actionview 5.2.3.rc1 → 6.0.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20b55c23000cc907e0aed85f5811bec79a4d7f818e37d070acdee9e070be6424
-  data.tar.gz: 70224fb23e260c9fd5187402ea18c6a5ea89cdb147413135be64e0e514985b13
+  metadata.gz: 58d19af0e853c217ca89f2167775195c7a44ebba26e4d9a682aabeb6a25b6af4
+  data.tar.gz: 15d2c9faa90c17d33772df3ce0eacccecb090e7310af47ab1d82bca6448a2a11
 SHA512:
-  metadata.gz: a1b2b7522e79efb0c107d5d7b79b11eea20b7c72567aa6ed39e24766b47f4efd681ac3dad0f056e43036e4e960faa7e007f158cad1c00a5bd355d18a6edb721f
-  data.tar.gz: 1c774076688b21de0faf5e4de096637c0e0b05af77432c84aa9ac7082a6d2152e2e2610dbe298b99b5a89704fa2a9ea9297e29304efcf80c9fbdaf2f80f657f5
+  metadata.gz: dc169a10649b5f6cdfb8488bd16cbb7cab049081e7a6c53821cfab497e8035c7843c690e3bffcffc571bf2f610e5f2b7eee80283f622262d5ff9f1f20c8ef210
+  data.tar.gz: ed371d7bec363bafe775d5a1ed3d11a1002f96589c142c662afabc1862c71314427fc07004d0bfa4bc2ac5078f0c0b38410ccca1ee738594223a1a3a336ffa14

data/CHANGELOG.md

@@ -1,4 +1,18 @@
-## Rails 5.2.3.rc1 (March 21, 2019) ##
+## Rails 6.0.0.beta1 (January 18, 2019) ##
+
+*   Remove deprecated `image_alt` helper.
+
+    *Rafael Mendonça França*
+
+*   Fix the need of `#protect_against_forgery?` method defined in
+    `ActionView::Base` subclasses. This prevents the use of forms and buttons.
+
+    *Genadi Samokovarov*
+
+*   Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
+    Fixes #33889
+
+    *Wolfgang Hobmaier*
 
 *   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
     Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
@@ -12,28 +26,50 @@
 
     *Wolfgang Hobmaier*
 
+*   Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
+
+    For example, given input like this:
+
+    ```
+        This is a paragraph with an initial indent,
+    followed by additional lines that are not indented,
+    and finally terminated with a blockquote:
+      "A pithy saying"
+    ```
+
+    Calling `word_wrap` should not trim the indents on the first and last lines.
 
-## Rails 5.2.2.1 (March 11, 2019) ##
+    Fixes #34487
 
-*   No changes.
+    *Lyle Mullican*
 
+*   Add allocations to template rendering instrumentation.
 
-## Rails 5.2.2 (December 04, 2018) ##
+    Adds the allocations for template and partial rendering to the server output on render.
+
+    ```
+      Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
+      Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
+    Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
+    ```
 
-*   No changes.
+    *Eileen M. Uchitelle*, *Aaron Patterson*
 
+*   Respect the `only_path` option passed to `url_for` when the options are passed in as an array
 
-## Rails 5.2.1.1 (November 27, 2018) ##
+    Fixes #33237.
 
-*   No changes.
+    *Joel Ambass*
 
+*   Deprecate calling private model methods from view helpers.
 
-## Rails 5.2.1 (August 07, 2018) ##
+    For example, in methods like `options_from_collection_for_select`
+    and `collection_select` it is possible to call private methods from
+    the objects used.
 
-*   Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options
-    to HTML attributes.
+    Fixes #33546.
 
-    *Yurii Cherniavskyi*
+    *Ana María Martínez Gómez*
 
 *   Fix issue with `button_to`'s `to_form_params`
 
@@ -46,97 +82,110 @@
 
     *Georgi Georgiev*
 
-*   Fix JavaScript views rendering does not work with Firefox when using
-    Content Security Policy.
+*   Mark arrays of translations as trusted safe by using the `_html` suffix.
 
-    Fixes #32577.
+    Example:
 
-    *Yuji Yaginuma*
+        en:
+          foo_html:
+            - "One"
+            - "<strong>Two</strong>"
+            - "Three &#128075; &#128578;"
 
-*   Add the `nonce: true` option for `javascript_include_tag` helper to
-    support automatic nonce generation for Content Security Policy.
-    Works the same way as `javascript_tag nonce: true` does.
-
-    *Yaroslav Markin*
+    *Juan Broullon*
 
+*   Add `year_format` option to date_select tag. This option makes it possible to customize year
+    names. Lambda should be passed to use this option.
 
