actionview 5.1.7 → 5.2.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +87 -224
- data/MIT-LICENSE +1 -1
- data/README.rdoc +4 -4
- data/lib/action_view.rb +4 -3
- data/lib/action_view/base.rb +8 -10
- data/lib/action_view/buffers.rb +2 -0
- data/lib/action_view/context.rb +2 -2
- data/lib/action_view/dependency_tracker.rb +2 -0
- data/lib/action_view/digestor.rb +7 -7
- data/lib/action_view/flows.rb +2 -0
- data/lib/action_view/gem_version.rb +5 -3
- data/lib/action_view/helpers.rb +4 -0
- data/lib/action_view/helpers/active_model_helper.rb +9 -3
- data/lib/action_view/helpers/asset_tag_helper.rb +180 -34
- data/lib/action_view/helpers/asset_url_helper.rb +19 -17
- data/lib/action_view/helpers/atom_feed_helper.rb +3 -1
- data/lib/action_view/helpers/cache_helper.rb +24 -14
- data/lib/action_view/helpers/capture_helper.rb +9 -7
- data/lib/action_view/helpers/controller_helper.rb +3 -1
- data/lib/action_view/helpers/csp_helper.rb +24 -0
- data/lib/action_view/helpers/csrf_helper.rb +4 -2
- data/lib/action_view/helpers/date_helper.rb +7 -5
- data/lib/action_view/helpers/debug_helper.rb +4 -2
- data/lib/action_view/helpers/form_helper.rb +53 -70
- data/lib/action_view/helpers/form_options_helper.rb +23 -17
- data/lib/action_view/helpers/form_tag_helper.rb +23 -11
- data/lib/action_view/helpers/javascript_helper.rb +20 -5
- data/lib/action_view/helpers/number_helper.rb +2 -0
- data/lib/action_view/helpers/output_safety_helper.rb +2 -0
- data/lib/action_view/helpers/record_tag_helper.rb +3 -1
- data/lib/action_view/helpers/rendering_helper.rb +3 -1
- data/lib/action_view/helpers/sanitize_helper.rb +3 -1
- data/lib/action_view/helpers/tag_helper.rb +2 -2
- data/lib/action_view/helpers/tags.rb +3 -1
- data/lib/action_view/helpers/tags/base.rb +12 -10
- data/lib/action_view/helpers/tags/check_box.rb +3 -1
- data/lib/action_view/helpers/tags/checkable.rb +4 -2
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +2 -0
- data/lib/action_view/helpers/tags/collection_helpers.rb +2 -0
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +2 -0
- data/lib/action_view/helpers/tags/collection_select.rb +3 -1
- data/lib/action_view/helpers/tags/color_field.rb +3 -1
- data/lib/action_view/helpers/tags/date_field.rb +2 -0
- data/lib/action_view/helpers/tags/date_select.rb +3 -1
- data/lib/action_view/helpers/tags/datetime_field.rb +3 -1
- data/lib/action_view/helpers/tags/datetime_local_field.rb +2 -0
- data/lib/action_view/helpers/tags/datetime_select.rb +2 -0
- data/lib/action_view/helpers/tags/email_field.rb +2 -0
- data/lib/action_view/helpers/tags/file_field.rb +2 -0
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +3 -1
- data/lib/action_view/helpers/tags/hidden_field.rb +2 -0
- data/lib/action_view/helpers/tags/label.rb +2 -4
- data/lib/action_view/helpers/tags/month_field.rb +2 -0
- data/lib/action_view/helpers/tags/number_field.rb +2 -0
- data/lib/action_view/helpers/tags/password_field.rb +2 -0
- data/lib/action_view/helpers/tags/placeholderable.rb +2 -0
- data/lib/action_view/helpers/tags/radio_button.rb +3 -1
- data/lib/action_view/helpers/tags/range_field.rb +2 -0
