actionview 4.2.11.1 → 6.0.4.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +242 -186
- data/MIT-LICENSE +1 -1
- data/README.rdoc +9 -8
- data/lib/action_view/base.rb +144 -37
- data/lib/action_view/buffers.rb +18 -1
- data/lib/action_view/cache_expiry.rb +53 -0
- data/lib/action_view/context.rb +8 -12
- data/lib/action_view/dependency_tracker.rb +54 -20
- data/lib/action_view/digestor.rb +88 -85
- data/lib/action_view/flows.rb +11 -12
- data/lib/action_view/gem_version.rb +6 -4
- data/lib/action_view/helpers/active_model_helper.rb +16 -11
- data/lib/action_view/helpers/asset_tag_helper.rb +241 -82
- data/lib/action_view/helpers/asset_url_helper.rb +171 -67
- data/lib/action_view/helpers/atom_feed_helper.rb +19 -17
- data/lib/action_view/helpers/cache_helper.rb +112 -42
- data/lib/action_view/helpers/capture_helper.rb +20 -13
- data/lib/action_view/helpers/controller_helper.rb +15 -4
- data/lib/action_view/helpers/csp_helper.rb +26 -0
- data/lib/action_view/helpers/csrf_helper.rb +8 -6
- data/lib/action_view/helpers/date_helper.rb +230 -129
- data/lib/action_view/helpers/debug_helper.rb +7 -6
- data/lib/action_view/helpers/form_helper.rb +755 -129
- data/lib/action_view/helpers/form_options_helper.rb +130 -75
- data/lib/action_view/helpers/form_tag_helper.rb +116 -71
- data/lib/action_view/helpers/javascript_helper.rb +30 -14
- data/lib/action_view/helpers/number_helper.rb +84 -59
- data/lib/action_view/helpers/output_safety_helper.rb +36 -4
- data/lib/action_view/helpers/rendering_helper.rb +11 -8
- data/lib/action_view/helpers/sanitize_helper.rb +30 -31
- data/lib/action_view/helpers/tag_helper.rb +232 -75
- data/lib/action_view/helpers/tags/base.rb +138 -98
- data/lib/action_view/helpers/tags/check_box.rb +20 -19
- data/lib/action_view/helpers/tags/checkable.rb +4 -2
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +12 -34
- data/lib/action_view/helpers/tags/collection_helpers.rb +69 -36
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +6 -12
- data/lib/action_view/helpers/tags/collection_select.rb +4 -2
- data/lib/action_view/helpers/tags/color_field.rb +4 -3
- data/lib/action_view/helpers/tags/date_field.rb +2 -1
- data/lib/action_view/helpers/tags/date_select.rb +37 -36
- data/lib/action_view/helpers/tags/datetime_field.rb +4 -3
- data/lib/action_view/helpers/tags/datetime_local_field.rb +2 -1
- data/lib/action_view/helpers/tags/datetime_select.rb +2 -0
- data/lib/action_view/helpers/tags/email_field.rb +2 -0
- data/lib/action_view/helpers/tags/file_field.rb +2 -0
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +4 -2
- data/lib/action_view/helpers/tags/hidden_field.rb +2 -0
- data/lib/action_view/helpers/tags/label.rb +3 -2
- data/lib/action_view/helpers/tags/month_field.rb +2 -1
- data/lib/action_view/helpers/tags/number_field.rb +2 -0
- data/lib/action_view/helpers/tags/password_field.rb +3 -1
- data/lib/action_view/helpers/tags/placeholderable.rb +3 -1
- data/lib/action_view/helpers/tags/radio_button.rb +7 -6
- data/lib/action_view/helpers/tags/range_field.rb +2 -0
- data/lib/action_view/helpers/tags/search_field.rb +14 -9
- data/lib/action_view/helpers/tags/select.rb +11 -10
- data/lib/action_view/helpers/tags/tel_field.rb +2 -0
- data/lib/action_view/helpers/tags/text_area.rb +4 -2
- data/lib/action_view/helpers/tags/text_field.rb +8 -8
- data/lib/action_view/helpers/tags/time_field.rb +2 -1
- data/lib/action_view/helpers/tags/time_select.rb +2 -0
- data/lib/action_view/helpers/tags/time_zone_select.rb +3 -1
- data/lib/action_view/helpers/tags/translator.rb +15 -16
