -1
- data/lib/action_view/helpers/tags/placeholderable.rb +3 -1
- data/lib/action_view/helpers/tags/radio_button.rb +7 -5
- data/lib/action_view/helpers/tags/range_field.rb +2 -0
- data/lib/action_view/helpers/tags/search_field.rb +14 -9
- data/lib/action_view/helpers/tags/select.rb +11 -9
- data/lib/action_view/helpers/tags/tel_field.rb +2 -0
- data/lib/action_view/helpers/tags/text_area.rb +4 -2
- data/lib/action_view/helpers/tags/text_field.rb +8 -7
- data/lib/action_view/helpers/tags/time_field.rb +2 -0
- data/lib/action_view/helpers/tags/time_select.rb +2 -0
- data/lib/action_view/helpers/tags/time_zone_select.rb +3 -1
- data/lib/action_view/helpers/tags/translator.rb +17 -13
- data/lib/action_view/helpers/tags/url_field.rb +2 -0
- data/lib/action_view/helpers/tags/week_field.rb +2 -0
- data/lib/action_view/helpers/tags.rb +3 -1
- data/lib/action_view/helpers/text_helper.rb +55 -36
- data/lib/action_view/helpers/translation_helper.rb +62 -31
- data/lib/action_view/helpers/url_helper.rb +159 -104
- data/lib/action_view/helpers.rb +5 -1
- data/lib/action_view/layouts.rb +65 -58
- data/lib/action_view/log_subscriber.rb +60 -8
- data/lib/action_view/lookup_context.rb +80 -65
- data/lib/action_view/model_naming.rb +3 -1
- data/lib/action_view/path_set.rb +30 -19
- data/lib/action_view/railtie.rb +39 -6
- data/lib/action_view/record_identifier.rb +53 -25
- data/lib/action_view/renderer/abstract_renderer.rb +21 -15
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +57 -0
- data/lib/action_view/renderer/partial_renderer.rb +218 -214
- data/lib/action_view/renderer/renderer.rb +8 -6
- data/lib/action_view/renderer/streaming_template_renderer.rb +50 -48
- data/lib/action_view/renderer/template_renderer.rb +67 -66
- data/lib/action_view/rendering.rb +19 -14
- data/lib/action_view/routing_url_for.rb +27 -17
- data/lib/action_view/tasks/cache_digests.rake +25 -0
- data/lib/action_view/template/error.rb +16 -16
- data/lib/action_view/template/handlers/builder.rb +10 -11
- data/lib/action_view/template/handlers/erb/erubi.rb +83 -0
- data/lib/action_view/template/handlers/erb.rb +9 -80
- data/lib/action_view/template/handlers/html.rb +11 -0
- data/lib/action_view/template/handlers/raw.rb +3 -3
- data/lib/action_view/template/handlers.rb +11 -7
- data/lib/action_view/template/html.rb +5 -5
- data/lib/action_view/template/resolver.rb +140 -115
- data/lib/action_view/template/text.rb +8 -9
- data/lib/action_view/template/types.rb +18 -18
- data/lib/action_view/template.rb +56 -31
- data/lib/action_view/test_case.rb +50 -29
- data/lib/action_view/testing/resolvers.rb +31 -31
- data/lib/action_view/version.rb +3 -1
- data/lib/action_view/view_paths.rb +28 -34
- data/lib/action_view.rb +8 -7
- data/lib/assets/compiled/rails-ujs.js +720 -0
- metadata +25 -24
- data/lib/action_view/tasks/dependencies.rake +0 -23
@@ -1,13 +1,12 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "active_support/core_ext/hash/keys"
|
4
|
+
require "active_support/core_ext/string/output_safety"
|
5
|
+
require "active_support/number_helper"
|
6
6
|
|
7
7
|
module ActionView
|
8
8
|
# = Action View Number Helpers
|
9
9
|
module Helpers #:nodoc:
|
10
|
-
|
11
10
|
# Provides methods for converting numbers into formatted strings.
|
12
11
|
# Methods are provided for phone numbers, currency, percentage,
|
13
12
|
# precision, positional notation, file size and pretty printing.
|
@@ -15,7 +14,6 @@ module ActionView
|
|
15
14
|
# Most methods expect a +number+ argument, and will return it
|
16
15
|
# unchanged if can't be converted into a valid number.
|
17
16
|
module NumberHelper
|
18
|
-
|
19
17
|
# Raised when argument +number+ param given to the helpers is invalid and
|
20
18
|
# the option :raise is set to +true+.
|
21
19
|
class InvalidNumberError < StandardError
|
@@ -25,7 +23,7 @@ module ActionView
|
|
25
23
|
end
|
26
24
|
end
|
27
25
|
|
28
|
-
# Formats a +number+ into a
|
26
|
+
# Formats a +number+ into a phone number (US by default e.g., (555)
|
29
27
|
# 123-9876). You can customize the format in the +options+ hash.
|
30
28
|
#
|
31
29
|
# ==== Options
|
@@ -37,6 +35,8 @@ module ActionView
|
|
37
35
|
# end of the generated number.
|
38
36
|
# * <tt>:country_code</tt> - Sets the country code for the phone
|
39
37
|
# number.
|
38
|
+
# * <tt>:pattern</tt> - Specifies how the number is divided into three
|
39
|
+
# groups with the custom regexp to override the default format.
|
40
40
|
# * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
|
41
41
|
# the argument is invalid.
|
42
42
|
#
|
@@ -54,6 +54,11 @@ module ActionView
|
|
54
54
|
#
|
55
55
|
# number_to_phone(1235551234, country_code: 1, extension: 1343, delimiter: ".")
|
56
56
|
# # => +1.123.555.1234 x 1343
|
57
|
+
#
|
58
|
+
# number_to_phone(75561234567, pattern: /(\d{1,4})(\d{4})(\d{4})$/, area_code: true)
|
59
|
+
# # => "(755) 6123-4567"
|
60
|
+
# number_to_phone(13312345678, pattern: /(\d{3})(\d{4})(\d{4})$/))
|
61
|
+
# # => "133-1234-5678"
|
57
62
|
def number_to_phone(number, options = {})