- data/lib/action_view/helpers/tags/search_field.rb +2 -0
- data/lib/action_view/helpers/tags/select.rb +4 -2
- data/lib/action_view/helpers/tags/tel_field.rb +2 -0
- data/lib/action_view/helpers/tags/text_area.rb +3 -1
- data/lib/action_view/helpers/tags/text_field.rb +3 -1
- data/lib/action_view/helpers/tags/time_field.rb +2 -0
- data/lib/action_view/helpers/tags/time_select.rb +2 -0
- data/lib/action_view/helpers/tags/time_zone_select.rb +3 -1
- data/lib/action_view/helpers/tags/translator.rb +2 -0
- data/lib/action_view/helpers/tags/url_field.rb +2 -0
- data/lib/action_view/helpers/tags/week_field.rb +2 -0
- data/lib/action_view/helpers/text_helper.rb +9 -7
- data/lib/action_view/helpers/translation_helper.rb +5 -4
- data/lib/action_view/helpers/url_helper.rb +28 -4
- data/lib/action_view/layouts.rb +7 -5
- data/lib/action_view/log_subscriber.rb +5 -3
- data/lib/action_view/lookup_context.rb +4 -4
- data/lib/action_view/model_naming.rb +2 -0
- data/lib/action_view/path_set.rb +2 -0
- data/lib/action_view/railtie.rb +11 -2
- data/lib/action_view/record_identifier.rb +2 -0
- data/lib/action_view/renderer/abstract_renderer.rb +2 -0
- data/lib/action_view/renderer/partial_renderer.rb +13 -11
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +4 -2
- data/lib/action_view/renderer/renderer.rb +2 -0
- data/lib/action_view/renderer/streaming_template_renderer.rb +5 -1
- data/lib/action_view/renderer/template_renderer.rb +2 -0
- data/lib/action_view/rendering.rb +3 -5
- data/lib/action_view/routing_url_for.rb +2 -0
- data/lib/action_view/tasks/cache_digests.rake +2 -0
- data/lib/action_view/template.rb +6 -4
- data/lib/action_view/template/error.rb +2 -3
- data/lib/action_view/template/handlers.rb +3 -1
- data/lib/action_view/template/handlers/builder.rb +3 -4
- data/lib/action_view/template/handlers/erb.rb +5 -9
- data/lib/action_view/template/handlers/erb/erubi.rb +2 -0
- data/lib/action_view/template/handlers/html.rb +2 -0
- data/lib/action_view/template/handlers/raw.rb +2 -0
- data/lib/action_view/template/html.rb +3 -1
- data/lib/action_view/template/resolver.rb +7 -6
- data/lib/action_view/template/text.rb +3 -1
- data/lib/action_view/template/types.rb +3 -1
- data/lib/action_view/test_case.rb +21 -5
- data/lib/action_view/testing/resolvers.rb +3 -1
- data/lib/action_view/version.rb +2 -0
- data/lib/action_view/view_paths.rb +3 -3
- data/lib/assets/compiled/rails-ujs.js +52 -15
- metadata +12 -13
- data/lib/action_view/template/handlers/erb/deprecated_erubis.rb +0 -9
- data/lib/action_view/template/handlers/erb/erubis.rb +0 -81
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "cgi"
|
2
4
|
require "erb"
|
3
5
|
require "action_view/helpers/form_helper"
|
@@ -7,7 +9,7 @@ require "active_support/core_ext/array/wrap"
|
|
7
9
|
|
8
10
|
module ActionView
|
9
11
|
# = Action View Form Option Helpers
|
10
|
-
module Helpers
|
12
|
+
module Helpers #:nodoc:
|
11
13
|
# Provides a number of methods for turning different kinds of containers into a set of option tags.
|
12
14
|
#
|
13
15
|
# The <tt>collection_select</tt>, <tt>select</tt> and <tt>time_zone_select</tt> methods take an <tt>options</tt> parameter, a hash:
|
@@ -212,9 +214,13 @@ module ActionView
|
|
212
214
|
# * +method+ - The attribute of +object+ corresponding to the select tag
|
213
215
|
# * +collection+ - An array of objects representing the <tt><optgroup></tt> tags.
|
214
216
|
# * +group_method+ - The name of a method which, when called on a member of +collection+, returns an
|
215
|
-
# array of child objects representing the <tt><option></tt> tags.
|
217
|
+
# array of child objects representing the <tt><option></tt> tags. It can also be any object that responds
|
218
|
+
# to +call+, such as a +proc+, that will be called for each member of the +collection+ to retrieve the
|
219
|
+
# value.
|
216
220
|
# * +group_label_method+ - The name of a method which, when called on a member of +collection+, returns a
|
217
|
-
# string to be used as the +label+ attribute for its <tt><optgroup></tt> tag.
|
221
|
+
# string to be used as the +label+ attribute for its <tt><optgroup></tt> tag. It can also be any object
|
222
|
+
# that responds to +call+, such as a +proc+, that will be called for each member of the +collection+ to
|
223
|
+
# retrieve the label.
|
218
224
|
# * +option_key_method+ - The name of a method which, when called on a child object of a member of
|
219
225
|
# +collection+, returns a value to be used as the +value+ attribute for its <tt><option></tt> tag.
|
220
226
|
# * +option_value_method+ - The name of a method which, when called on a child object of a member of
|
@@ -277,17 +283,17 @@ module ActionView
|
|
277
283
|
# Finally, this method supports a <tt>:default</tt> option, which selects
|
278
284
|
# a default ActiveSupport::TimeZone if the object's time zone is +nil+.
|
279
285
|
#
|
280
|
-
# time_zone_select(
|
286
|
+
# time_zone_select("user", "time_zone", nil, include_blank: true)
|
281
287
|
#
|
282
|
-
# time_zone_select(
|
288
|
+
# time_zone_select("user", "time_zone", nil, default: "Pacific Time (US & Canada)")
|
283
289
|
#
|
284
|
-
# time_zone_select(
|
290
|
+
# time_zone_select("user", 'time_zone', ActiveSupport::TimeZone.us_zones, default: "Pacific Time (US & Canada)")
|
285
291
|
#
|
286
|
-
# time_zone_select(
|
292
|
+
# time_zone_select("user", 'time_zone', [ ActiveSupport::TimeZone['Alaska'], ActiveSupport::TimeZone['Hawaii'] ])
|
287
293
|
#
|
288
|
-
# time_zone_select(
|
294
|
+
# time_zone_select("user", 'time_zone', /Australia/)
|
289
295
|
#
|
290
|
-
# time_zone_select(
|
296
|
+
# time_zone_select("user", "time_zone", ActiveSupport::TimeZone.all.sort, model: ActiveSupport::TimeZone)
|
291
297
|
def time_zone_select(object, method, priority_zones = nil, options = {}, html_options = {})
|
292
298
|
Tags::TimeZoneSelect.new(object, method, self, priority_zones, options, html_options).render
|
293
299
|
end
|
@@ -455,9 +461,9 @@ module ActionView
|
|
455
461
|
def option_groups_from_collection_for_select(collection, group_method, group_label_method, option_key_method, option_value_method, selected_key = nil)
|
456
462
|
collection.map do |group|
|
457
463
|
option_tags = options_from_collection_for_select(
|
458
|
-
group
|
464
|
+
value_for_collection(group, group_method), option_key_method, option_value_method, selected_key)
|
459
465
|
|
460
|
-
content_tag("optgroup".freeze, option_tags, label: group
|
466
|
+
content_tag("optgroup".freeze, option_tags, label: value_for_collection(group, group_label_method))
|
461
467
|
end.join.html_safe
|
462
468
|
end
|
463
469
|
|
@@ -814,7 +820,7 @@ module ActionView
|
|
814
820
|
#
|
815
821
|
# Please refer to the documentation of the base helper for details.
|
816
822
|
def select(method, choices = nil, options = {}, html_options = {}, &block)
|
817
|
-
@template.select(@object_name, method, choices, objectify_options(options), @
|
823
|
+
@template.select(@object_name, method, choices, objectify_options(options), @default_html_options.merge(html_options), &block)
|
818
824
|
end
|
819
825
|
|
820
826
|
# Wraps ActionView::Helpers::FormOptionsHelper#collection_select for form builders:
|
@@ -826,7 +832,7 @@ module ActionView
|
|
826
832
|
#
|
827
833
|
# Please refer to the documentation of the base helper for details.
|
828
834
|
def collection_select(method, collection, value_method, text_method, options = {}, html_options = {})
|
829
|
-
@template.collection_select(@object_name, method, collection, value_method, text_method, objectify_options(options), @
|
835
|
+
@template.collection_select(@object_name, method, collection, value_method, text_method, objectify_options(options), @default_html_options.merge(html_options))