- data/lib/action_view/helpers/tags/url_field.rb +2 -0
- data/lib/action_view/helpers/tags/week_field.rb +2 -1
- data/lib/action_view/helpers/tags.rb +3 -1
- data/lib/action_view/helpers/text_helper.rb +56 -38
- data/lib/action_view/helpers/translation_helper.rb +91 -47
- data/lib/action_view/helpers/url_helper.rb +160 -105
- data/lib/action_view/helpers.rb +5 -3
- data/lib/action_view/layouts.rb +65 -61
- data/lib/action_view/log_subscriber.rb +61 -10
- data/lib/action_view/lookup_context.rb +147 -89
- data/lib/action_view/model_naming.rb +3 -1
- data/lib/action_view/path_set.rb +28 -23
- data/lib/action_view/railtie.rb +62 -6
- data/lib/action_view/record_identifier.rb +53 -26
- data/lib/action_view/renderer/abstract_renderer.rb +71 -13
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +103 -0
- data/lib/action_view/renderer/partial_renderer.rb +239 -225
- data/lib/action_view/renderer/renderer.rb +22 -8
- data/lib/action_view/renderer/streaming_template_renderer.rb +54 -54
- data/lib/action_view/renderer/template_renderer.rb +79 -73
- data/lib/action_view/rendering.rb +68 -44
- data/lib/action_view/routing_url_for.rb +33 -22
- data/lib/action_view/tasks/cache_digests.rake +25 -0
- data/lib/action_view/template/error.rb +44 -29
- data/lib/action_view/template/handlers/builder.rb +12 -13
- data/lib/action_view/template/handlers/erb/erubi.rb +87 -0
- data/lib/action_view/template/handlers/erb.rb +24 -86
- data/lib/action_view/template/handlers/html.rb +11 -0
- data/lib/action_view/template/handlers/raw.rb +4 -4
- data/lib/action_view/template/handlers.rb +38 -8
- data/lib/action_view/template/html.rb +19 -10
- data/lib/action_view/template/inline.rb +22 -0
- data/lib/action_view/template/raw_file.rb +28 -0
- data/lib/action_view/template/resolver.rb +217 -193
- data/lib/action_view/template/sources/file.rb +17 -0
- data/lib/action_view/template/sources.rb +13 -0
- data/lib/action_view/template/text.rb +11 -10
- data/lib/action_view/template/types.rb +18 -18
- data/lib/action_view/template.rb +146 -90
- data/lib/action_view/test_case.rb +52 -32
- data/lib/action_view/testing/resolvers.rb +46 -34
- data/lib/action_view/unbound_template.rb +31 -0
- data/lib/action_view/version.rb +3 -1
- data/lib/action_view/view_paths.rb +48 -31
- data/lib/action_view.rb +11 -8
- data/lib/assets/compiled/rails-ujs.js +746 -0
- metadata +41 -32
- data/lib/action_view/helpers/record_tag_helper.rb +0 -108
- data/lib/action_view/tasks/dependencies.rake +0 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7d4524ccde8ccdd97c429c6fb86a446f168cd38a2fb7cb613eae1a12a856ab7b
|
4
|
+
data.tar.gz: af9127d2426172fd15893a0677cd47693a8b756834b75b9eba9e4d597af02129
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f05445155e060f21a2bb32165685270986019c49eb9b39c830e1acc99e6962f0f258fc3183b5cbaebfa1f69bbe10a176a4b9b653d5e53d5e0fbbbc80827a72a1
|
7
|
+
data.tar.gz: 216d174d5aac9ae24c91e79f1d4d7d3e9c8aec6af7ebd27d239147fd23e702827dc7730e32ee86bf8d0ec12aca358f84e1b8987406bbcfdb8100eba3970143ba
|
data/CHANGELOG.md
CHANGED
@@ -1,357 +1,413 @@
|
|
1
|
-
## Rails
|
1
|
+
## Rails 6.0.4.8 (April 26, 2022) ##
|
2
|
+
|
3
|
+
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
|
4
|
+
|
5
|
+
Escape dangerous characters in names of tags and names of attributes in the
|
6
|
+
tag helpers, following the XML specification. Rename the option
|
7
|
+
`:escape_attributes` to `:escape`, to simplify by applying the option to the
|
8
|
+
whole tag.
|
9
|
+
|
10
|
+
*Álvaro Martín Fraguas*
|
11
|
+
|
12
|
+
|
13
|
+
## Rails 6.0.4.7 (March 08, 2022) ##
|
2
14
|
|
3
15
|
* No changes.
