actionview 5.1.4 → 6.1.1

data/lib/action_view/helpers/asset_url_helper.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 require "zlib"
 
 module ActionView
   # = Action View Asset URL Helpers
-  module Helpers
+  module Helpers #:nodoc:
     # This module provides methods for generating asset paths and
-    # urls.
+    # URLs.
     #
     #   image_path("rails.png")
     #   # => "/assets/rails.png"
@@ -27,7 +29,7 @@ module ActionView
     # Helpers take that into account:
     #
     #   image_tag("rails.png")
-    #   # => <img alt="Rails" src="http://assets.example.com/assets/rails.png" />
+    #   # => <img src="http://assets.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
     #   # => <link href="http://assets.example.com/assets/application.css" media="screen" rel="stylesheet" />
     #
@@ -40,7 +42,7 @@ module ActionView
     # "assets0.example.com", ..., "assets3.example.com".
     #
     #   image_tag("rails.png")
-    #   # => <img alt="Rails" src="http://assets0.example.com/assets/rails.png" />
+    #   # => <img src="http://assets0.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
     #   # => <link href="http://assets2.example.com/assets/application.css" media="screen" rel="stylesheet" />
     #
@@ -50,13 +52,13 @@ module ActionView
     # solution being slower. You should be sure to measure your actual
     # performance across targeted browsers both before and after this change.
     #
-    # To implement the corresponding hosts you can either setup four actual
+    # To implement the corresponding hosts you can either set up four actual
     # hosts or use wildcard DNS to CNAME the wildcard to a single asset host.
     # You can read more about setting up your DNS CNAME records from your ISP.
     #
     # Note: This is purely a browser performance optimization and is not meant
-    # for server load balancing. See http://www.die.net/musings/page_load_time/
-    # for background and http://www.browserscope.org/?category=network for
+    # for server load balancing. See https://www.die.net/musings/page_load_time/
+    # for background and https://www.browserscope.org/?category=network for
     # connection limit data.
     #
     # Alternatively, you can exert more control over the asset host by setting
@@ -66,7 +68,7 @@ module ActionView
     #     "http://assets#{Digest::MD5.hexdigest(source).to_i(16) % 2 + 1}.example.com"
     #   }
     #   image_tag("rails.png")
-    #   # => <img alt="Rails" src="http://assets1.example.com/assets/rails.png" />
+    #   # => <img src="http://assets1.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
     #   # => <link href="http://assets2.example.com/assets/application.css" media="screen" rel="stylesheet" />
     #
@@ -78,14 +80,14 @@ module ActionView
     # absolute path of the asset, for example "/assets/rails.png".
     #
     #    ActionController::Base.asset_host = Proc.new { |source|
-    #      if source.ends_with?('.css')
+    #      if source.end_with?('.css')
     #        "http://stylesheets.example.com"
     #      else
     #        "http://assets.example.com"
     #      end
     #    }
     #   image_tag("rails.png")
-    #   # => <img alt="Rails" src="http://assets.example.com/assets/rails.png" />
+    #   # => <img src="http://assets.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
     #   # => <link href="http://stylesheets.example.com/assets/application.css" media="screen" rel="stylesheet" />
     #
@@ -95,9 +97,10 @@ module ActionView
     # still sending assets for plain HTTP requests from asset hosts. If you don't
     # have SSL certificates for each of the asset hosts this technique allows you
     # to avoid warnings in the client about mixed media.
-    # Note that the request parameter might not be supplied, e.g. when the assets
-    # are precompiled via a Rake task. Make sure to use a +Proc+ instead of a lambda,
-    # since a +Proc+ allows missing parameters and sets them to +nil+.
+    # Note that the +request+ parameter might not be supplied, e.g. when the assets
+    # are precompiled with the command `bin/rails assets:precompile`. Make sure to use a
+    # +Proc+ instead of a lambda, since a +Proc+ allows missing parameters and sets them
+    # to +nil+.
     #
     #   config.action_controller.asset_host = Proc.new { |source, request|
     #     if request && request.ssl?
@@ -130,6 +133,8 @@ module ActionView
       # which is implemented by sprockets-rails.
       #
       #   asset_path("application.js") # => "/assets/application-60aa4fdc5cea14baf5400fba1abf4f2a46a5166bad4772b1effe341570f07de9.js"
+      #   asset_path('application.js', host: 'example.com') # => "//example.com/assets/application.js"
+      #   asset_path("application.js", host: 'example.com', protocol: 'https') # => "https://example.com/assets/application.js"
       #
       # === Without the asset pipeline (<tt>skip_pipeline: true</tt>)
       #
@@ -147,13 +152,13 @@ module ActionView
       # Below lists scenarios that apply to +asset_path+ whether or not you're
       # using the asset pipeline.
       #
-      # - All fully qualified urls are returned immediately. This bypasses the
+      # - All fully qualified URLs are returned immediately. This bypasses the
       #   asset pipeline and all other behavior described.
       #
       #     asset_path("http://www.example.com/js/xmlhr.js") # => "http://www.example.com/js/xmlhr.js"
       #
       # - All assets that begin with a forward slash are assumed to be full
-      #   urls and will not be expanded. This will bypass the asset pipeline.
+      #   URLs and will not be expanded. This will bypass the asset pipeline.
       #
       #     asset_path("/foo.png") # => "/foo.png"
       #
@@ -185,7 +190,7 @@ module ActionView
         return "" if source.blank?
         return source if URI_REGEXP.match?(source)
 