-## Rails 5.2.0 (April 09, 2018) ##
+    Example:
 
-*   Pass the `:skip_pipeline` option in `image_submit_tag` when calling `path_to_image`.
+        date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
 
-    Fixes #32248.
+    The HTML produced:
 
-    *Andrew White*
-
-*   Allow the use of callable objects as group methods for grouped selects.
-
-    Until now, the `option_groups_from_collection_for_select` method was only able to
-    handle method names as `group_method` and `group_label_method` parameters,
-    it is now able to receive procs and other callable objects too.
+        <select id="user_birthday__1i" name="user_birthday[(1i)]">
+        <option value="1998">Heisei 10</option>
+        <option value="1999">Heisei 11</option>
+        <option value="2000">Heisei 12</option>
+        </select>
+        /* The rest is omitted */
 
-    *Jérémie Bonal*
+    *Koki Ryu*
 
-*   Add `preload_link_tag` helper.
+*   Fix JavaScript views rendering does not work with Firefox when using
+    Content Security Policy.
 
-    This helper that allows to the browser to initiate early fetch of resources
-    (different to the specified in `javascript_include_tag` and `stylesheet_link_tag`).
-    Additionally, this sends Early Hints if supported by browser.
+    Fixes #32577.
 
-    *Guillermo Iguaran*
+    *Yuji Yaginuma*
 
-*   Change `form_with` to generates ids by default.
+*   Add the `nonce: true` option for `javascript_include_tag` helper to
+    support automatic nonce generation for Content Security Policy.
+    Works the same way as `javascript_tag nonce: true` does.
 
-    When `form_with` was introduced we disabled the automatic generation of ids
-    that was enabled in `form_for`. This usually is not an good idea since labels don't work
-    when the input doesn't have an id and it made harder to test with Capybara.
+    *Yaroslav Markin*
 
-    You can still disable the automatic generation of ids setting `config.action_view.form_with_generates_ids`
-    to `false.`
+*   Remove `ActionView::Helpers::RecordTagHelper`.
 
-    *Nick Pezza*
+    *Yoshiyuki Hirano*
 
-*   Fix issues with `field_error_proc` wrapping `optgroup` and select divider `option`.
+*   Disable `ActionView::Template` finalizers in test environment.
 
-    Fixes #31088
+    Template finalization can be expensive in large view test suites.
+    Add a configuration option,
+    `action_view.finalize_compiled_template_methods`, and turn it off in
+    the test environment.
 
-    *Matthias Neumayr*
+    *Simon Coffey*
 
-*   Remove deprecated Erubis ERB handler.
+*   Extract the `confirm` call in its own, overridable method in `rails_ujs`.
 
-    *Rafael Mendonça França*
+    Example:
 
-*   Remove default `alt` text generation.
+        Rails.confirm = function(message, element) {
+          return (my_bootstrap_modal_confirm(message));
+        }
 
-    Fixes #30096
+    *Mathieu Mahé*
 
-    *Cameron Cundiff*
+*   Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
+    field.
 
-*   Add `srcset` option to `image_tag` helper.
+    Example:
 
-    *Roberto Miranda*
+        select :post,
+               :category,
+               ["lifestyle", "programming", "spiritual"],
+               { selected: "", disabled: "", prompt: "Choose one" },
+               { required: true }
 
-*   Fix issues with scopes and engine on `current_page?` method.
+    Placeholder option would be selected and disabled.
 
-    Fixes #29401.
+    The HTML produced:
 
-    *Nikita Savrov*
+        <select required="required" name="post[category]" id="post_category">
+        <option disabled="disabled" selected="selected" value="">Choose one</option>
+        <option value="lifestyle">lifestyle</option>
+        <option value="programming">programming</option>
+        <option value="spiritual">spiritual</option></select>
 
-*   Generate field ids in `collection_check_boxes` and `collection_radio_buttons`.
+    *Sergey Prikhodko*
 
-    This makes sure that the labels are linked up with the fields.
+*   Don't enforce UTF-8 by default.
 
-    Fixes #29014.
+    With the disabling of TLS 1.0 by most major websites, continuing to run
+    IE8 or lower becomes increasingly difficult so default to not enforcing
+    UTF-8 encoding as it's not relevant to other browsers.
 