|
4
16
|
|
5
17
|
|
6
|
-
## Rails 4.
|
18
|
+
## Rails 6.0.4.6 (February 11, 2022) ##
|
7
19
|
|
8
20
|
* No changes.
|
9
21
|
|
10
22
|
|
11
|
-
## Rails 4.
|
23
|
+
## Rails 6.0.4.5 (February 11, 2022) ##
|
12
24
|
|
13
25
|
* No changes.
|
14
26
|
|
15
27
|
|
16
|
-
## Rails 4.
|
28
|
+
## Rails 6.0.4.4 (December 15, 2021) ##
|
17
29
|
|
18
30
|
* No changes.
|
19
31
|
|
20
32
|
|
21
|
-
## Rails 4.
|
33
|
+
## Rails 6.0.4.3 (December 14, 2021) ##
|
22
34
|
|
23
35
|
* No changes.
|
24
36
|
|
25
37
|
|
26
|
-
## Rails 4.2
|
38
|
+
## Rails 6.0.4.2 (December 14, 2021) ##
|
27
39
|
|
28
40
|
* No changes.
|
29
41
|
|
30
42
|
|
31
|
-
## Rails 4.
|
43
|
+
## Rails 6.0.4.1 (August 19, 2021) ##
|
32
44
|
|
33
|
-
*
|
34
|
-
attribute when assets are handled by Sprockets >=3.0.
|
45
|
+
* No changes.
|
35
46
|
|
36
|
-
*Bart de Water*
|
37
47
|
|
38
|
-
|
48
|
+
## Rails 6.0.4 (June 15, 2021) ##
|
39
49
|
|
40
|
-
|
50
|
+
* SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
|
51
|
+
call safe_list_sanitizer's class method
|
41
52
|
|
42
|
-
|
53
|
+
Fixes #39586
|
43
54
|
|
44
|
-
*
|
55
|
+
*Taufiq Muhammadi*
|
45
56
|
|
46
|
-
Fixes #22260.
|
47
57
|
|
48
|
-
|
58
|
+
## Rails 6.0.3.7 (May 05, 2021) ##
|
49
59
|
|
50
|
-
*
|
51
|
-
as per the W3 spec: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
|
60
|
+
* No changes.
|
52
61
|
|
53
|
-
*Christoph Geschwind*
|
54
62
|
|
63
|
+
## Rails 6.0.3.6 (March 26, 2021) ##
|
55
64
|
|
56
|
-
|
65
|
+
* No changes.
|
57
66
|
|
58
|
-
* Do not allow render with unpermitted parameter.
|
59
67
|
|
60
|
-
|
68
|
+
## Rails 6.0.3.5 (February 10, 2021) ##
|
61
69
|
|
62
|
-
|
70
|
+
* No changes.
|
63
71
|
|
64
72
|
|
65
|
-
## Rails
|
73
|
+
## Rails 6.0.3.4 (October 07, 2020) ##
|
66
74
|
|
67
|
-
*
|
68
|
-
method.
|
75
|
+
* No changes.
|
69
76
|
|
70
|
-
*Aaron Patterson*
|
71
77
|
|
78
|
+
## Rails 6.0.3.3 (September 09, 2020) ##
|
72
79
|
|
73
|
-
|
80
|
+
* [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
|
74
81
|
|
75
|
-
*
|
82
|
+
*Jonathan Hefner*
|
76
83
|
|
77
|
-
*Rafael Mendonça França*
|
78
84
|
|
79
|
-
|
85
|
+
## Rails 6.0.3.2 (June 17, 2020) ##
|
80
86
|
|
81
|
-
|
87
|
+
* No changes.
|
82
88
|
|
83
89
|
|
84
|
-
## Rails
|
90
|
+
## Rails 6.0.3.1 (May 18, 2020) ##
|
85
91
|
|
86
|
-
*
|
92
|
+
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
|
87
93
|
|
88
94
|
|
89
|
-
## Rails
|
95
|
+
## Rails 6.0.3 (May 06, 2020) ##
|
90
96
|
|
91
|
-
*
|
92
|
-
|
97
|
+
* annotated_source_code returns an empty array so TemplateErrors without a
|
98
|
+
template in the backtrace are surfaced properly by DebugExceptions.