-        tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "".freeze)
+        tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "")
 
         if extname = compute_asset_extname(source, options)
           source = "#{source}#{extname}"
@@ -201,7 +206,7 @@ module ActionView
 
         relative_url_root = defined?(config.relative_url_root) && config.relative_url_root
         if relative_url_root
-          source = File.join(relative_url_root, source) unless source.starts_with?("#{relative_url_root}/")
+          source = File.join(relative_url_root, source) unless source.start_with?("#{relative_url_root}/")
         end
 
         if host = compute_asset_host(source, options)
@@ -322,7 +327,7 @@ module ActionView
       # Since +javascript_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   javascript_url "js/xmlhr.js", host: "http://stage.example.com" # => http://stage.example.com/assets/dir/xmlhr.js
+      #   javascript_url "js/xmlhr.js", host: "http://stage.example.com" # => http://stage.example.com/assets/js/xmlhr.js
       #
       def javascript_url(source, options = {})
         url_to_asset(source, { type: :javascript }.merge!(options))
@@ -349,7 +354,7 @@ module ActionView
       # Since +stylesheet_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   stylesheet_url "css/style.css", host: "http://stage.example.com" # => http://stage.example.com/css/style.css
+      #   stylesheet_url "css/style.css", host: "http://stage.example.com" # => http://stage.example.com/assets/css/style.css
       #
       def stylesheet_url(source, options = {})
         url_to_asset(source, { type: :stylesheet }.merge!(options))
@@ -379,7 +384,7 @@ module ActionView
       # Since +image_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   image_url "edit.png", host: "http://stage.example.com" # => http://stage.example.com/edit.png
+      #   image_url "edit.png", host: "http://stage.example.com" # => http://stage.example.com/assets/edit.png
       #
       def image_url(source, options = {})
         url_to_asset(source, { type: :image }.merge!(options))
@@ -405,7 +410,7 @@ module ActionView
       # Since +video_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   video_url "hd.avi", host: "http://stage.example.com" # => http://stage.example.com/hd.avi
+      #   video_url "hd.avi", host: "http://stage.example.com" # => http://stage.example.com/videos/hd.avi
       #
       def video_url(source, options = {})
         url_to_asset(source, { type: :video }.merge!(options))
@@ -431,7 +436,7 @@ module ActionView
       # Since +audio_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   audio_url "horse.wav", host: "http://stage.example.com" # => http://stage.example.com/horse.wav
+      #   audio_url "horse.wav", host: "http://stage.example.com" # => http://stage.example.com/audios/horse.wav
       #
       def audio_url(source, options = {})
         url_to_asset(source, { type: :audio }.merge!(options))
@@ -456,7 +461,7 @@ module ActionView
       # Since +font_url+ is based on +asset_url+ method you can set :host options. If :host
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
-      #   font_url "font.ttf", host: "http://stage.example.com" # => http://stage.example.com/font.ttf
+      #   font_url "font.ttf", host: "http://stage.example.com" # => http://stage.example.com/fonts/font.ttf
       #
       def font_url(source, options = {})
         url_to_asset(source, { type: :font }.merge!(options))