-    *Yuji Yaginuma*
+    *Andrew White*
 
-*   Add `:json` type to `auto_discovery_link_tag` to support [JSON Feeds](https://jsonfeed.org/version/1).
+*   Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
 
-    *Mike Gunderloy*
+    *Rui Onodera*
 
-*   Update `distance_of_time_in_words` helper to display better error messages
-    for bad input.
+*   Rails 6 requires Ruby 2.5.0 or newer.
 
-    *Jay Hayes*
+    *Jeremy Daer*, *Kasper Timm Hansen*
 
 
-Please check [5-1-stable](https://github.com/rails/rails/blob/5-1-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2018 David Heinemeier Hansson
+Copyright (c) 2004-2019 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -13,7 +13,7 @@ The latest version of Action View can be installed with RubyGems:
 
 Source code can be downloaded as part of the Rails project on GitHub:
 
-* https://github.com/rails/rails/tree/5-2-stable/actionview
+* https://github.com/rails/rails/tree/master/actionview
 
 
 == License

data/lib/action_view.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 #--
-# Copyright (c) 2004-2018 David Heinemeier Hansson
+# Copyright (c) 2004-2019 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the

data/lib/action_view/buffers.rb

@@ -3,6 +3,21 @@
 require "active_support/core_ext/string/output_safety"
 
 module ActionView
+  # Used as a buffer for views
+  #
+  # The main difference between this and ActiveSupport::SafeBuffer
+  # is for the methods `<<` and `safe_expr_append=` the inputs are
+  # checked for nil before they are assigned and `to_s` is called on
+  # the input. For example:
+  #
+  #   obuf = ActionView::OutputBuffer.new "hello"
+  #   obuf << 5
+  #   puts obuf # => "hello5"
+  #
+  #   sbuf = ActiveSupport::SafeBuffer.new "hello"
+  #   sbuf << 5
+  #   puts sbuf # => "hello\u0005"
+  #
   class OutputBuffer < ActiveSupport::SafeBuffer #:nodoc:
     def initialize(*)
       super

data/lib/action_view/context.rb

@@ -10,10 +10,11 @@ module ActionView
   # Action View contexts are supplied to Action Controller to render a template.
   # The default Action View context is ActionView::Base.
   #
-  # In order to work with ActionController, a Context must just include this module.
-  # The initialization of the variables used by the context (@output_buffer, @view_flow,
-  # and @virtual_path) is responsibility of the object that includes this module
-  # (although you can call _prepare_context defined below).
+  # In order to work with Action Controller, a Context must just include this
+  # module. The initialization of the variables used by the context
+  # (@output_buffer, @view_flow, and @virtual_path) is responsibility of the
+  # object that includes this module (although you can call _prepare_context
+  # defined below).
   module Context
     include CompiledTemplates
     attr_accessor :output_buffer, :view_flow

data/lib/action_view/digestor.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-require "concurrent/map"
 require "action_view/dependency_tracker"
-require "monitor"
 
 module ActionView
   class Digestor
@@ -20,9 +18,12 @@ module ActionView
       # * <tt>name</tt>   - Template name
       # * <tt>finder</tt>  - An instance of <tt>ActionView::LookupContext</tt>
       # * <tt>dependencies</tt>  - An array of dependent views
-      def digest(name:, finder:, dependencies: [])
-        dependencies ||= []
-        cache_key = [ name, finder.rendered_format, dependencies ].flatten.compact.join(".")
+      def digest(name:, finder:, dependencies: nil)
+        if dependencies.nil? || dependencies.empty?
+          cache_key = "#{name}.#{finder.rendered_format}"
+        else
+          cache_key = [ name, finder.rendered_format, dependencies ].flatten.compact.join(".")
+        end
 
         # this is a correctly done double-checked locking idiom
         # (Concurrent::Map's lookups have volatile semantics)
@@ -32,7 +33,7 @@ module ActionView
             root = tree(name, finder, partial)
             dependencies.each do |injected_dep|
               root.children << Injected.new(injected_dep, nil, nil)
-            end
+            end if dependencies
             finder.digest_cache[cache_key] = root.digest(finder)
           end
         end

data/lib/action_view/gem_version.rb

@@ -7,10 +7,10 @@ module ActionView
   end
 
   module VERSION
-    MAJOR = 5
-    MINOR = 2
-    TINY  = 3
-    PRE   = "rc1"
+    MAJOR = 6
+    MINOR = 0
+    TINY  = 0
+    PRE   = "beta1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers.rb