|
93
99
|
|
94
|
-
|
100
|
+
*Guilherme Mansur*, *Kasper Timm Hansen*
|
95
101
|
|
96
|
-
|
102
|
+
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
|
97
103
|
|
98
|
-
*
|
104
|
+
*Guilherme Mansur*, *Gannon McGibbon*
|
99
105
|
|
100
|
-
Fixes #19640.
|
101
106
|
|
102
|
-
|
107
|
+
## Rails 6.0.2.2 (March 19, 2020) ##
|
103
108
|
|
104
|
-
*
|
105
|
-
parameter without raising a translation missing error. Fixes a
|
106
|
-
regression introduced 362557e.
|
109
|
+
* Fix possible XSS vector in escape_javascript helper
|
107
110
|
|
108
|
-
|
111
|
+
CVE-2020-5267
|
109
112
|
|
110
|
-
*
|
113
|
+
*Aaron Patterson*
|
111
114
|
|
112
|
-
* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY`
|
113
|
-
as input when `precision: 0` is used.
|
114
115
|
|
115
|
-
|
116
|
+
## Rails 6.0.2.1 (December 18, 2019) ##
|
116
117
|
|
117
|
-
|
118
|
+
* No changes.
|
118
119
|
|
119
120
|
|
120
|
-
## Rails
|
121
|
+
## Rails 6.0.2 (December 13, 2019) ##
|
121
122
|
|
122
|
-
*
|
123
|
+
* No changes.
|
123
124
|
|
124
125
|
|
125
|
-
## Rails
|
126
|
+
## Rails 6.0.1 (November 5, 2019) ##
|
126
127
|
|
127
|
-
*
|
128
|
-
but are not themselves safe, should not be marked as html_safe.
|
128
|
+
* UJS avoids `Element.closest()` for IE 9 compatibility.
|
129
129
|
|
130
|
-
*
|
130
|
+
*George Claghorn*
|
131
131
|
|
132
|
-
* Added an explicit error message, in `ActionView::PartialRenderer`
|
133
|
-
for partial `rendering`, when the value of option `as` has invalid characters.
|
134
132
|
|
135
|
-
|
133
|
+
## Rails 6.0.0 (August 16, 2019) ##
|
136
134
|
|
135
|
+
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
|
137
136
|
|
138
|
-
|
137
|
+
*Juanito Fatas*
|
139
138
|
|
140
|
-
* Local variable in a partial is now available even if a falsy value is
|
141
|
-
passed to `:object` when rendering a partial.
|
142
139
|
|
143
|
-
|
140
|
+
## Rails 6.0.0.rc2 (July 22, 2019) ##
|
144
141
|
|
145
|
-
|
142
|
+
* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
|
146
143
|
|
147
|
-
*
|
144
|
+
*Younes SERRAJ*
|
148
145
|
|
149
|
-
This is the same option that was added in 06388b0 to `form_tag` and allows
|
150
|
-
users to skip the insertion of the UTF8 enforcer tag in a form.
|
151
146
|
|
152
|
-
|
147
|
+
## Rails 6.0.0.rc1 (April 24, 2019) ##
|
153
148
|
|
154
|
-
* Fix
|
155
|
-
as Ruby block calls.
|
149
|
+
* Fix partial caching skips same item issue
|
156
150
|
|
157
|
-
|
151
|
+
If we render cached collection partials with repeated items, those repeated items
|
152
|
+
will get skipped. For example, if you have 5 identical items in your collection, Rails
|
153
|
+
only renders the first one when `cached` is set to true. But it should render all
|
154
|
+
5 items instead.
|
158
155
|
|
159
|
-
|
156
|
+
Fixes #35114.
|
160
157
|
|
161
|
-
|
158
|
+
*Stan Lo*
|
162
159
|
|
163
|
-
|
160
|
+
* Only clear ActionView cache in development on file changes
|
164
161
|
|
165
|
-
|
162
|
+
To speed up development mode, view caches are only cleared when files in
|
163
|
+
the view paths have changed. Applications which have implemented custom
|
164
|
+
`ActionView::Resolver` subclasses may need to add their own cache clearing.
|
166
165
|
|
167
|
-
|
168
|
-
to `render file: "foo/bar"`. In Rails 4.2, this has been changed to mean
|
169
|
-
`render template: "foo/bar"` instead. If you need to render a file, please
|
170
|
-
change your code to use the explicit form (`render file: "foo/bar"`) instead.