|
830
836
|
end
|
831
837
|
|
832
838
|
# Wraps ActionView::Helpers::FormOptionsHelper#grouped_collection_select for form builders:
|
@@ -838,7 +844,7 @@ module ActionView
|
|
838
844
|
#
|
839
845
|
# Please refer to the documentation of the base helper for details.
|
840
846
|
def grouped_collection_select(method, collection, group_method, group_label_method, option_key_method, option_value_method, options = {}, html_options = {})
|
841
|
-
@template.grouped_collection_select(@object_name, method, collection, group_method, group_label_method, option_key_method, option_value_method, objectify_options(options), @
|
847
|
+
@template.grouped_collection_select(@object_name, method, collection, group_method, group_label_method, option_key_method, option_value_method, objectify_options(options), @default_html_options.merge(html_options))
|
842
848
|
end
|
843
849
|
|
844
850
|
# Wraps ActionView::Helpers::FormOptionsHelper#time_zone_select for form builders:
|
@@ -850,7 +856,7 @@ module ActionView
|
|
850
856
|
#
|
851
857
|
# Please refer to the documentation of the base helper for details.
|
852
858
|
def time_zone_select(method, priority_zones = nil, options = {}, html_options = {})
|
853
|
-
@template.time_zone_select(@object_name, method, priority_zones, objectify_options(options), @
|
859
|
+
@template.time_zone_select(@object_name, method, priority_zones, objectify_options(options), @default_html_options.merge(html_options))
|
854
860
|
end
|
855
861
|
|
856
862
|
# Wraps ActionView::Helpers::FormOptionsHelper#collection_check_boxes for form builders:
|
@@ -862,7 +868,7 @@ module ActionView
|
|
862
868
|
#
|
863
869
|
# Please refer to the documentation of the base helper for details.
|
864
870
|
def collection_check_boxes(method, collection, value_method, text_method, options = {}, html_options = {}, &block)
|
865
|
-
@template.collection_check_boxes(@object_name, method, collection, value_method, text_method, objectify_options(options), @
|
871
|
+
@template.collection_check_boxes(@object_name, method, collection, value_method, text_method, objectify_options(options), @default_html_options.merge(html_options), &block)
|
866
872
|
end
|
867
873
|
|
868
874
|
# Wraps ActionView::Helpers::FormOptionsHelper#collection_radio_buttons for form builders:
|
@@ -874,7 +880,7 @@ module ActionView
|
|
874
880
|
#
|
875
881
|
# Please refer to the documentation of the base helper for details.
|
876
882
|
def collection_radio_buttons(method, collection, value_method, text_method, options = {}, html_options = {}, &block)
|
877
|
-
@template.collection_radio_buttons(@object_name, method, collection, value_method, text_method, objectify_options(options), @
|
883
|
+
@template.collection_radio_buttons(@object_name, method, collection, value_method, text_method, objectify_options(options), @default_html_options.merge(html_options), &block)
|
878
884
|
end
|
879
885
|
end
|
880
886
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "cgi"
|
2
4
|
require "action_view/helpers/tag_helper"
|
3
5
|
require "active_support/core_ext/string/output_safety"
|
@@ -5,7 +7,7 @@ require "active_support/core_ext/module/attribute_accessors"
|
|
5
7
|
|
6
8
|
module ActionView
|
7
9
|
# = Action View Form Tag Helpers
|
8
|
-
module Helpers
|
10
|
+
module Helpers #:nodoc:
|
9
11
|
# Provides a number of methods for creating form tags that don't rely on an Active Record object assigned to the template like
