actionview 5.1.7 → 5.2.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +87 -224
- data/MIT-LICENSE +1 -1
- data/README.rdoc +4 -4
- data/lib/action_view.rb +4 -3
- data/lib/action_view/base.rb +8 -10
- data/lib/action_view/buffers.rb +2 -0
- data/lib/action_view/context.rb +2 -2
- data/lib/action_view/dependency_tracker.rb +2 -0
- data/lib/action_view/digestor.rb +7 -7
- data/lib/action_view/flows.rb +2 -0
- data/lib/action_view/gem_version.rb +5 -3
- data/lib/action_view/helpers.rb +4 -0
- data/lib/action_view/helpers/active_model_helper.rb +9 -3
- data/lib/action_view/helpers/asset_tag_helper.rb +180 -34
- data/lib/action_view/helpers/asset_url_helper.rb +19 -17
- data/lib/action_view/helpers/atom_feed_helper.rb +3 -1
- data/lib/action_view/helpers/cache_helper.rb +24 -14
- data/lib/action_view/helpers/capture_helper.rb +9 -7
- data/lib/action_view/helpers/controller_helper.rb +3 -1
- data/lib/action_view/helpers/csp_helper.rb +24 -0
- data/lib/action_view/helpers/csrf_helper.rb +4 -2
- data/lib/action_view/helpers/date_helper.rb +7 -5
- data/lib/action_view/helpers/debug_helper.rb +4 -2
- data/lib/action_view/helpers/form_helper.rb +53 -70
- data/lib/action_view/helpers/form_options_helper.rb +23 -17
- data/lib/action_view/helpers/form_tag_helper.rb +23 -11
- data/lib/action_view/helpers/javascript_helper.rb +20 -5
- data/lib/action_view/helpers/number_helper.rb +2 -0
- data/lib/action_view/helpers/output_safety_helper.rb +2 -0
- data/lib/action_view/helpers/record_tag_helper.rb +3 -1
- data/lib/action_view/helpers/rendering_helper.rb +3 -1
- data/lib/action_view/helpers/sanitize_helper.rb +3 -1
- data/lib/action_view/helpers/tag_helper.rb +2 -2
- data/lib/action_view/helpers/tags.rb +3 -1
- data/lib/action_view/helpers/tags/base.rb +12 -10
- data/lib/action_view/helpers/tags/check_box.rb +3 -1
- data/lib/action_view/helpers/tags/checkable.rb +4 -2
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +2 -0
- data/lib/action_view/helpers/tags/collection_helpers.rb +2 -0
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +2 -0
- data/lib/action_view/helpers/tags/collection_select.rb +3 -1
- data/lib/action_view/helpers/tags/color_field.rb +3 -1
- data/lib/action_view/helpers/tags/date_field.rb +2 -0
- data/lib/action_view/helpers/tags/date_select.rb +3 -1
- data/lib/action_view/helpers/tags/datetime_field.rb +3 -1
- data/lib/action_view/helpers/tags/datetime_local_field.rb +2 -0
- data/lib/action_view/helpers/tags/datetime_select.rb +2 -0
- data/lib/action_view/helpers/tags/email_field.rb +2 -0
- data/lib/action_view/helpers/tags/file_field.rb +2 -0
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +3 -1
- data/lib/action_view/helpers/tags/hidden_field.rb +2 -0
- data/lib/action_view/helpers/tags/label.rb +2 -4
- data/lib/action_view/helpers/tags/month_field.rb +2 -0
- data/lib/action_view/helpers/tags/number_field.rb +2 -0
- data/lib/action_view/helpers/tags/password_field.rb +2 -0
- data/lib/action_view/helpers/tags/placeholderable.rb +2 -0
- data/lib/action_view/helpers/tags/radio_button.rb +3 -1
- data/lib/action_view/helpers/tags/range_field.rb +2 -0
- data/lib/action_view/helpers/tags/search_field.rb +2 -0
- data/lib/action_view/helpers/tags/select.rb +4 -2
- data/lib/action_view/helpers/tags/tel_field.rb +2 -0
- data/lib/action_view/helpers/tags/text_area.rb +3 -1
- data/lib/action_view/helpers/tags/text_field.rb +3 -1
- data/lib/action_view/helpers/tags/time_field.rb +2 -0
- data/lib/action_view/helpers/tags/time_select.rb +2 -0
- data/lib/action_view/helpers/tags/time_zone_select.rb +3 -1
- data/lib/action_view/helpers/tags/translator.rb +2 -0
- data/lib/action_view/helpers/tags/url_field.rb +2 -0
- data/lib/action_view/helpers/tags/week_field.rb +2 -0
- data/lib/action_view/helpers/text_helper.rb +9 -7
- data/lib/action_view/helpers/translation_helper.rb +5 -4
- data/lib/action_view/helpers/url_helper.rb +28 -4