|
166
|
+
*John Hawthorn*
|
171
167
|
|
172
|
-
|
168
|
+
* Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
|
173
169
|
|
174
|
-
*
|
170
|
+
*Edward Rudd*
|
175
171
|
|
176
|
-
|
172
|
+
* `ActionView::TemplateRender.render(file: )` now renders the file directly,
|
173
|
+
without using any handlers, using the new `Template::RawFile` class.
|
177
174
|
|
178
|
-
|
175
|
+
*John Hawthorn*, *Cliff Pruitt*
|
179
176
|
|
180
|
-
now generates:
|
181
177
|
|
182
|
-
|
178
|
+
## Rails 6.0.0.beta3 (March 11, 2019) ##
|
183
179
|
|
184
|
-
|
180
|
+
* Only accept formats from registered mime types
|
185
181
|
|
186
|
-
|
182
|
+
A lack of filtering on mime types could allow an attacker to read
|
183
|
+
arbitrary files on the target server or to perform a denial of service
|
184
|
+
attack.
|
187
185
|
|
188
|
-
|
189
|
-
|
186
|
+
Fixes CVE-2019-5418
|
187
|
+
Fixes CVE-2019-5419
|
190
188
|
|
191
|
-
*
|
189
|
+
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
|
192
190
|
|
193
|
-
* Add I18n support for input/textarea placeholder text.
|
194
191
|
|
195
|
-
|
192
|
+
## Rails 6.0.0.beta2 (February 25, 2019) ##
|
196
193
|
|
197
|
-
|
194
|
+
* `ActionView::Template.finalize_compiled_template_methods` is deprecated with
|
195
|
+
no replacement.
|
198
196
|
|
199
|
-
*
|
197
|
+
*tenderlove*
|
200
198
|
|
201
|
-
|
199
|
+
* `config.action_view.finalize_compiled_template_methods` is deprecated with
|
200
|
+
no replacement.
|
202
201
|
|
203
|
-
*
|
202
|
+
*tenderlove*
|
204
203
|
|
205
|
-
|
206
|
-
`#{template_name}_iteration` when rendering partials with collections.
|
204
|
+
* Ensure unique DOM IDs for collection inputs with float values.
|
207
205
|
|
208
|
-
|
209
|
-
the current `index` and two convenience methods `first?` and `last?`.
|
206
|
+
Fixes #34974.
|
210
207
|
|
211
|
-
*
|
208
|
+
*Mark Edmondson*
|
212
209
|
|
213
|
-
*
|
214
|
-
|
210
|
+
* Single arity template handlers are deprecated. Template handlers must
|
211
|
+
now accept two parameters, the view object and the source for the view object.
|
215
212
|
|
216
|
-
*
|
213
|
+
*tenderlove*
|
217
214
|
|
218
|
-
* Fix `html_escape_once` to properly handle hex escape sequences (e.g. ᨫ).
|
219
215
|
|
220
|
-
|
216
|
+
## Rails 6.0.0.beta1 (January 18, 2019) ##
|
221
217
|
|
222
|
-
*
|
218
|
+
* [Rename npm package](https://github.com/rails/rails/pull/34905) from
|
219
|
+
[`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
|
220
|
+
[`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
|
223
221
|
|
224
|
-
*
|
222
|
+
*Javan Makhmali*
|
225
223
|
|
226
|
-
*
|
227
|
-
option.
|
224
|
+
* Remove deprecated `image_alt` helper.
|
228
225
|
|
229
|
-
*
|
226
|
+
*Rafael Mendonça França*
|
230
227
|
|
231
|
-
*
|
228
|
+
* Fix the need of `#protect_against_forgery?` method defined in
|
229
|
+
`ActionView::Base` subclasses. This prevents the use of forms and buttons.
|
232
230
|
|
233
|
-
*
|
231
|
+
*Genadi Samokovarov*
|
234
232
|
|
235
|
-
*
|
236
|
-
`Array#join`.
|
233
|
+
* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
|
237
234
|
|
238
|
-
|
235
|
+
Fixes #33889.
|
239
236
|
|
240
|
-
*
|
241
|
-
values.
|
237
|
+
*Wolfgang Hobmaier*
|
242
238
|
|
243
|
-
|
239
|
+
* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
|
240
|
+
Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
|
241
|
+
For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
|
244
242
|
|
245
|
-
|
243
|
+
```
|
244
|
+
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
|
245
|
+
```
|
246
246
|
|
247
|
-
|
247
|
+
Fixes #34541.