|
10
12
|
# FormHelper does. Instead, you provide the names and values manually.
|
11
13
|
#
|
@@ -113,7 +115,7 @@ module ActionView
|
|
113
115
|
# # <option>Write</option></select>
|
114
116
|
#
|
115
117
|
# select_tag "people", options_from_collection_for_select(@people, "id", "name"), include_blank: true
|
116
|
-
# # => <select id="people" name="people"><option value=""></option><option value="1">David</option></select>
|
118
|
+
# # => <select id="people" name="people"><option value="" label=" "></option><option value="1">David</option></select>
|
117
119
|
#
|
118
120
|
# select_tag "people", options_from_collection_for_select(@people, "id", "name"), include_blank: "All"
|
119
121
|
# # => <select id="people" name="people"><option value="">All</option><option value="1">David</option></select>
|
@@ -161,6 +163,8 @@ module ActionView
|
|
161
163
|
# * <tt>:size</tt> - The number of visible characters that will fit in the input.
|
162
164
|
# * <tt>:maxlength</tt> - The maximum number of characters that the browser will allow the user to enter.
|
163
165
|
# * <tt>:placeholder</tt> - The text contained in the field by default which is removed when the field receives focus.
|
166
|
+
# If set to true, use a translation is found in the current I18n locale
|
167
|
+
# (through helpers.placeholders.<modelname>.<attribute>).
|
164
168
|
# * Any other key creates standard HTML attributes for the tag.
|
165
169
|
#
|
166
170
|
# ==== Examples
|
@@ -272,7 +276,7 @@ module ActionView
|
|
272
276
|
# file_field_tag 'file', accept: 'text/html', class: 'upload', value: 'index.html'
|
273
277
|
# # => <input accept="text/html" class="upload" id="file" name="file" type="file" value="index.html" />
|
274
278
|
def file_field_tag(name, options = {})
|
275
|
-
text_field_tag(name, nil, options.merge(type: :file))
|
279
|
+
text_field_tag(name, nil, convert_direct_upload_option_to_url(options.merge(type: :file)))
|
276
280
|
end
|
277
281
|
|
278
282
|
# Creates a password field, a masked text field that will hide the users input behind a mask character.
|
@@ -392,7 +396,7 @@ module ActionView
|
|
392
396
|
# # => <input checked="checked" id="receive_updates_no" name="receive_updates" type="radio" value="no" />
|
393
397
|
#
|
394
398
|
# radio_button_tag 'time_slot', "3:00 p.m.", false, disabled: true
|
395
|
-
# # => <input disabled="disabled" id="
|
399
|
+
# # => <input disabled="disabled" id="time_slot_3:00_p.m." name="time_slot" type="radio" value="3:00 p.m." />
|
396
400
|
#
|
397
401
|
# radio_button_tag 'color', "green", true, class: "color_input"
|
398
402
|
# # => <input checked="checked" class="color_input" id="color_green" name="color" type="radio" value="green" />
|
@@ -454,7 +458,7 @@ module ActionView
|
|
454
458
|
# submit tag but it isn't supported in legacy browsers. However,
|
455
459
|
# the button tag does allow for richer labels such as images and emphasis,
|
456
460
|
# so this helper will also accept a block. By default, it will create
|
457
|
-
# a button tag with type
|
461
|
+
# a button tag with type <tt>submit</tt>, if type is not given.
|
458
462
|
#
|
459
463
|
# ==== Options
|
460
464
|
# * <tt>:data</tt> - This option can be used to add custom data attributes.
|
@@ -532,22 +536,23 @@ module ActionView
|
|
532
536
|
#
|
533
537
|
# ==== Examples
|
534
538
|
# image_submit_tag("login.png")
|
535
|
-
# # => <input
|
539
|
+
# # => <input src="/assets/login.png" type="image" />
|
536
540
|
#
|
537
541
|
# image_submit_tag("purchase.png", disabled: true)
|
538
|
-
# # => <input
|
542
|
+
# # => <input disabled="disabled" src="/assets/purchase.png" type="image" />
|
539
543
|
#
|
540
544
|
# image_submit_tag("search.png", class: 'search_button', alt: 'Find')
|
541
|
-
# # => <input
|
545
|
+
# # => <input class="search_button" src="/assets/search.png" type="image" />
|
542
546
|
#
|
543
547
|
# image_submit_tag("agree.png", disabled: true, class: "agree_disagree_button")
|
544
|
-
# # => <input
|
548
|
+
# # => <input class="agree_disagree_button" disabled="disabled" src="/assets/agree.png" type="image" />
|
545
549
|
#
|
546
550
|
# image_submit_tag("save.png", data: { confirm: "Are you sure?" })
|
547
|
-
# # => <input
|
551
|
+
# # => <input src="/assets/save.png" data-confirm="Are you sure?" type="image" />
|
548
552
|
def image_submit_tag(source, options = {})
|
549
553
|
options = options.stringify_keys
|
550
|
-
|
554
|
+
src = path_to_image(source, skip_pipeline: options.delete("skip_pipeline"))
|
555
|
+
tag :input, { "type" => "image", "src" => src }.update(options)