|
58
63
|
return unless number
|
59
64
|
options = options.symbolize_keys
|
@@ -65,6 +70,14 @@ module ActionView
|
|
65
70
|
# Formats a +number+ into a currency string (e.g., $13.65). You
|
66
71
|
# can customize the format in the +options+ hash.
|
67
72
|
#
|
73
|
+
# The currency unit and number formatting of the current locale will be used
|
74
|
+
# unless otherwise specified in the provided options. No currency conversion
|
75
|
+
# is performed. If the user is given a way to change their locale, they will
|
76
|
+
# also be able to change the relative value of the currency displayed with
|
77
|
+
# this helper. If your application will ever support multiple locales, you
|
78
|
+
# may want to specify a constant <tt>:locale</tt> option or consider
|
79
|
+
# using a library capable of currency conversion.
|
80
|
+
#
|
68
81
|
# ==== Options
|
69
82
|
#
|
70
83
|
# * <tt>:locale</tt> - Sets the locale to be used for formatting
|
@@ -81,7 +94,7 @@ module ActionView
|
|
81
94
|
# (defaults to "%u%n"). Fields are <tt>%u</tt> for the
|
82
95
|
# currency, and <tt>%n</tt> for the number.
|
83
96
|
# * <tt>:negative_format</tt> - Sets the format for negative
|
84
|
-
# numbers (defaults to prepending
|
97
|
+
# numbers (defaults to prepending a hyphen to the formatted
|
85
98
|
# number given by <tt>:format</tt>). Accepts the same fields
|
86
99
|
# than <tt>:format</tt>, except <tt>%n</tt> is here the
|
87
100
|
# absolute value of the number.
|
@@ -117,8 +130,8 @@ module ActionView
|
|
117
130
|
# (defaults to current locale).
|
118
131
|
# * <tt>:precision</tt> - Sets the precision of the number
|
119
132
|
# (defaults to 3).
|
120
|
-
# * <tt>:significant</tt> - If +true+, precision will be the
|
121
|
-
# of significant_digits. If +false+, the
|
133
|
+
# * <tt>:significant</tt> - If +true+, precision will be the number
|
134
|
+
# of significant_digits. If +false+, the number of fractional
|
122
135
|
# digits (defaults to +false+).
|
123
136
|
# * <tt>:separator</tt> - Sets the separator between the
|
124
137
|
# fractional and integer digits (defaults to ".").
|
@@ -141,7 +154,7 @@ module ActionView
|
|
141
154
|
# number_to_percentage(302.24398923423, precision: 5) # => 302.24399%
|
142
155
|
# number_to_percentage(1000, locale: :fr) # => 1 000,000%
|
143
156
|
# number_to_percentage("98a") # => 98a%
|
144
|
-
# number_to_percentage(100, format: "%n %") # => 100 %
|
157
|
+
# number_to_percentage(100, format: "%n %") # => 100.000 %
|
145
158
|
#
|
146
159
|
# number_to_percentage("98a", raise: true) # => InvalidNumberError
|
147
160
|
def number_to_percentage(number, options = {})
|
@@ -160,6 +173,9 @@ module ActionView
|
|
160
173
|
# to ",").
|
161
174
|
# * <tt>:separator</tt> - Sets the separator between the
|
162
175
|
# fractional and integer digits (defaults to ".").
|
176
|
+
# * <tt>:delimiter_pattern</tt> - Sets a custom regular expression used for
|
177
|
+
# deriving the placement of delimiter. Helpful when using currency formats
|
178
|
+
# like INR.
|
163
179
|
# * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
|
164
180
|
# the argument is invalid.
|
165
181
|
#
|
@@ -176,6 +192,9 @@ module ActionView
|
|
176
192
|
# number_with_delimiter(98765432.98, delimiter: " ", separator: ",")
|
177
193
|
# # => 98 765 432,98
|
178
194
|
#
|
195
|
+
# number_with_delimiter("123456.78",
|
196
|
+
# delimiter_pattern: /(\d+?)(?=(\d\d)+(\d)(?!\d))/) # => "1,23,456.78"
|
197
|
+
#
|
179
198
|
# number_with_delimiter("112a", raise: true) # => raise InvalidNumberError
|
180
199
|
def number_with_delimiter(number, options = {})
|
181
200
|
delegate_number_helper_method(:number_to_delimited, number, options)