- data/lib/action_view/layouts.rb +7 -5
- data/lib/action_view/log_subscriber.rb +5 -3
- data/lib/action_view/lookup_context.rb +4 -4
- data/lib/action_view/model_naming.rb +2 -0
- data/lib/action_view/path_set.rb +2 -0
- data/lib/action_view/railtie.rb +11 -2
- data/lib/action_view/record_identifier.rb +2 -0
- data/lib/action_view/renderer/abstract_renderer.rb +2 -0
- data/lib/action_view/renderer/partial_renderer.rb +13 -11
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +4 -2
- data/lib/action_view/renderer/renderer.rb +2 -0
- data/lib/action_view/renderer/streaming_template_renderer.rb +5 -1
- data/lib/action_view/renderer/template_renderer.rb +2 -0
- data/lib/action_view/rendering.rb +3 -5
- data/lib/action_view/routing_url_for.rb +2 -0
- data/lib/action_view/tasks/cache_digests.rake +2 -0
- data/lib/action_view/template.rb +6 -4
- data/lib/action_view/template/error.rb +2 -3
- data/lib/action_view/template/handlers.rb +3 -1
- data/lib/action_view/template/handlers/builder.rb +3 -4
- data/lib/action_view/template/handlers/erb.rb +5 -9
- data/lib/action_view/template/handlers/erb/erubi.rb +2 -0
- data/lib/action_view/template/handlers/html.rb +2 -0
- data/lib/action_view/template/handlers/raw.rb +2 -0
- data/lib/action_view/template/html.rb +3 -1
- data/lib/action_view/template/resolver.rb +7 -6
- data/lib/action_view/template/text.rb +3 -1
- data/lib/action_view/template/types.rb +3 -1
- data/lib/action_view/test_case.rb +21 -5
- data/lib/action_view/testing/resolvers.rb +3 -1
- data/lib/action_view/version.rb +2 -0
- data/lib/action_view/view_paths.rb +3 -3
- data/lib/assets/compiled/rails-ujs.js +52 -15
- metadata +12 -13
- data/lib/action_view/template/handlers/erb/deprecated_erubis.rb +0 -9
- data/lib/action_view/template/handlers/erb/erubis.rb +0 -81
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -13,7 +15,7 @@ module ActionView
|
|
13
15
|
|
14
16
|
def render
|
15
17
|
option_tags_options = {
|
16
|
-
selected: @options.fetch(:selected) { value
|
18
|
+
selected: @options.fetch(:selected) { value },
|
17
19
|
disabled: @options[:disabled]
|
18
20
|
}
|
19
21
|
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
4
6
|
class ColorField < TextField # :nodoc:
|
5
7
|
def render
|
6
8
|
options = @options.stringify_keys
|
7
|
-
options["value"] ||= validate_color_string(value
|
9
|
+
options["value"] ||= validate_color_string(value)
|
8
10
|
@options = options
|
9
11
|
super
|
10
12
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/time/calculations"
|
2
4
|
|
3
5
|
module ActionView
|
@@ -27,7 +29,7 @@ module ActionView
|
|
27
29
|
end
|
28
30
|
|
29
31
|
def datetime_selector(options, html_options)
|
30
|
-
datetime = options.fetch(:selected) { value
|
32
|
+
datetime = options.fetch(:selected) { value || default_datetime(options) }
|
31
33
|
@auto_index ||= nil
|
32
34
|
|
33
35
|
options = options.dup
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
4
6
|
class DatetimeField < TextField # :nodoc:
|
5
7
|
def render
|
6
8
|
options = @options.stringify_keys
|
7
|
-
options["value"] ||= format_date(value
|
9
|
+
options["value"] ||= format_date(value)
|
8
10
|
options["min"] = format_date(datetime_value(options["min"]))
|
9
11
|
options["max"] = format_date(datetime_value(options["max"]))
|
10
12
|
@options = options
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -15,7 +17,7 @@ module ActionView
|
|
15
17
|
|
16
18
|
def render
|
17
19
|
option_tags_options = {
|
18
|
-
selected: @options.fetch(:selected) { value
|
20
|
+
selected: @options.fetch(:selected) { value },
|
19
21
|
disabled: @options[:disabled]
|
20
22
|
}
|
21
23
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -73,10 +75,6 @@ module ActionView
|
|
73
75
|
def render_component(builder)
|
74
76
|
builder.translation
|
75
77
|
end
|
76
|
-
|
77
|
-
def skip_default_ids?
|
78
|
-
false # The id is used as the `for` attribute.