|
551
556
|
end
|
552
557
|
|
553
558
|
# Creates a field set for grouping HTML form elements.
|
@@ -902,6 +907,13 @@ module ActionView
|
|
902
907
|
|
903
908
|
tag_options.delete("data-disable-with")
|
904
909
|
end
|
910
|
+
|
911
|
+
def convert_direct_upload_option_to_url(options)
|
912
|
+
if options.delete(:direct_upload) && respond_to?(:rails_direct_uploads_url)
|
913
|
+
options["data-direct-upload-url"] = rails_direct_uploads_url
|
914
|
+
end
|
915
|
+
options
|
916
|
+
end
|
905
917
|
end
|
906
918
|
end
|
907
919
|
end
|
@@ -1,7 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tag_helper"
|
2
4
|
|
3
5
|
module ActionView
|
4
|
-
module Helpers
|
6
|
+
module Helpers #:nodoc:
|
5
7
|
module JavaScriptHelper
|
6
8
|
JS_ESCAPE_MAP = {
|
7
9
|
'\\' => '\\\\',
|
@@ -10,11 +12,13 @@ module ActionView
|
|
10
12
|
"\n" => '\n',
|
11
13
|
"\r" => '\n',
|
12
14
|
'"' => '\\"',
|
13
|
-
"'" => "\\'"
|
15
|
+
"'" => "\\'",
|
16
|
+
"`" => "\\`",
|
17
|
+
"$" => "\\$"
|
14
18
|
}
|
15
19
|
|
16
|
-
JS_ESCAPE_MAP["\342\200\250".force_encoding(Encoding::UTF_8).encode!] = "
"
|
17
|
-
JS_ESCAPE_MAP["\342\200\251".force_encoding(Encoding::UTF_8).encode!] = "
"
|
20
|
+
JS_ESCAPE_MAP["\342\200\250".dup.force_encoding(Encoding::UTF_8).encode!] = "
"
|
21
|
+
JS_ESCAPE_MAP["\342\200\251".dup.force_encoding(Encoding::UTF_8).encode!] = "
"
|
18
22
|
|
19
23
|
# Escapes carriage returns and single and double quotes for JavaScript segments.
|
20
24
|
#
|
@@ -24,7 +28,7 @@ module ActionView
|
|
24
28
|
# $('some_element').replaceWith('<%= j render 'some/element_template' %>');
|
25
29
|
def escape_javascript(javascript)
|
26
30
|
if javascript
|
27
|
-
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] }
|
31
|
+
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) { |match| JS_ESCAPE_MAP[match] }
|
28
32
|
javascript.html_safe? ? result.html_safe : result
|
29
33
|
else
|
30
34
|
""
|
@@ -61,6 +65,13 @@ module ActionView
|
|
61
65
|
# <%= javascript_tag defer: 'defer' do -%>
|
62
66
|
# alert('All is good')
|
63
67
|
# <% end -%>
|
68
|
+
#
|
69
|
+
# If you have a content security policy enabled then you can add an automatic
|
70
|
+
# nonce value by passing +nonce: true+ as part of +html_options+. Example:
|
71
|
+
#
|
72
|
+
# <%= javascript_tag nonce: true do -%>
|
73
|
+
# alert('All is good')
|
74
|
+
# <% end -%>
|
64
75
|
def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block)
|
65
76
|
content =
|
66
77
|
if block_given?
|
@@ -70,6 +81,10 @@ module ActionView
|
|
70
81
|
content_or_options_with_block
|
71
82
|
end
|
72
83
|
|
84
|
+
if html_options[:nonce] == true
|
85
|
+
html_options[:nonce] = content_security_policy_nonce
|
86
|
+
end
|
87
|
+
|
73
88
|
content_tag("script".freeze, javascript_cdata_section(content), html_options)
|
74
89
|
end
|
75
90
|
|
@@ -1,9 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/object/try"
|
2
4
|
require "rails-html-sanitizer"
|
3
5
|
|
4
6
|
module ActionView
|
5
7
|
# = Action View Sanitize Helpers
|
6
|
-
module Helpers
|
8
|
+
module Helpers #:nodoc:
|
7
9
|
# The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements.
|
8
10
|
# These helper methods extend Action View making them callable within your template files.
|
9
11
|
module SanitizeHelper
|
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "active_support/core_ext/string/output_safety"
|
4
4
|
require "set"