@@ -23,7 +23,6 @@ module ActionView #:nodoc:
     autoload :JavaScriptHelper, "action_view/helpers/javascript_helper"
     autoload :NumberHelper
     autoload :OutputSafetyHelper
-    autoload :RecordTagHelper
     autoload :RenderingHelper
     autoload :SanitizeHelper
     autoload :TagHelper
@@ -57,7 +56,6 @@ module ActionView #:nodoc:
     include JavaScriptHelper
     include NumberHelper
     include OutputSafetyHelper
-    include RecordTagHelper
     include RenderingHelper
     include SanitizeHelper
     include TagHelper

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -55,7 +55,7 @@ module ActionView
       #   that path.
       # * <tt>:skip_pipeline</tt>  - This option is used to bypass the asset pipeline
       #   when it is set to true.
-      # * <tt>:nonce<tt>  - When set to true, adds an automatic nonce value if
+      # * <tt>:nonce</tt>  - When set to true, adds an automatic nonce value if
       #   you have Content Security Policy enabled.
       #
       # ==== Examples
@@ -98,7 +98,7 @@ module ActionView
           if tag_options["nonce"] == true
             tag_options["nonce"] = content_security_policy_nonce
           end
-          content_tag("script".freeze, "", tag_options)
+          content_tag("script", "", tag_options)
         }.join("\n").html_safe
 
         request.send_early_hints("Link" => early_hints_links.join("\n")) if respond_to?(:request) && request
@@ -333,9 +333,9 @@ module ActionView
       #
       #   image_tag(user.avatar)
       #   # => <img src="/rails/active_storage/blobs/.../tiger.jpg" />
-      #   image_tag(user.avatar.variant(resize: "100x100"))
+      #   image_tag(user.avatar.variant(resize_to_fit: [100, 100]))
       #   # => <img src="/rails/active_storage/variants/.../tiger.jpg" />
-      #   image_tag(user.avatar.variant(resize: "100x100"), size: '100')
+      #   image_tag(user.avatar.variant(resize_to_fit: [100, 100]), size: '100')
       #   # => <img width="100" height="100" src="/rails/active_storage/variants/.../tiger.jpg" />
       def image_tag(source, options = {})
         options = options.symbolize_keys
@@ -355,29 +355,6 @@ module ActionView
         tag("img", options)
       end
 
-      # Returns a string suitable for an HTML image tag alt attribute.
-      # The +src+ argument is meant to be an image file path.
-      # The method removes the basename of the file path and the digest,
-      # if any. It also removes hyphens and underscores from file names and
-      # replaces them with spaces, returning a space-separated, titleized
-      # string.
-      #
-      # ==== Examples
-      #
-      #   image_alt('rails.png')
-      #   # => Rails
-      #
-      #   image_alt('hyphenated-file-name.png')
-      #   # => Hyphenated file name
-      #
-      #   image_alt('underscored_file_name.png')
-      #   # => Underscored file name
-      def image_alt(src)
-        ActiveSupport::Deprecation.warn("image_alt is deprecated and will be removed from Rails 6.0. You must explicitly set alt text on images.")
-
-        File.basename(src, ".*".freeze).sub(/-[[:xdigit:]]{32,64}\z/, "".freeze).tr("-_".freeze, " ".freeze).capitalize
-      end
-
       # Returns an HTML video tag for the +sources+. If +sources+ is a string,
       # a single video tag will be returned. If +sources+ is an array, a video
       # tag with nested source tags for each source will be returned. The

data/lib/action_view/helpers/asset_url_helper.rb

@@ -98,8 +98,9 @@ module ActionView
     # have SSL certificates for each of the asset hosts this technique allows you
     # to avoid warnings in the client about mixed media.
     # Note that the +request+ parameter might not be supplied, e.g. when the assets
-    # are precompiled via a Rake task. Make sure to use a +Proc+ instead of a lambda,
-    # since a +Proc+ allows missing parameters and sets them to +nil+.
+    # are precompiled with the command `rails assets:precompile`. Make sure to use a
+    # +Proc+ instead of a lambda, since a +Proc+ allows missing parameters and sets them
+    # to +nil+.
     #
     #   config.action_controller.asset_host = Proc.new { |source, request|
     #     if request && request.ssl?
@@ -187,7 +188,7 @@ module ActionView
         return "" if source.blank?
         return source if URI_REGEXP.match?(source)
 
-        tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "".freeze)
+        tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "")
 
         if extname = compute_asset_extname(source, options)
           source = "#{source}#{extname}"