|
248
248
|
|
249
|
-
*
|
249
|
+
*Wolfgang Hobmaier*
|
250
250
|
|
251
|
-
*
|
251
|
+
* Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
|
252
252
|
|
253
|
-
|
253
|
+
For example, given input like this:
|
254
254
|
|
255
|
-
|
256
|
-
|
255
|
+
```
|
256
|
+
This is a paragraph with an initial indent,
|
257
|
+
followed by additional lines that are not indented,
|
258
|
+
and finally terminated with a blockquote:
|
259
|
+
"A pithy saying"
|
260
|
+
```
|
257
261
|
|
258
|
-
|
262
|
+
Calling `word_wrap` should not trim the indents on the first and last lines.
|
259
263
|
|
260
|
-
|
261
|
-
Override `AbstractController::Base.local_prefixes` when you want to change
|
262
|
-
where to find views.
|
264
|
+
Fixes #34487.
|
263
265
|
|
264
|
-
*
|
266
|
+
*Lyle Mullican*
|
265
267
|
|
266
|
-
*
|
268
|
+
* Add allocations to template rendering instrumentation.
|
267
269
|
|
268
|
-
|
270
|
+
Adds the allocations for template and partial rendering to the server output on render.
|
269
271
|
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
272
|
+
```
|
273
|
+
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
|
274
|
+
Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
|
275
|
+
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
|
276
|
+
```
|
274
277
|
|
275
|
-
|
276
|
-
en:
|
277
|
-
activerecord:
|
278
|
-
attributes:
|
279
|
-
post/long: "Long-form Post"
|
278
|
+
*Eileen M. Uchitelle*, *Aaron Patterson*
|
280
279
|
|
281
|
-
|
282
|
-
Post".
|
280
|
+
* Respect the `only_path` option passed to `url_for` when the options are passed in as an array
|
283
281
|
|
284
|
-
|
282
|
+
Fixes #33237.
|
285
283
|
|
286
|
-
*
|
284
|
+
*Joel Ambass*
|
287
285
|
|
288
|
-
|
286
|
+
* Deprecate calling private model methods from view helpers.
|
289
287
|
|
290
|
-
|
288
|
+
For example, in methods like `options_from_collection_for_select`
|
289
|
+
and `collection_select` it is possible to call private methods from
|
290
|
+
the objects used.
|
291
291
|
|
292
|
-
|
292
|
+
Fixes #33546.
|
293
293
|
|
294
|
-
|
294
|
+
*Ana María Martínez Gómez*
|
295
295
|
|
296
|
-
|
296
|
+
* Fix issue with `button_to`'s `to_form_params`
|
297
297
|
|
298
|
-
|
299
|
-
|
298
|
+
`button_to` was throwing exception when invoked with `params` hash that
|
299
|
+
contains symbol and string keys. The reason for the exception was that
|
300
|
+
`to_form_params` was comparing the given symbol and string keys.
|
300
301
|
|
301
|
-
|
302
|
+
The issue is fixed by turning all keys to strings inside
|
303
|
+
`to_form_params` before comparing them.
|
302
304
|
|
303
|
-
|
304
|
-
<link href="/assets/myicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
|
305
|
+
*Georgi Georgiev*
|
305
306
|
|
306
|
-
|
307
|
+
* Mark arrays of translations as trusted safe by using the `_html` suffix.
|
307
308
|
|
308
|
-
|
309
|
-
<link href="/assets/myicon.ico" rel="shortcut icon" type="image/x-icon" />
|
309
|
+
Example:
|
310
310
|
|
311
|
-
|
311
|
+
en:
|
312
|
+
foo_html:
|
313
|
+
- "One"
|
314
|
+
- "<strong>Two</strong>"
|
315
|
+
- "Three 👋 🙂"
|
312
316
|
|
313
|
-
*
|
317
|
+
*Juan Broullon*
|
314
318
|
|
315
|
-
|
316
|
-
|
317
|
-
for Content Security Policy.
|
319
|
+
* Add `year_format` option to date_select tag. This option makes it possible to customize year
|
320
|
+
names. Lambda should be passed to use this option.