|
@@ -166,7 +166,7 @@ module ActionView
|
|
166
166
|
# This may come in handy when using jQuery's HTML5-aware <tt>.data()</tt>
|
167
167
|
# from 1.4.3.
|
168
168
|
#
|
169
|
-
# tag.div data: { city_state: %w(
|
169
|
+
# tag.div data: { city_state: %w( Chicago IL ) }
|
170
170
|
# # => <div data-city-state="["Chicago","IL"]"></div>
|
171
171
|
#
|
172
172
|
# The generated attributes are escaped by default. This can be disabled using
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -33,7 +35,7 @@ module ActionView
|
|
33
35
|
|
34
36
|
private
|
35
37
|
|
36
|
-
def value
|
38
|
+
def value
|
37
39
|
if @allow_method_names_outside_object
|
38
40
|
object.public_send @method_name if object && object.respond_to?(@method_name)
|
39
41
|
else
|
@@ -41,19 +43,19 @@ module ActionView
|
|
41
43
|
end
|
42
44
|
end
|
43
45
|
|
44
|
-
def value_before_type_cast
|
46
|
+
def value_before_type_cast
|
45
47
|
unless object.nil?
|
46
48
|
method_before_type_cast = @method_name + "_before_type_cast"
|
47
49
|
|
48
|
-
if value_came_from_user?
|
50
|
+
if value_came_from_user? && object.respond_to?(method_before_type_cast)
|
49
51
|
object.public_send(method_before_type_cast)
|
50
52
|
else
|
51
|
-
value
|
53
|
+
value
|
52
54
|
end
|
53
55
|
end
|
54
56
|
end
|
55
57
|
|
56
|
-
def value_came_from_user?
|
58
|
+
def value_came_from_user?
|
57
59
|
method_name = "#{@method_name}_came_from_user?"
|
58
60
|
!object.respond_to?(method_name) || object.public_send(method_name)
|
59
61
|
end
|
@@ -95,7 +97,7 @@ module ActionView
|
|
95
97
|
index = name_and_id_index(options)
|
96
98
|
options["name"] = options.fetch("name") { tag_name(options["multiple"], index) }
|
97
99
|
|
98
|
-
|
100
|
+
if generate_ids?
|
99
101
|
options["id"] = options.fetch("id") { tag_id(index) }
|
100
102
|
if namespace = options.delete("namespace")
|
101
103
|
options["id"] = options["id"] ? "#{namespace}_#{options['id']}" : namespace
|
@@ -148,8 +150,8 @@ module ActionView
|
|
148
150
|
options[:include_blank] ||= true unless options[:prompt]
|
149
151
|
end
|
150
152
|
|
151
|
-
value = options.fetch(:selected) { value(
|
152
|
-
select = content_tag("select", add_options(option_tags, options, value), html_options
|
153
|
+
value = options.fetch(:selected) { value() }
|
154
|
+
select = content_tag("select", add_options(option_tags, options, value), html_options)
|
153
155
|
|
154
156
|
if html_options["multiple"] && options.fetch(:include_hidden, true)
|
155
157
|
tag("input", disabled: html_options["disabled"], name: html_options["name"], type: "hidden", value: "") + select
|
@@ -181,8 +183,8 @@ module ActionView
|
|
181
183
|
end
|
182
184
|
end
|
183
185
|
|
184
|
-
def
|
185
|
-
|
186
|
+
def generate_ids?
|
187
|
+
!@skip_default_ids
|
186
188
|
end
|
187
189
|
end
|
188
190
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tags/checkable"
|
2
4
|
|
3
5
|
module ActionView
|
@@ -16,7 +18,7 @@ module ActionView
|
|
16
18
|
options = @options.stringify_keys
|
17
19
|
options["type"] = "checkbox"
|
18
20
|
options["value"] = @checked_value
|
19
|
-
options["checked"] = "checked" if input_checked?(
|
21
|
+
options["checked"] = "checked" if input_checked?(options)
|
20
22
|
|
21
23
|
if options["multiple"]
|
22
24
|
add_default_name_and_id_for_value(@checked_value, options)
|
@@ -1,13 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
4
6
|
module Checkable # :nodoc:
|
5
|
-
def input_checked?(
|
7
|
+
def input_checked?(options)
|
6
8
|
if options.has_key?("checked")
|
7
9
|
checked = options.delete "checked"
|
8
10
|
checked == true || checked == "checked"
|
9
11
|
else
|
10
|
-
checked?(value
|
12
|
+
checked?(value)
|
11
13
|
end
|
12
14
|
end
|
13
15
|
end
|