|
@@ -192,8 +211,8 @@ module ActionView
|
|
192
211
|
# (defaults to current locale).
|
193
212
|
# * <tt>:precision</tt> - Sets the precision of the number
|
194
213
|
# (defaults to 3).
|
195
|
-
# * <tt>:significant</tt> - If +true+, precision will be the
|
196
|
-
# of significant_digits. If +false+, the
|
214
|
+
# * <tt>:significant</tt> - If +true+, precision will be the number
|
215
|
+
# of significant_digits. If +false+, the number of fractional
|
197
216
|
# digits (defaults to +false+).
|
198
217
|
# * <tt>:separator</tt> - Sets the separator between the
|
199
218
|
# fractional and integer digits (defaults to ".").
|
@@ -240,8 +259,8 @@ module ActionView
|
|
240
259
|
# (defaults to current locale).
|
241
260
|
# * <tt>:precision</tt> - Sets the precision of the number
|
242
261
|
# (defaults to 3).
|
243
|
-
# * <tt>:significant</tt> - If +true+, precision will be the
|
244
|
-
# of significant_digits. If +false+, the
|
262
|
+
# * <tt>:significant</tt> - If +true+, precision will be the number
|
263
|
+
# of significant_digits. If +false+, the number of fractional
|
245
264
|
# digits (defaults to +true+)
|
246
265
|
# * <tt>:separator</tt> - Sets the separator between the
|
247
266
|
# fractional and integer digits (defaults to ".").
|
@@ -250,8 +269,6 @@ module ActionView
|
|
250
269
|
# * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
|
251
270
|
# insignificant zeros after the decimal separator (defaults to
|
252
271
|
# +true+)
|
253
|
-
# * <tt>:prefix</tt> - If +:si+ formats the number using the SI
|
254
|
-
# prefix (defaults to :binary)
|
255
272
|
# * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
|
256
273
|
# the argument is invalid.
|
257
274
|
#
|
@@ -263,6 +280,8 @@ module ActionView
|
|
263
280
|
# number_to_human_size(1234567) # => 1.18 MB
|
264
281
|
# number_to_human_size(1234567890) # => 1.15 GB
|
265
282
|
# number_to_human_size(1234567890123) # => 1.12 TB
|
283
|
+
# number_to_human_size(1234567890123456) # => 1.1 PB
|
284
|
+
# number_to_human_size(1234567890123456789) # => 1.07 EB
|
266
285
|
# number_to_human_size(1234567, precision: 2) # => 1.2 MB
|
267
286
|
# number_to_human_size(483989, precision: 2) # => 470 KB
|
268
287
|
# number_to_human_size(1234567, precision: 2, separator: ',') # => 1,2 MB
|
@@ -280,7 +299,7 @@ module ActionView
|
|
280
299
|
# See <tt>number_to_human_size</tt> if you want to print a file
|
281
300
|
# size.
|
282
301
|
#
|
283
|
-
# You can also define
|
302
|
+
# You can also define your own unit-quantifier names if you want
|
284
303
|
# to use other decimal units (eg.: 1500 becomes "1.5
|
285
304
|
# kilometers", 0.150 becomes "150 milliliters", etc). You may
|
286
305
|
# define a wide range of unit quantifiers, even fractional ones
|
@@ -292,8 +311,8 @@ module ActionView
|
|
292
311
|
# (defaults to current locale).
|
293
312
|
# * <tt>:precision</tt> - Sets the precision of the number
|
294
313
|
# (defaults to 3).
|
295
|
-
# * <tt>:significant</tt> - If +true+, precision will be the
|
296
|
-
# of significant_digits. If +false+, the
|
314
|
+
# * <tt>:significant</tt> - If +true+, precision will be the number
|
315
|
+
# of significant_digits. If +false+, the number of fractional
|
297
316
|
# digits (defaults to +true+)
|
298
317
|
# * <tt>:separator</tt> - Sets the separator between the
|
299
318
|
# fractional and integer digits (defaults to ".").
|
@@ -380,53 +399,53 @@ module ActionView
|
|
380
399
|
|
381
400
|
private
|
382
401
|
|
383
|
-
|
384
|
-
|
385
|
-
|
402
|
+
def delegate_number_helper_method(method, number, options)
|
403
|
+
return unless number
|
404
|
+
options = escape_unsafe_options(options.symbolize_keys)
|
386
405
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
406
|
+
wrap_with_output_safety_handling(number, options.delete(:raise)) {
|
407
|
+
ActiveSupport::NumberHelper.public_send(method, number, options)
|
408
|
+
}
|
409
|
+
end
|
391
410
|
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
411
|
+
def escape_unsafe_options(options)
|
412
|
+
options[:format] = ERB::Util.html_escape(options[:format]) if options[:format]
|
413
|
+
options[:negative_format] = ERB::Util.html_escape(options[:negative_format]) if options[:negative_format]
|
414
|
+
options[:separator] = ERB::Util.html_escape(options[:separator]) if options[:separator]
|
415
|
+
options[:delimiter] = ERB::Util.html_escape(options[:delimiter]) if options[:delimiter]
|
416
|
+
options[:unit] = ERB::Util.html_escape(options[:unit]) if options[:unit] && !options[:unit].html_safe?
|
417
|
+
options[:units] = escape_units(options[:units]) if options[:units] && Hash === options[:units]
|
418
|
+
options
|
419
|
+
end
|
401
420
|
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
421
|
+
def escape_units(units)
|
422
|
+
Hash[units.map do |k, v|
|
423
|
+
[k, ERB::Util.html_escape(v)]
|
424
|
+
end]
|
425
|
+
end
|
407
426
|
|
408
|
-
|
409
|
-
|
410
|
-
|
427
|
+
def wrap_with_output_safety_handling(number, raise_on_invalid, &block)
|
428
|
+
valid_float = valid_float?(number)
|
429
|
+
raise InvalidNumberError, number if raise_on_invalid && !valid_float
|
411
430
|
|
412
|
-
|
431
|
+
formatted_number = yield
|
413
432
|
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
|
433
|
+
if valid_float || number.html_safe?