|
79
|
-
end
|
80
78
|
end
|
81
79
|
end
|
82
80
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tags/checkable"
|
2
4
|
|
3
5
|
module ActionView
|
@@ -15,7 +17,7 @@ module ActionView
|
|
15
17
|
options = @options.stringify_keys
|
16
18
|
options["type"] = "radio"
|
17
19
|
options["value"] = @tag_value
|
18
|
-
options["checked"] = "checked" if input_checked?(
|
20
|
+
options["checked"] = "checked" if input_checked?(options)
|
19
21
|
add_default_name_and_id_for_value(@tag_value, options)
|
20
22
|
tag("input", options)
|
21
23
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -13,7 +15,7 @@ module ActionView
|
|
13
15
|
|
14
16
|
def render
|
15
17
|
option_tags_options = {
|
16
|
-
selected: @options.fetch(:selected) { value
|
18
|
+
selected: @options.fetch(:selected) { value },
|
17
19
|
disabled: @options[:disabled]
|
18
20
|
}
|
19
21
|
|
@@ -33,7 +35,7 @@ module ActionView
|
|
33
35
|
# [nil, []]
|
34
36
|
# { nil => [] }
|
35
37
|
def grouped_choices?
|
36
|
-
!@choices.
|
38
|
+
!@choices.blank? && @choices.first.respond_to?(:last) && Array === @choices.first.last
|
37
39
|
end
|
38
40
|
end
|
39
41
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tags/placeholderable"
|
2
4
|
|
3
5
|
module ActionView
|
@@ -14,7 +16,7 @@ module ActionView
|
|
14
16
|
options["cols"], options["rows"] = size.split("x") if size.respond_to?(:split)
|
15
17
|
end
|
16
18
|
|
17
|
-
content_tag("textarea", options.delete("value") { value_before_type_cast
|
19
|
+
content_tag("textarea", options.delete("value") { value_before_type_cast }, options)
|
18
20
|
end
|
19
21
|
end
|
20
22
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tags/placeholderable"
|
2
4
|
|
3
5
|
module ActionView
|
@@ -10,7 +12,7 @@ module ActionView
|
|
10
12
|
options = @options.stringify_keys
|
11
13
|
options["size"] = options["maxlength"] unless options.key?("size")
|
12
14
|
options["type"] ||= field_type
|
13
|
-
options["value"] = options.fetch("value") { value_before_type_cast
|
15
|
+
options["value"] = options.fetch("value") { value_before_type_cast } unless field_type == "file"
|
14
16
|
add_default_name_and_id(options)
|
15
17
|
tag("input", options)
|
16
18
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionView
|
2
4
|
module Helpers
|
3
5
|
module Tags # :nodoc:
|
@@ -11,7 +13,7 @@ module ActionView
|
|
11
13
|
|
12
14
|
def render
|
13
15
|
select_content_tag(
|
14
|
-
time_zone_options_for_select(value
|
16
|
+
time_zone_options_for_select(value || @options[:default], @priority_zones, @options[:model] || ActiveSupport::TimeZone), @options, @html_options
|
15
17
|
)
|
16
18
|
end
|
17
19
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/string/filters"
|
2
4
|
require "active_support/core_ext/array/extract_options"
|
3
5
|
|
@@ -11,9 +13,9 @@ module ActionView
|
|
11
13
|
#
|
12
14
|
# ==== Sanitization
|
13
15
|
#
|
14
|
-
# Most text helpers
|
15
|
-
# This means HTML tags will appear in the page but all malicious
|
16
|
-
# Let's look at some examples using the +simple_format+ method:
|
16
|
+
# Most text helpers that generate HTML output sanitize the given input by default,
|
17
|
+
# but do not escape it. This means HTML tags will appear in the page but all malicious
|
18
|
+
# code will be removed. Let's look at some examples using the +simple_format+ method:
|
17
19
|
#
|
18
20
|
# simple_format('<a href="http://example.com/">Example</a>')
|
19
21
|
# # => "<p><a href=\"http://example.com/\">Example</a></p>"
|
@@ -126,7 +128,7 @@ module ActionView
|
|
126
128
|
# # => You searched for: <a href="search?q=rails">rails</a>
|
127
129
|
#
|
128
130
|
# highlight('<a href="javascript:alert(\'no!\')">ruby</a> on rails', 'rails', sanitize: false)
|
129
|
-
# # =>
|
131
|
+
# # => <a href="javascript:alert('no!')">ruby</a> on <mark>rails</mark>
|
130
132
|
def highlight(text, phrases, options = {})
|
131
133
|
text = sanitize(text) if options.fetch(:sanitize, true)
|
132
134
|
|
@@ -226,7 +228,7 @@ module ActionView
|
|
226
228
|
# pluralize(2, 'Person', locale: :de)
|
227
229
|
# # => 2 Personen
|
228
230
|
def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale)
|
229
|
-
word = if (count == 1 || count =~ /^1(\.0+)?$/)
|
231
|
+
word = if (count == 1 || count.to_s =~ /^1(\.0+)?$/)
|
230
232
|
singular
|
231
233
|
else
|
232
234
|
plural || singular.pluralize(locale)
