actionview 5.1.0.beta1 → 5.1.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionview might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 880105b5ed594d2cc79d3a304d171cfb83a0dc0f
4
- data.tar.gz: 0ca69dafd2c2eb49ecc9e4de449185c9f10a53a3
3
+ metadata.gz: 974f03d4be8566e900f33b4c6ee6f9620fd38cb6
4
+ data.tar.gz: e407330e93d17a9221dfa8d4163dccc21bd85716
5
5
  SHA512:
6
- metadata.gz: 2ac225c63c185e593d78cabbd1a98de42614fae3ee5dad779310fa3d30d6c2821ba6609c75169dfd1bcdbddde1a3db2465d15610c17d5cb3abb94c35d46f1c6b
7
- data.tar.gz: 643953d2d815c89802a813162797b67da2d1150b2cfe77a14870fa7693f1e95f31066f9ddccfeb238e447b805b932b75865d27dd2a4b275080ee6a9b23d04095
6
+ metadata.gz: 699a6ea357b4c49857b14e3ade96b57e95b109f75d87d3f486bbf8d015e47bca3663244a3e70647ddded00a3f50b6e799a3e8911f7ff79e376e219b79a313b67
7
+ data.tar.gz: 3405bd46476e22cd4f10a724ee72afd14ef687bf7204ff9314bcf865e04e0d07252551bc60ef35d3a9c738391d394cfbe593e8c0445621fce8fa005267ca167a
@@ -1,3 +1,14 @@
1
+ ## Rails 5.1.0.rc1 (March 20, 2017) ##
2
+
3
+ * Remove the option `encode_special_chars` misnomer from `strip_tags`
4
+
5
+ As of rails-html-sanitizer v1.0.3, the sanitizer will ignore the
6
+ `encode_special_chars` option.
7
+
8
+ Fixes #28060.
9
+
10
+ *Andrew Hood*
11
+
1
12
  ## Rails 5.1.0.beta1 (February 23, 2017) ##
2
13
 
3
14
  * Change the ERB handler from Erubis to Erubi.
@@ -90,6 +101,23 @@
90
101
 
91
102
  *Peter Schilling*, *Matthew Draper*
92
103
 
104
+ * Add `:skip_pipeline` option to several asset tag helpers
105
+
106
+ `javascript_include_tag`, `stylesheet_link_tag`, `favicon_link_tag`,
107
+ `image_tag` and `audio_tag` now accept a `:skip_pipeline` option which can
108
+ be set to true to bypass the asset pipeline and serve the assets from the
109
+ public folder.
110
+
111
+ *Richard Schneeman*
112
+
113
+ * Add `:poster_skip_pipeline` option to the `video_tag` helper
114
+
115
+ `video_tag` now accepts a `:poster_skip_pipeline` option which can be used
116
+ in combination with the `:poster` option to bypass the asset pipeline and
117
+ serve the poster image for the video from the public folder.
118
+
119
+ *Richard Schneeman*
120
+
93
121
  * Show cache hits and misses when rendering partials.
94
122
 
95
123
  Partials using the `cache` helper will show whether a render hit or missed
@@ -8,7 +8,7 @@ module ActionView
8
8
  MAJOR = 5
9
9
  MINOR = 1
10
10
  TINY = 0
11
- PRE = "beta1"
11
+ PRE = "rc1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
@@ -13,6 +13,7 @@ module ActionView
13
13
  # It also strips href/src attributes with unsafe protocols like
14
14
  # <tt>javascript:</tt>, while also protecting against attempts to use Unicode,
15
15
  # ASCII, and hex character references to work around these protocol filters.
16
+ # All special characters will be escaped.
16
17
  #
17
18
  # The default sanitizer is Rails::Html::WhiteListSanitizer. See {Rails HTML
18
19
  # Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information.
@@ -20,8 +21,7 @@ module ActionView
20
21
  # Custom sanitization rules can also be provided.
21
22
  #
22
23
  # Please note that sanitizing user-provided text does not guarantee that the
23
- # resulting markup is valid or even well-formed. For example, the output may still
24
- # contain unescaped characters like <tt><</tt>, <tt>></tt>, or <tt>&</tt>.
24
+ # resulting markup is valid or even well-formed.
25
25
  #
26
26
  # ==== Options
27
27
  #
@@ -86,7 +86,7 @@ module ActionView
86
86
  self.class.white_list_sanitizer.sanitize_css(style)
87
87
  end
88
88
 
89
- # Strips all HTML tags from +html+, including comments.
89
+ # Strips all HTML tags from +html+, including comments and special characters.
90
90
  #
91
91
  # strip_tags("Strip <i>these</i> tags!")
92
92
  # # => Strip these tags!
@@ -96,8 +96,11 @@ module ActionView
96
96
  #
97
97
  # strip_tags("<div id='top-bar'>Welcome to my website!</div>")
98
98
  # # => Welcome to my website!
99
+ #
100
+ # strip_tags("> A quote from Smith & Wesson")
101
+ # # => &gt; A quote from Smith &amp; Wesson
99
102
  def strip_tags(html)
100
- self.class.full_sanitizer.sanitize(html, encode_special_chars: false)
103
+ self.class.full_sanitizer.sanitize(html)
101
104
  end
102
105
 
103
106
  # Strips all link tags from +html+ leaving just the link text.
@@ -110,6 +113,9 @@ module ActionView
110
113
  #
111
114
  # strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.')
112
115
  # # => Blog: Visit.
116
+ #
117
+ # strip_links('<<a href="https://example.org">malformed & link</a>')
118
+ # # => &lt;malformed &amp; link
113
119
  def strip_links(html)
114
120
  self.class.link_sanitizer.sanitize(html)
115
121
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.0.beta1
4
+ version: 5.1.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-02-23 00:00:00.000000000 Z
11
+ date: 2017-03-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 5.1.0.beta1
19
+ version: 5.1.0.rc1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 5.1.0.beta1
26
+ version: 5.1.0.rc1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
92
92
  requirements:
93
93
  - - '='
94
94
  - !ruby/object:Gem::Version
95
- version: 5.1.0.beta1
95
+ version: 5.1.0.rc1
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 5.1.0.beta1
102
+ version: 5.1.0.rc1
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: activemodel
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 5.1.0.beta1
109
+ version: 5.1.0.rc1
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 5.1.0.beta1
116
+ version: 5.1.0.rc1
117
117
  description: Simple, battle-tested conventions and helpers for building web pages.
118
118
  email: david@loudthinking.com
119
119
  executables: []