|
318
321
|
|
319
|
-
|
322
|
+
Example:
|
323
|
+
|
324
|
+
date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
|
325
|
+
|
326
|
+
The HTML produced:
|
327
|
+
|
328
|
+
<select id="user_birthday__1i" name="user_birthday[(1i)]">
|
329
|
+
<option value="1998">Heisei 10</option>
|
330
|
+
<option value="1999">Heisei 11</option>
|
331
|
+
<option value="2000">Heisei 12</option>
|
332
|
+
</select>
|
333
|
+
/* The rest is omitted */
|
334
|
+
|
335
|
+
*Koki Ryu*
|
336
|
+
|
337
|
+
* Fix JavaScript views rendering does not work with Firefox when using
|
338
|
+
Content Security Policy.
|
339
|
+
|
340
|
+
Fixes #32577.
|
341
|
+
|
342
|
+
*Yuji Yaginuma*
|
343
|
+
|
344
|
+
* Add the `nonce: true` option for `javascript_include_tag` helper to
|
345
|
+
support automatic nonce generation for Content Security Policy.
|
346
|
+
Works the same way as `javascript_tag nonce: true` does.
|
347
|
+
|
348
|
+
*Yaroslav Markin*
|
320
349
|
|
321
|
-
*
|
350
|
+
* Remove `ActionView::Helpers::RecordTagHelper`.
|
322
351
|
|
323
|
-
|
352
|
+
*Yoshiyuki Hirano*
|
324
353
|
|
325
|
-
|
354
|
+
* Disable `ActionView::Template` finalizers in test environment.
|
326
355
|
|
327
|
-
|
356
|
+
Template finalization can be expensive in large view test suites.
|
357
|
+
Add a configuration option,
|
358
|
+
`action_view.finalize_compiled_template_methods`, and turn it off in
|
359
|
+
the test environment.
|
328
360
|
|
329
|
-
*
|
361
|
+
*Simon Coffey*
|
330
362
|
|
331
|
-
* `
|
332
|
-
as input.
|
363
|
+
* Extract the `confirm` call in its own, overridable method in `rails_ujs`.
|
333
364
|
|
334
|
-
|
365
|
+
Example:
|
366
|
+
|
367
|
+
Rails.confirm = function(message, element) {
|
368
|
+
return (my_bootstrap_modal_confirm(message));
|
369
|
+
}
|
370
|
+
|
371
|
+
*Mathieu Mahé*
|
335
372
|
|
336
|
-
|
373
|
+
* Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
|
374
|
+
field.
|
375
|
+
|
376
|
+
Example:
|
337
377
|
|
338
|
-
|
378
|
+
select :post,
|
379
|
+
:category,
|
380
|
+
["lifestyle", "programming", "spiritual"],
|
381
|
+
{ selected: "", disabled: "", prompt: "Choose one" },
|
382
|
+
{ required: true }
|
339
383
|
|
340
|
-
|
384
|
+
Placeholder option would be selected and disabled.
|
341
385
|
|
342
|
-
|
343
|
-
applied correctly.
|
386
|
+
The HTML produced:
|
344
387
|
|
345
|
-
|
388
|
+
<select required="required" name="post[category]" id="post_category">
|
389
|
+
<option disabled="disabled" selected="selected" value="">Choose one</option>
|
390
|
+
<option value="lifestyle">lifestyle</option>
|
391
|
+
<option value="programming">programming</option>
|
392
|
+
<option value="spiritual">spiritual</option></select>
|
346
393
|
|
347
394
|
*Sergey Prikhodko*
|
348
395
|
|
349
|
-
*
|
396
|
+
* Don't enforce UTF-8 by default.
|
397
|
+
|
398
|
+
With the disabling of TLS 1.0 by most major websites, continuing to run
|
399
|
+
IE8 or lower becomes increasingly difficult so default to not enforcing
|
400
|
+
UTF-8 encoding as it's not relevant to other browsers.
|
401
|
+
|
402
|
+
*Andrew White*
|
403
|
+
|
404
|
+
* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
|
405
|
+
|
406
|
+
*Rui Onodera*
|
407
|
+
|
408
|
+
* Rails 6 requires Ruby 2.5.0 or newer.
|
350
409
|
|
351
|
-
|
352
|
-
to support variants and allow more flexibility in the future. The support for
|
353
|
-
regular (required) arguments is deprecated and will be removed in Rails 5.0 or later.
|
410
|
+
*Jeremy Daer*, *Kasper Timm Hansen*
|
354
411
|
|
355
|
-
*Piotr Chmolowski, Łukasz Strzałkowski*
|
356
412
|
|
357
|
-
Please check [
|
413
|
+
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.
|
data/MIT-LICENSE
CHANGED