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
+
 require "set"
+require "active_support/core_ext/symbol/starts_ends_with"
 
 module ActionView
   # = Action View Atom Feed Helpers
-  module Helpers
+  module Helpers #:nodoc:
     module AtomFeedHelper
       # Adds easy defaults to writing Atom feeds with the Builder template engine (this does not work on ERB or any other
       # template languages).
@@ -113,7 +116,7 @@ module ActionView
         end
 
         feed_opts = { "xml:lang" => options[:language] || "en-US", "xmlns" => "http://www.w3.org/2005/Atom" }
-        feed_opts.merge!(options).reject! { |k, v| !k.to_s.match(/^xml/) }
+        feed_opts.merge!(options).select! { |k, _| k.start_with?("xml") }
 
         xml.feed(feed_opts) do
           xml.id(options[:id] || "tag:#{request.host},#{options[:schema_date]}:#{request.fullpath.split(".")[0]}")

data/lib/action_view/helpers/cache_helper.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module ActionView
   # = Action View Cache Helper
-  module Helpers
+  module Helpers #:nodoc:
     module CacheHelper
       # This helper exposes a method for caching fragments of a view
       # rather than an entire action or page. This technique is useful
@@ -8,10 +10,9 @@ module ActionView
       # fragments, and so on. This method takes a block that contains
       # the content you wish to cache.
       #
-      # The best way to use this is by doing key-based cache expiration
-      # on top of a cache store like Memcached that'll automatically
-      # kick out old entries. For more on key-based expiration, see:
-      # http://signalvnoise.com/posts/3113-how-key-based-cache-expiration-works
+      # The best way to use this is by doing recyclable key-based cache expiration
+      # on top of a cache store like Memcached or Redis that'll automatically
+      # kick out old entries.
       #
       # When using this method, you list the cache dependency as the name of the cache, like so:
       #
@@ -23,10 +24,14 @@ module ActionView
       # This approach will assume that when a new topic is added, you'll touch
       # the project. The cache key generated from this call will be something like:
       #
-      #   views/projects/123-20120806214154/7a1156131a6928cb0026877f8b749ac9
-      #         ^class   ^id ^updated_at    ^template tree digest
+      #   views/template/action:7a1156131a6928cb0026877f8b749ac9/projects/123
+      #         ^template path  ^template tree digest            ^class   ^id
       #
-      # The cache is thus automatically bumped whenever the project updated_at is touched.
+      # This cache key is stable, but it's combined with a cache version derived from the project
+      # record. When the project updated_at is touched, the #cache_version changes, even
+      # if the key stays stable. This means that unlike a traditional key-based cache expiration
+      # approach, you won't be generating cache trash, unused keys, simply because the dependent
+      # record is updated.
       #
       # If your template cache depends on multiple sources (try to avoid this to keep things simple),
       # you can name all these dependencies as part of an array:
@@ -106,9 +111,9 @@ module ActionView
       #   <%= render_categorizable_events @person.events %>
       #
       # This marks every template in the directory as a dependency. To find those
-      # templates, the wildcard path must be absolutely defined from app/views or paths
+      # templates, the wildcard path must be absolutely defined from <tt>app/views</tt> or paths
       # otherwise added with +prepend_view_path+ or +append_view_path+.
-      # This way the wildcard for `app/views/recordings/events` would be `recordings/events/*` etc.
+      # This way the wildcard for <tt>app/views/recordings/events</tt> would be <tt>recordings/events/*</tt> etc.
       #
       # The pattern used to match explicit dependencies is <tt>/# Template Dependency: (\S+)/</tt>,
       # so it's important that you type it out just so.
@@ -128,14 +133,14 @@ module ActionView
       #
       # === Collection Caching
       #
-      # When rendering a collection of objects that each use the same partial, a `cached`
+      # When rendering a collection of objects that each use the same partial, a <tt>:cached</tt>
       # option can be passed.
       #
       # For collections rendered such:
       #
       #   <%= render partial: 'projects/project', collection: @projects, cached: true %>
       #
-      # The `cached: true` will make Action View's rendering read several templates
+      # The <tt>cached: true</tt> will make Action View's rendering read several templates
       # from cache at once instead of one call per template.
       #
       # Templates in the collection not already cached are written to cache.
@@ -160,8 +165,8 @@ module ActionView
       # expire the cache.
       def cache(name = {}, options = {}, &block)
         if controller.respond_to?(:perform_caching) && controller.perform_caching
-          name_options = options.slice(:skip_digest, :virtual_path)
-          safe_concat(fragment_for(cache_fragment_name(name, name_options), options, &block))
+          name_options = options.slice(:skip_digest)
+          safe_concat(fragment_for(cache_fragment_name(name, **name_options), options, &block))
         else
           yield
         end
@@ -196,29 +201,35 @@ module ActionView
       end
 