|
434
|
+
formatted_number.html_safe
|
435
|
+
else
|
436
|
+
formatted_number
|
437
|
+
end
|
418
438
|
end
|
419
|
-
end
|
420
439
|
|
421
|
-
|
422
|
-
|
423
|
-
|
440
|
+
def valid_float?(number)
|
441
|
+
!parse_float(number, false).nil?
|
442
|
+
end
|
424
443
|
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
444
|
+
def parse_float(number, raise_error)
|
445
|
+
Float(number)
|
446
|
+
rescue ArgumentError, TypeError
|
447
|
+
raise InvalidNumberError, number if raise_error
|
448
|
+
end
|
430
449
|
end
|
431
450
|
end
|
432
451
|
end
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/core_ext/string/output_safety"
|
2
4
|
|
3
5
|
module ActionView #:nodoc:
|
4
6
|
# = Action View Raw Output Helper
|
@@ -22,17 +24,47 @@ module ActionView #:nodoc:
|
|
22
24
|
# the supplied separator, are HTML escaped unless they are HTML
|
23
25
|
# safe, and the returned string is marked as HTML safe.
|
24
26
|
#
|
25
|
-
# safe_join(["<p>foo</p>"
|
27
|
+
# safe_join([raw("<p>foo</p>"), "<p>bar</p>"], "<br />")
|
26
28
|
# # => "<p>foo</p><br /><p>bar</p>"
|
27
29
|
#
|
28
|
-
# safe_join(["<p>foo</p>"
|
30
|
+
# safe_join([raw("<p>foo</p>"), raw("<p>bar</p>")], raw("<br />"))
|
29
31
|
# # => "<p>foo</p><br /><p>bar</p>"
|
30
32
|
#
|
31
|
-
def safe_join(array, sep
|
33
|
+
def safe_join(array, sep = $,)
|
32
34
|
sep = ERB::Util.unwrapped_html_escape(sep)
|
33
35
|
|
34
36
|
array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
|
35
37
|
end
|
38
|
+
|
39
|
+
# Converts the array to a comma-separated sentence where the last element is
|
40
|
+
# joined by the connector word. This is the html_safe-aware version of
|
41
|
+
# ActiveSupport's {Array#to_sentence}[http://api.rubyonrails.org/classes/Array.html#method-i-to_sentence].
|
42
|
+
#
|
43
|
+
def to_sentence(array, options = {})
|
44
|
+
options.assert_valid_keys(:words_connector, :two_words_connector, :last_word_connector, :locale)
|
45
|
+
|
46
|
+
default_connectors = {
|
47
|
+
words_connector: ", ",
|
48
|
+
two_words_connector: " and ",
|
49
|
+
last_word_connector: ", and "
|
50
|
+
}
|
51
|
+
if defined?(I18n)
|
52
|
+
i18n_connectors = I18n.translate(:'support.array', locale: options[:locale], default: {})
|
53
|
+
default_connectors.merge!(i18n_connectors)
|
54
|
+
end
|
55
|
+
options = default_connectors.merge!(options)
|
56
|
+
|
57
|
+
case array.length
|
58
|
+
when 0
|
59
|
+
"".html_safe
|
60
|
+
when 1
|
61
|
+
ERB::Util.html_escape(array[0])
|
62
|
+
when 2
|
63
|
+
safe_join([array[0], array[1]], options[:two_words_connector])
|
64
|
+
else
|
65
|
+
safe_join([safe_join(array[0...-1], options[:words_connector]), options[:last_word_connector], array[-1]], nil)
|
66
|
+
end
|
67
|
+
end
|
36
68
|
end
|
37
69
|
end
|
38
70
|
end
|
@@ -1,108 +1,23 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module ActionView
|
4
|
-
|
5
|
-
module Helpers
|
4
|
+
module Helpers #:nodoc:
|
6
5
|
module RecordTagHelper
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
# <%= @person.name %>
|
14
|
-
# <% end %>
|
15
|
-
#
|
16
|
-
# produces:
|
17
|
-
#
|
18
|
-
# <div id="person_123" class="person foo"> Joe Bloggs </div>
|
19
|
-
#
|
20
|
-
# You can also pass an array of Active Record objects, which will then
|
21
|
-
# get iterated over and yield each record as an argument for the block.
|
22
|
-
# For example:
|
23
|
-
#
|
24
|
-
# <%= div_for(@people, class: "foo") do |person| %>
|
25
|
-
# <%= person.name %>
|
26
|
-
# <% end %>
|
27
|
-
#
|
28
|
-
# produces:
|
29
|
-
#
|
30
|
-
# <div id="person_123" class="person foo"> Joe Bloggs </div>
|
31
|
-
# <div id="person_124" class="person foo"> Jane Bloggs </div>
|
32
|
-
#
|
33
|
-
def div_for(record, *args, &block)
|
34
|
-
content_tag_for(:div, record, *args, &block)
|
6
|
+
def div_for(*) # :nodoc:
|
7
|
+
raise NoMethodError, "The `div_for` method has been removed from " \
|
8
|
+
"Rails. To continue using it, add the `record_tag_helper` gem to " \
|
9
|
+
"your Gemfile:\n" \
|
10
|
+
" gem 'record_tag_helper', '~> 1.0'\n" \
|
11
|
+
"Consult the Rails upgrade guide for details."
|
35
12
|
end
|
36
13
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
# <% end %>
|
44
|
-
#
|
45
|
-
# would produce the following HTML (assuming @person is an instance of
|
46
|
-
# a Person object, with an id value of 123):
|
47
|
-
#
|
48
|
-
# <tr id="person_123" class="person">....</tr>
|
49
|
-
#
|
50
|
-
# If you require the HTML id attribute to have a prefix, you can specify it:
|
51
|
-
#
|
52
|
-
# <%= content_tag_for(:tr, @person, :foo) do %> ...
|
53
|
-
#
|
54
|
-
# produces:
|
55
|
-
#
|
56
|
-
# <tr id="foo_person_123" class="person">...
|
57
|
-
#
|
58
|
-
# You can also pass an array of objects which this method will loop through
|
59
|
-
# and yield the current object to the supplied block, reducing the need for
|
60
|
-
# having to iterate through the object (using <tt>each</tt>) beforehand.
|
61
|
-
# For example (assuming @people is an array of Person objects):
|
62
|
-
#
|
63
|
-
# <%= content_tag_for(:tr, @people) do |person| %>
|
64
|
-
# <td><%= person.first_name %></td>
|
65
|
-
# <td><%= person.last_name %></td>
|
66
|
-
# <% end %>
|
67
|
-
#
|
68
|
-
# produces:
|
69
|
-
#
|
70
|
-
# <tr id="person_123" class="person">...</tr>
|
71
|
-
# <tr id="person_124" class="person">...</tr>
|
72
|
-
#
|
73
|
-
# content_tag_for also accepts a hash of options, which will be converted to
|
74
|
-
# additional HTML attributes. If you specify a <tt>:class</tt> value, it will be combined
|
75
|
-
# with the default class name for your object. For example:
|
76
|
-
#
|
77
|
-
# <%= content_tag_for(:li, @person, class: "bar") %>...
|
78
|
-
#
|
79
|
-
# produces:
|
80
|
-
#
|
81
|
-
# <li id="person_123" class="person bar">...
|
82
|
-
#
|
83
|
-
def content_tag_for(tag_name, single_or_multiple_records, prefix = nil, options = nil, &block)
|
84
|
-
options, prefix = prefix, nil if prefix.is_a?(Hash)
|
85
|
-
|
86
|
-
Array(single_or_multiple_records).map do |single_record|
|
87
|
-
content_tag_for_single_record(tag_name, single_record, prefix, options, &block)
|
88
|
-
end.join("\n").html_safe
|
14
|
+
def content_tag_for(*) # :nodoc:
|
15
|
+
raise NoMethodError, "The `content_tag_for` method has been removed from " \
|
16
|
+
"Rails. To continue using it, add the `record_tag_helper` gem to " \
|
17
|
+
"your Gemfile:\n" \
|
18
|
+
" gem 'record_tag_helper', '~> 1.0'\n" \
|
19
|
+
"Consult the Rails upgrade guide for details."
