actionview 4.2.11.1 → 6.1.5.1

data/lib/action_view/helpers/cache_helper.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module ActionView
   # = Action View Cache Helper
-  module Helpers
+  module Helpers #:nodoc:
     module CacheHelper
       # This helper exposes a method for caching fragments of a view
       # rather than an entire action or page. This technique is useful
@@ -8,10 +10,9 @@ module ActionView
       # fragments, and so on. This method takes a block that contains
       # the content you wish to cache.
       #
-      # The best way to use this is by doing key-based cache expiration
-      # on top of a cache store like Memcached that'll automatically
-      # kick out old entries. For more on key-based expiration, see:
-      # http://signalvnoise.com/posts/3113-how-key-based-cache-expiration-works
+      # The best way to use this is by doing recyclable key-based cache expiration
+      # on top of a cache store like Memcached or Redis that'll automatically
+      # kick out old entries.
       #
       # When using this method, you list the cache dependency as the name of the cache, like so:
       #
@@ -23,10 +24,14 @@ module ActionView
       # This approach will assume that when a new topic is added, you'll touch
       # the project. The cache key generated from this call will be something like:
       #
-      #   views/projects/123-20120806214154/7a1156131a6928cb0026877f8b749ac9
-      #         ^class   ^id ^updated_at    ^template tree digest
+      #   views/template/action:7a1156131a6928cb0026877f8b749ac9/projects/123
+      #         ^template path  ^template tree digest            ^class   ^id
       #
-      # The cache is thus automatically bumped whenever the project updated_at is touched.
+      # This cache key is stable, but it's combined with a cache version derived from the project
+      # record. When the project updated_at is touched, the #cache_version changes, even
+      # if the key stays stable. This means that unlike a traditional key-based cache expiration
+      # approach, you won't be generating cache trash, unused keys, simply because the dependent
+      # record is updated.
       #
       # If your template cache depends on multiple sources (try to avoid this to keep things simple),
       # you can name all these dependencies as part of an array:
@@ -39,13 +44,13 @@ module ActionView
       # This will include both records as part of the cache key and updating either of them will
       # expire the cache.
       #
-      # ==== Template digest
+      # ==== \Template digest
       #
-      # The template digest that's added to the cache key is computed by taking an md5 of the
+      # The template digest that's added to the cache key is computed by taking an MD5 of the
       # contents of the entire template file. This ensures that your caches will automatically
       # expire when you change the template file.
       #
-      # Note that the md5 is taken of the entire template file, not just what's within the
+      # Note that the MD5 is taken of the entire template file, not just what's within the
       # cache do/end call. So it's possible that changing something outside of that call will
       # still expire the cache.
       #
@@ -69,13 +74,14 @@ module ActionView
       #   render 'comments/comments'
       #   render('comments/comments')
       #
-      #   render "header" => render("comments/header")
+      #   render "header" translates to render("comments/header")
       #
-      #   render(@topic)         => render("topics/topic")
-      #   render(topics)         => render("topics/topic")
-      #   render(message.topics) => render("topics/topic")
+      #   render(@topic)         translates to render("topics/topic")
+      #   render(topics)         translates to render("topics/topic")
+      #   render(message.topics) translates to render("topics/topic")
       #
-      # It's not possible to derive all render calls like that, though. Here are a few examples of things that can't be derived:
+      # It's not possible to derive all render calls like that, though.
+      # Here are a few examples of things that can't be derived:
       #
       #   render group_of_attachments
       #   render @project.documents.where(published: true).order('created_at')
@@ -87,7 +93,7 @@ module ActionView
       #
       # === Explicit dependencies
       #
-      # Some times you'll have template dependencies that can't be derived at all. This is typically
+      # Sometimes you'll have template dependencies that can't be derived at all. This is typically
       # the case when you have template rendering that happens in helpers. Here's an example:
       #
       #   <%= render_sortable_todolists @project.todolists %>