       # This helper returns the name of a cache key for a given fragment cache
-      # call. By supplying +skip_digest:+ true to cache, the digestion of cache
+      # call. By supplying <tt>skip_digest: true</tt> to cache, the digestion of cache
       # fragments can be manually bypassed. This is useful when cache fragments
       # cannot be manually expired unless you know the exact key which is the
       # case when using memcached.
-      #
-      # The digest will be generated using +virtual_path:+ if it is provided.
-      #
-      def cache_fragment_name(name = {}, skip_digest: nil, virtual_path: nil)
+      def cache_fragment_name(name = {}, skip_digest: nil, digest_path: nil)
         if skip_digest
           name
         else
-          fragment_name_with_digest(name, virtual_path)
+          fragment_name_with_digest(name, digest_path)
+        end
+      end
+
+      def digest_path_from_template(template) # :nodoc:
+        digest = Digestor.digest(name: template.virtual_path, format: template.format, finder: lookup_context, dependencies: view_cache_dependencies)
+
+        if digest.present?
+          "#{template.virtual_path}:#{digest}"
+        else
+          template.virtual_path
         end
       end
 
     private
+      def fragment_name_with_digest(name, digest_path)
+        name = controller.url_for(name).split("://").last if name.is_a?(Hash)
 
-      def fragment_name_with_digest(name, virtual_path)
-        virtual_path ||= @virtual_path
-        if virtual_path
-          name = controller.url_for(name).split("://").last if name.is_a?(Hash)
-          digest = Digestor.digest name: virtual_path, finder: lookup_context, dependencies: view_cache_dependencies
-          [ name, digest ]
+        if @current_template&.virtual_path || digest_path
+          digest_path ||= digest_path_from_template(@current_template)
+          [ digest_path, name ]
         else
           name
         end
@@ -226,10 +237,10 @@ module ActionView
 
       def fragment_for(name = {}, options = nil, &block)
         if content = read_fragment_for(name, options)
-          @view_renderer.cache_hits[@virtual_path] = :hit if defined?(@view_renderer)
+          @view_renderer.cache_hits[@current_template&.virtual_path] = :hit if defined?(@view_renderer)
           content
         else
-          @view_renderer.cache_hits[@virtual_path] = :miss if defined?(@view_renderer)
+          @view_renderer.cache_hits[@current_template&.virtual_path] = :miss if defined?(@view_renderer)
           write_fragment_for(name, options, &block)
         end
       end

data/lib/action_view/helpers/capture_helper.rb

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/string/output_safety"
 