|
89
20
|
end
|
90
|
-
|
91
|
-
private
|
92
|
-
|
93
|
-
# Called by <tt>content_tag_for</tt> internally to render a content tag
|
94
|
-
# for each record.
|
95
|
-
def content_tag_for_single_record(tag_name, record, prefix, options, &block)
|
96
|
-
options = options ? options.dup : {}
|
97
|
-
options[:class] = [ dom_class(record, prefix), options[:class] ].compact
|
98
|
-
options[:id] = dom_id(record, prefix)
|
99
|
-
|
100
|
-
if block_given?
|
101
|
-
content_tag(tag_name, capture(record, &block), options)
|
102
|
-
else
|
103
|
-
content_tag(tag_name, "", options)
|
104
|
-
end
|
105
|
-
end
|
106
21
|
end
|
107
22
|
end
|
108
23
|
end
|
@@ -1,5 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
|
-
module Helpers
|
4
|
+
module Helpers #:nodoc:
|
3
5
|
# = Action View Rendering
|
4
6
|
#
|
5
7
|
# Implements methods that allow rendering from a view context.
|
@@ -11,14 +13,13 @@ module ActionView
|
|
11
13
|
# * <tt>:partial</tt> - See <tt>ActionView::PartialRenderer</tt>.
|
12
14
|
# * <tt>:file</tt> - Renders an explicit template file (this used to be the old default), add :locals to pass in those.
|
13
15
|
# * <tt>:inline</tt> - Renders an inline template similar to how it's done in the controller.
|
14
|
-
# * <tt>:text</tt> - Renders the text passed in out.
|
15
16
|
# * <tt>:plain</tt> - Renders the text passed in out. Setting the content
|
16
17
|
# type as <tt>text/plain</tt>.
|
17
18
|
# * <tt>:html</tt> - Renders the HTML safe string passed in out, otherwise
|
18
19
|
# performs HTML escape on the string first. Setting the content type as
|
19
20
|
# <tt>text/html</tt>.
|
20
21
|
# * <tt>:body</tt> - Renders the text passed in, and inherits the content
|
21
|
-
# type of <tt>text/
|
22
|
+
# type of <tt>text/plain</tt> from <tt>ActionDispatch::Response</tt>
|
22
23
|
# object.
|
23
24
|
#
|
24
25
|
# If no options hash is passed or :update specified, the default is to render a partial and use the second parameter
|
@@ -27,12 +28,12 @@ module ActionView
|
|
27
28
|
case options
|
28
29
|
when Hash
|
29
30
|
if block_given?
|
30
|
-
view_renderer.render_partial(self, options.merge(:
|
31
|
+
view_renderer.render_partial(self, options.merge(partial: options[:layout]), &block)
|
31
32
|
else
|
32
33
|
view_renderer.render(self, options)
|
33
34
|
end
|
34
35
|
else
|
35
|
-
view_renderer.render_partial(self, :
|
36
|
+
view_renderer.render_partial(self, partial: options, locals: locals, &block)
|
36
37
|
end
|
37
38
|
end
|
38
39
|
|
@@ -1,10 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/core_ext/object/try"
|
4
|
+
require "rails-html-sanitizer"
|
4
5
|
|
5
6
|
module ActionView
|
6
7
|
# = Action View Sanitize Helpers
|
7
|
-
module Helpers
|
8
|
+
module Helpers #:nodoc:
|
8
9
|
# The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements.
|
9
10
|
# These helper methods extend Action View making them callable within your template files.
|
10
11
|
module SanitizeHelper
|
@@ -14,6 +15,7 @@ module ActionView
|
|
14
15
|
# It also strips href/src attributes with unsafe protocols like
|
15
16
|
# <tt>javascript:</tt>, while also protecting against attempts to use Unicode,
|
16
17
|
# ASCII, and hex character references to work around these protocol filters.
|
18
|
+
# All special characters will be escaped.
|
17
19
|
#
|
18
20
|
# The default sanitizer is Rails::Html::WhiteListSanitizer. See {Rails HTML
|
19
21
|
# Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information.