@@ -97,22 +103,70 @@ module ActionView
       #   <%# Template Dependency: todolists/todolist %>
       #   <%= render_sortable_todolists @project.todolists %>
       #
-      # The pattern used to match these is /# Template Dependency: ([^ ]+)/, so it's important that you type it out just so.
+      # In some cases, like a single table inheritance setup, you might have
+      # a bunch of explicit dependencies. Instead of writing every template out,
+      # you can use a wildcard to match any template in a directory:
+      #
+      #   <%# Template Dependency: events/* %>
+      #   <%= render_categorizable_events @person.events %>
+      #
+      # This marks every template in the directory as a dependency. To find those
+      # templates, the wildcard path must be absolutely defined from <tt>app/views</tt> or paths
+      # otherwise added with +prepend_view_path+ or +append_view_path+.
+      # This way the wildcard for <tt>app/views/recordings/events</tt> would be <tt>recordings/events/*</tt> etc.
+      #
+      # The pattern used to match explicit dependencies is <tt>/# Template Dependency: (\S+)/</tt>,
+      # so it's important that you type it out just so.
       # You can only declare one template dependency per line.
       #
       # === External dependencies
       #
-      # If you use a helper method, for example, inside of a cached block and you then update that helper,
-      # you'll have to bump the cache as well. It doesn't really matter how you do it, but the md5 of the template file
+      # If you use a helper method, for example, inside a cached block and
+      # you then update that helper, you'll have to bump the cache as well.
+      # It doesn't really matter how you do it, but the MD5 of the template file
       # must change. One recommendation is to simply be explicit in a comment, like:
       #
       #   <%# Helper Dependency Updated: May 6, 2012 at 6pm %>
       #   <%= some_helper_method(person) %>
       #
-      # Now all you'll have to do is change that timestamp when the helper method changes.
-      def cache(name = {}, options = nil, &block)
+      # Now all you have to do is change that timestamp when the helper method changes.
+      #
+      # === Collection Caching
+      #
+      # When rendering a collection of objects that each use the same partial, a <tt>:cached</tt>
+      # option can be passed.
+      #
+      # For collections rendered such:
+      #
+      #   <%= render partial: 'projects/project', collection: @projects, cached: true %>
+      #
+      # The <tt>cached: true</tt> will make Action View's rendering read several templates
+      # from cache at once instead of one call per template.
+      #
+      # Templates in the collection not already cached are written to cache.
+      #
+      # Works great alongside individual template fragment caching.
+      # For instance if the template the collection renders is cached like:
+      #
+      #   # projects/_project.html.erb
+      #   <% cache project do %>
+      #     <%# ... %>
+      #   <% end %>
+      #
+      # Any collection renders will find those cached templates when attempting
+      # to read multiple templates at once.
+      #
+      # If your collection cache depends on multiple sources (try to avoid this to keep things simple),
+      # you can name all these dependencies as part of a block that returns an array:
+      #
+      #   <%= render partial: 'projects/project', collection: @projects, cached: -> project { [ project, current_user ] } %>
+      #
+      # This will include both records as part of the cache key and updating either of them will
+      # expire the cache.
+      def cache(name = {}, options = {}, &block)
         if controller.respond_to?(:perform_caching) && controller.perform_caching
-          safe_concat(fragment_for(cache_fragment_name(name, options), options, &block))
+          name_options = options.slice(:skip_digest)
+          safe_concat(fragment_for(cache_fragment_name(name, **name_options), options, &block))
         else
           yield
         end
@@ -126,7 +180,7 @@ module ActionView
       #     <b>All the topics on this project</b>
       #     <%= render project.topics %>
       #   <% end %>
-      def cache_if(condition, name = {}, options = nil, &block)
+      def cache_if(condition, name = {}, options = {}, &block)
         if condition
           cache(name, options, &block)
         else
@@ -142,50 +196,60 @@ module ActionView
       #     <b>All the topics on this project</b>
       #     <%= render project.topics %>
       #   <% end %>
-      def cache_unless(condition, name = {}, options = nil, &block)
+      def cache_unless(condition, name = {}, options = {}, &block)
         cache_if !condition, name, options, &block
       end
 