|
@@ -420,7 +422,7 @@ module ActionView
|
|
420
422
|
def to_s
|
421
423
|
value = @values[@index].to_s
|
422
424
|
@index = next_index
|
423
|
-
|
425
|
+
value
|
424
426
|
end
|
425
427
|
|
426
428
|
private
|
@@ -444,7 +446,7 @@ module ActionView
|
|
444
446
|
# uses an instance variable of ActionView::Base.
|
445
447
|
def get_cycle(name)
|
446
448
|
@_cycles = Hash.new unless defined?(@_cycles)
|
447
|
-
|
449
|
+
@_cycles[name]
|
448
450
|
end
|
449
451
|
|
450
452
|
def set_cycle(name, cycle_object)
|
@@ -1,18 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/tag_helper"
|
2
4
|
require "active_support/core_ext/string/access"
|
3
5
|
require "i18n/exceptions"
|
4
6
|
|
5
7
|
module ActionView
|
6
8
|
# = Action View Translation Helpers
|
7
|
-
module Helpers
|
9
|
+
module Helpers #:nodoc:
|
8
10
|
module TranslationHelper
|
9
11
|
extend ActiveSupport::Concern
|
10
12
|
|
11
13
|
include TagHelper
|
12
14
|
|
13
15
|
included do
|
14
|
-
mattr_accessor :debug_missing_translation
|
15
|
-
self.debug_missing_translation = true
|
16
|
+
mattr_accessor :debug_missing_translation, default: true
|
16
17
|
end
|
17
18
|
|
18
19
|
# Delegates to <tt>I18n#translate</tt> but also performs three additional
|
@@ -96,7 +97,7 @@ module ActionView
|
|
96
97
|
raise e if raise_error
|
97
98
|
|
98
99
|
keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope])
|
99
|
-
title = "translation missing: #{keys.join('.')}"
|
100
|
+
title = "translation missing: #{keys.join('.')}".dup
|
100
101
|
|
101
102
|
interpolations = options.except(:default, :scope)
|
102
103
|
if interpolations.any?
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_view/helpers/javascript_helper"
|
2
4
|
require "active_support/core_ext/array/access"
|
3
5
|
require "active_support/core_ext/hash/keys"
|
@@ -137,6 +139,11 @@ module ActionView
|
|
137
139
|
# link_to "Profiles", controller: "profiles"
|
138
140
|
# # => <a href="/profiles">Profiles</a>
|
139
141
|
#
|
142
|
+
# When name is +nil+ the href is presented instead
|
143
|
+
#
|
144
|
+
# link_to nil, "http://example.com"
|
145
|
+
# # => <a href="http://www.example.com">http://www.example.com</a>
|
146
|
+
#
|
140
147
|
# You can use a block as well if your link target is hard to fit into the name parameter. ERB example:
|
141
148
|
#
|
142
149
|
# <%= link_to(@profile) do %>
|
@@ -246,7 +253,7 @@ module ActionView
|
|
246
253
|
# # <input value="New" type="submit" />
|
247
254
|
# # </form>"
|
248
255
|
#
|
249
|
-
# <%= button_to "New",
|
256
|
+
# <%= button_to "New", new_article_path %>
|
250
257
|
# # => "<form method="post" action="/articles/new" class="button_to">
|
251
258
|
# # <input value="New" type="submit" />
|
252
259
|
# # </form>"
|
@@ -587,10 +594,27 @@ module ActionView
|
|
587
594
|
end
|
588
595
|
|
589
596
|
def add_method_to_attributes!(html_options, method)
|
590
|
-
if method &&
|
591
|
-
|
597
|
+
if method_not_get_method?(method) && html_options["rel"] !~ /nofollow/
|
598
|
+
if html_options["rel"].blank?
|
599
|
+
html_options["rel"] = "nofollow"
|
600
|
+
else
|
601
|
+
html_options["rel"] = "#{html_options["rel"]} nofollow"
|
602
|
+
end
|
592
603
|
end
|
593
|
-
html_options["data-method"
|
604
|
+
html_options["data-method"] = method
|
605
|
+
end
|
606
|
+
|
607
|
+
STRINGIFIED_COMMON_METHODS = {
|
608
|
+
get: "get",
|
609
|
+
delete: "delete",
|
610
|
+
patch: "patch",
|
611
|
+
post: "post",
|
612
|
+
put: "put",
|
613
|
+
}.freeze
|
614
|
+
|
615
|
+
def method_not_get_method?(method)
|
616
|
+
return false unless method
|
617
|
+
(STRINGIFIED_COMMON_METHODS[method] || method.to_s.downcase) != "get"
|
594
618
|
end
|
595
619
|
|
596
620
|
def token_tag(token = nil, form_options: {})
|