|
@@ -21,8 +23,7 @@ module ActionView
|
|
21
23
|
# Custom sanitization rules can also be provided.
|
22
24
|
#
|
23
25
|
# Please note that sanitizing user-provided text does not guarantee that the
|
24
|
-
# resulting markup is valid or even well-formed.
|
25
|
-
# contain unescaped characters like <tt><</tt>, <tt>></tt>, or <tt>&</tt>.
|
26
|
+
# resulting markup is valid or even well-formed.
|
26
27
|
#
|
27
28
|
# ==== Options
|
28
29
|
#
|
@@ -46,17 +47,15 @@ module ActionView
|
|
46
47
|
# Providing a custom Rails::Html scrubber:
|
47
48
|
#
|
48
49
|
# class CommentScrubber < Rails::Html::PermitScrubber
|
49
|
-
# def
|
50
|
-
#
|
50
|
+
# def initialize
|
51
|
+
# super
|
52
|
+
# self.tags = %w( form script comment blockquote )
|
53
|
+
# self.attributes = %w( style )
|
51
54
|
# end
|
52
55
|
#
|
53
56
|
# def skip_node?(node)
|
54
57
|
# node.text?
|
55
58
|
# end
|
56
|
-
#
|
57
|
-
# def scrub_attribute?(name)
|
58
|
-
# name == 'style'
|
59
|
-
# end
|
60
59
|
# end
|
61
60
|
#
|
62
61
|
# <%= sanitize @comment.body, scrubber: CommentScrubber.new %>
|
@@ -89,7 +88,7 @@ module ActionView
|
|
89
88
|
self.class.white_list_sanitizer.sanitize_css(style)
|
90
89
|
end
|
91
90
|
|
92
|
-
# Strips all HTML tags from +html+, including comments.
|
91
|
+
# Strips all HTML tags from +html+, including comments and special characters.
|
93
92
|
#
|
94
93
|
# strip_tags("Strip <i>these</i> tags!")
|
95
94
|
# # => Strip these tags!
|
@@ -99,8 +98,11 @@ module ActionView
|
|
99
98
|
#
|
100
99
|
# strip_tags("<div id='top-bar'>Welcome to my website!</div>")
|
101
100
|
# # => Welcome to my website!
|
101
|
+
#
|
102
|
+
# strip_tags("> A quote from Smith & Wesson")
|
103
|
+
# # => > A quote from Smith & Wesson
|
102
104
|
def strip_tags(html)
|
103
|
-
self.class.full_sanitizer.sanitize(html
|
105
|
+
self.class.full_sanitizer.sanitize(html)
|
104
106
|
end
|
105
107
|
|
106
108
|
# Strips all link tags from +html+ leaving just the link text.
|
@@ -113,6 +115,9 @@ module ActionView
|
|
113
115
|
#
|
114
116
|
# strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.')
|
115
117
|
# # => Blog: Visit.
|
118
|
+
#
|
119
|
+
# strip_links('<<a href="https://example.org">malformed & link</a>')
|
120
|
+
# # => <malformed & link
|
116
121
|
def strip_links(html)
|
117
122
|
self.class.link_sanitizer.sanitize(html)
|
118
123
|
end
|
@@ -121,7 +126,7 @@ module ActionView
|
|
121
126
|
attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer
|
122
127
|
|
123
128
|
# Vendors the full, link and white list sanitizers.
|
124
|
-
# Provided strictly for
|
129
|
+
# Provided strictly for compatibility and can be removed in Rails 5.1.
|
125
130
|
def sanitizer_vendor
|
126
131
|
Rails::Html::Sanitizer
|
127
132
|
end
|