       # This helper returns the name of a cache key for a given fragment cache
-      # call. By supplying skip_digest: true to cache, the digestion of cache
+      # call. By supplying <tt>skip_digest: true</tt> to cache, the digestion of cache
       # fragments can be manually bypassed. This is useful when cache fragments
       # cannot be manually expired unless you know the exact key which is the
       # case when using memcached.
-      def cache_fragment_name(name = {}, options = nil)
-        skip_digest = options && options[:skip_digest]
-
+      def cache_fragment_name(name = {}, skip_digest: nil, digest_path: nil)
         if skip_digest
           name
         else
-          fragment_name_with_digest(name)
+          fragment_name_with_digest(name, digest_path)
         end
       end
 
-    private
+      def digest_path_from_template(template) # :nodoc:
+        digest = Digestor.digest(name: template.virtual_path, format: template.format, finder: lookup_context, dependencies: view_cache_dependencies)
 
-      def fragment_name_with_digest(name) #:nodoc:
-        if @virtual_path
-          names  = Array(name.is_a?(Hash) ? controller.url_for(name).split("://").last : name)
-          digest = Digestor.digest name: @virtual_path, finder: lookup_context, dependencies: view_cache_dependencies
+        if digest.present?
+          "#{template.virtual_path}:#{digest}"
+        else
+          template.virtual_path
+        end
+      end
 
-          [ *names, digest ]
+    private
+      def fragment_name_with_digest(name, digest_path)
+        name = controller.url_for(name).split("://").last if name.is_a?(Hash)
+
+        if @current_template&.virtual_path || digest_path
+          digest_path ||= digest_path_from_template(@current_template)
+          [ digest_path, name ]
         else
           name
         end
       end
 
-      # TODO: Create an object that has caching read/write on it
-      def fragment_for(name = {}, options = nil, &block) #:nodoc:
-        read_fragment_for(name, options) || write_fragment_for(name, options, &block)
+      def fragment_for(name = {}, options = nil, &block)
+        if content = read_fragment_for(name, options)
+          @view_renderer.cache_hits[@current_template&.virtual_path] = :hit if defined?(@view_renderer)
+          content
+        else
+          @view_renderer.cache_hits[@current_template&.virtual_path] = :miss if defined?(@view_renderer)
+          write_fragment_for(name, options, &block)
+        end
       end
 
-      def read_fragment_for(name, options) #:nodoc:
+      def read_fragment_for(name, options)
         controller.read_fragment(name, options)
       end
 
-      def write_fragment_for(name, options) #:nodoc:
-        # VIEW TODO: Make #capture usable outside of ERB
-        # This dance is needed because Builder can't use capture
+      def write_fragment_for(name, options)
         pos = output_buffer.length
         yield
         output_safe = output_buffer.html_safe?

data/lib/action_view/helpers/capture_helper.rb

@@ -1,16 +1,18 @@
-require 'active_support/core_ext/string/output_safety'
+# frozen_string_literal: true
+
+require "active_support/core_ext/string/output_safety"
 
 module ActionView
   # = Action View Capture Helper
-  module Helpers
+  module Helpers #:nodoc:
     # CaptureHelper exposes methods to let you extract generated markup which
     # can be used in other parts of a template or layout file.
     #
     # It provides a method to capture blocks into variables through capture and
-    # a way to capture a block of markup for use in a layout through content_for.
+    # a way to capture a block of markup for use in a layout through {content_for}[rdoc-ref:ActionView::Helpers::CaptureHelper#content_for].
     module CaptureHelper
-      # The capture method allows you to extract part of a template into a
-      # variable. You can then use this variable anywhere in your templates or layout.
+      # The capture method extracts part of a template as a String object.
+      # You can then use this object anywhere in your templates, layout, or helpers.
       #
       # The capture method can be used in ERB templates...
       #
@@ -31,17 +33,22 @@ module ActionView
       #   <head><title><%= @greeting %></title></head>
       #   <body>
       #   <b><%= @greeting %></b>
-      #   </body></html>
+      #   </body>
+      #   </html>
+      #
+      # The return of capture is the string generated by the block. For Example:
+      #
+      #   @greeting # => "Welcome to my shiny new web page! The date and time is 2018-09-06 11:09:16 -0500"
       #
       def capture(*args)
         value = nil
         buffer = with_output_buffer { value = yield(*args) }
-        if string = buffer.presence || value and string.is_a?(String)
+        if (string = buffer.presence || value) && string.is_a?(String)
           ERB::Util.html_escape string
         end
       end
 