 module ActionView
   # = Action View Capture Helper
-  module Helpers
+  module Helpers #:nodoc:
     # CaptureHelper exposes methods to let you extract generated markup which
     # can be used in other parts of a template or layout file.
     #
     # It provides a method to capture blocks into variables through capture and
-    # a way to capture a block of markup for use in a layout through content_for.
+    # a way to capture a block of markup for use in a layout through {content_for}[rdoc-ref:ActionView::Helpers::CaptureHelper#content_for].
     module CaptureHelper
       # The capture method extracts part of a template as a String object.
       # You can then use this object anywhere in your templates, layout, or helpers.
@@ -34,6 +36,10 @@ module ActionView
       #   </body>
       #   </html>
       #
+      # The return of capture is the string generated by the block. For Example:
+      #
+      #   @greeting # => "Welcome to my shiny new web page! The date and time is 2018-09-06 11:09:16 -0500"
+      #
       def capture(*args)
         value = nil
         buffer = with_output_buffer { value = yield(*args) }
@@ -42,7 +48,7 @@ module ActionView
         end
       end
 
-      # Calling content_for stores a block of markup in an identifier for later use.
+      # Calling <tt>content_for</tt> stores a block of markup in an identifier for later use.
       # In order to access this stored content in other templates, helper modules
       # or the layout, you would pass the identifier as an argument to <tt>content_for</tt>.
       #
@@ -108,7 +114,7 @@ module ActionView
       # That will place +script+ tags for your default set of JavaScript files on the page;
       # this technique is useful if you'll only be using these scripts in a few views.
       #
-      # Note that content_for concatenates (default) the blocks it is given for a particular
+      # Note that <tt>content_for</tt> concatenates (default) the blocks it is given for a particular
       # identifier in order. For example:
       #
       #   <% content_for :navigation do %>
@@ -125,7 +131,7 @@ module ActionView
       #
       #   <ul><%= content_for :navigation %></ul>
       #
-      # If the flush parameter is true content_for replaces the blocks it is given. For example:
+      # If the flush parameter is +true+ <tt>content_for</tt> replaces the blocks it is given. For example:
       #
       #   <% content_for :navigation do %>
       #     <li><%= link_to 'Home', action: 'index' %></li>
@@ -145,7 +151,7 @@ module ActionView
       #
       #   <% content_for :script, javascript_include_tag(:defaults) %>
       #
-      # WARNING: content_for is ignored in caches. So you shouldn't use it for elements that will be fragment cached.
+      # WARNING: <tt>content_for</tt> is ignored in caches. So you shouldn't use it for elements that will be fragment cached.
       def content_for(name, content = nil, options = {}, &block)
         if content || block_given?
           if block_given?
@@ -172,7 +178,7 @@ module ActionView
         result unless content
       end
 
-      # content_for? checks whether any content has been captured yet using `content_for`.
+      # <tt>content_for?</tt> checks whether any content has been captured yet using <tt>content_for</tt>.
       # Useful to render parts of your layout differently based on what is in your views.
       #
       #   <%# This is the layout %>

data/lib/action_view/helpers/controller_helper.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/module/attr_internal"
 
 module ActionView
-  module Helpers
+  module Helpers #:nodoc:
     # This module keeps all methods and behavior in ActionView
     # that simply delegates to the controller.
     module ControllerHelper #:nodoc:

data/lib/action_view/helpers/csp_helper.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module ActionView
+  # = Action View CSP Helper
+  module Helpers #:nodoc:
+    module CspHelper
+      # Returns a meta tag "csp-nonce" with the per-session nonce value
+      # for allowing inline <script> tags.
+      #
+      #   <head>
+      #     <%= csp_meta_tag %>
+      #   </head>
+      #
+      # This is used by the Rails UJS helper to create dynamically
+      # loaded inline <script> elements.
+      #
+      def csp_meta_tag(**options)
+        if content_security_policy?
+          options[:name] = "csp-nonce"
+          options[:content] = content_security_policy_nonce
+          tag("meta", options)
+        end
+      end
+    end
+  end
+end