-      # Calling content_for stores a block of markup in an identifier for later use.
+      # Calling <tt>content_for</tt> stores a block of markup in an identifier for later use.
       # In order to access this stored content in other templates, helper modules
       # or the layout, you would pass the identifier as an argument to <tt>content_for</tt>.
       #
@@ -107,14 +114,14 @@ module ActionView
       # That will place +script+ tags for your default set of JavaScript files on the page;
       # this technique is useful if you'll only be using these scripts in a few views.
       #
-      # Note that content_for concatenates (default) the blocks it is given for a particular
+      # Note that <tt>content_for</tt> concatenates (default) the blocks it is given for a particular
       # identifier in order. For example:
       #
       #   <% content_for :navigation do %>
       #     <li><%= link_to 'Home', action: 'index' %></li>
       #   <% end %>
       #
-      #  And in other place:
+      #  And in another place:
       #
       #   <% content_for :navigation do %>
       #     <li><%= link_to 'Login', action: 'login' %></li>
@@ -124,7 +131,7 @@ module ActionView
       #
       #   <ul><%= content_for :navigation %></ul>
       #
-      # If the flush parameter is true content_for replaces the blocks it is given. For example:
+      # If the flush parameter is +true+ <tt>content_for</tt> replaces the blocks it is given. For example:
       #
       #   <% content_for :navigation do %>
       #     <li><%= link_to 'Home', action: 'index' %></li>
@@ -144,7 +151,7 @@ module ActionView
       #
       #   <% content_for :script, javascript_include_tag(:defaults) %>
       #
-      # WARNING: content_for is ignored in caches. So you shouldn't use it for elements that will be fragment cached.
+      # WARNING: <tt>content_for</tt> is ignored in caches. So you shouldn't use it for elements that will be fragment cached.
       def content_for(name, content = nil, options = {}, &block)
         if content || block_given?
           if block_given?
@@ -171,7 +178,7 @@ module ActionView
         result unless content
       end
 
-      # content_for? checks whether any content has been captured yet using `content_for`.
+      # <tt>content_for?</tt> checks whether any content has been captured yet using <tt>content_for</tt>.
       # Useful to render parts of your layout differently based on what is in your views.
       #
       #   <%# This is the layout %>

data/lib/action_view/helpers/controller_helper.rb

@@ -1,25 +1,36 @@
-require 'active_support/core_ext/module/attr_internal'
+# frozen_string_literal: true
+
+require "active_support/core_ext/module/attr_internal"
 
 module ActionView
-  module Helpers
+  module Helpers #:nodoc:
     # This module keeps all methods and behavior in ActionView
     # that simply delegates to the controller.
     module ControllerHelper #:nodoc:
       attr_internal :controller, :request
 
-      delegate :request_forgery_protection_token, :params, :session, :cookies, :response, :headers,
-               :flash, :action_name, :controller_name, :controller_path, :to => :controller
+      CONTROLLER_DELEGATES = [:request_forgery_protection_token, :params,
+        :session, :cookies, :response, :headers, :flash, :action_name,
+        :controller_name, :controller_path]
+
+      delegate(*CONTROLLER_DELEGATES, to: :controller)
 
       def assign_controller(controller)
         if @_controller = controller
           @_request = controller.request if controller.respond_to?(:request)
           @_config  = controller.config.inheritable_copy if controller.respond_to?(:config)
+          @_default_form_builder = controller.default_form_builder if controller.respond_to?(:default_form_builder)
         end
       end
 
       def logger
         controller.logger if controller.respond_to?(:logger)
       end
+
+      def respond_to?(method_name, include_private = false)
+        return controller.respond_to?(method_name) if CONTROLLER_DELEGATES.include?(method_name.to_sym)
+        super
+      end
     end
   end
 end

data/lib/action_view/helpers/csp_helper.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module ActionView
+  # = Action View CSP Helper
+  module Helpers #:nodoc:
+    module CspHelper
+      # Returns a meta tag "csp-nonce" with the per-session nonce value
+      # for allowing inline <script> tags.
+      #
+      #   <head>
+      #     <%= csp_meta_tag %>
+      #   </head>
+      #
+      # This is used by the Rails UJS helper to create dynamically
+      # loaded inline <script> elements.
+      #
+      def csp_meta_tag(**options)
+        if content_security_policy?
+          options[:name] = "csp-nonce"
+          options[:content] = content_security_policy_nonce
+          tag("meta", options)
+        end
+      end
+    end
+  end
+end

data/lib/action_view/helpers/csrf_helper.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module ActionView
   # = Action View CSRF Helper
-  module Helpers
+  module Helpers #:nodoc:
     module CsrfHelper
       # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
       # request forgery protection parameter and token, respectively.
@@ -14,14 +16,14 @@ module ActionView
       #
       # You don't need to use these tags for regular forms as they generate their own hidden fields.
       #
-      # For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the 
-      # "X-CSRF-Token" HTTP header. If you are using jQuery with jquery-rails this happens automatically.
+      # For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
+      # "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically.
       #
       def csrf_meta_tags
-        if protect_against_forgery?
+        if defined?(protect_against_forgery?) && protect_against_forgery?
           [
-            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
-            tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
+            tag("meta", name: "csrf-param", content: request_forgery_protection_token),
+            tag("meta", name: "csrf-token", content: form_authenticity_token)
           ].join("\n").html_safe
         end
       end