actionview 5.2.4.4 → 6.0.0.beta1

data/lib/action_view/helpers/form_options_helper.rb

@@ -16,7 +16,7 @@ module ActionView
     #
     # * <tt>:include_blank</tt> - set to true or a prompt string if the first option element of the select element is a blank. Useful if there is not a default value required for the select element.
     #
-    #     select("post", "category", Post::CATEGORIES, {include_blank: true})
+    #     select("post", "category", Post::CATEGORIES, { include_blank: true })
     #
     #   could become:
     #
@@ -30,7 +30,7 @@ module ActionView
     #
     #   Example with <tt>@post.person_id => 2</tt>:
     #
-    #     select("post", "person_id", Person.all.collect {|p| [ p.name, p.id ] }, {include_blank: 'None'})
+    #     select("post", "person_id", Person.all.collect { |p| [ p.name, p.id ] }, { include_blank: 'None' })
     #
     #   could become:
     #
@@ -43,7 +43,7 @@ module ActionView
     #
     # * <tt>:prompt</tt> - set to true or a prompt string. When the select element doesn't have a value yet, this prepends an option with a generic prompt -- "Please select" -- or the given prompt string.
     #
-    #     select("post", "person_id", Person.all.collect {|p| [ p.name, p.id ] }, {prompt: 'Select Person'})
+    #     select("post", "person_id", Person.all.collect { |p| [ p.name, p.id ] }, { prompt: 'Select Person' })
     #
     #   could become:
     #
@@ -69,7 +69,7 @@ module ActionView
     #
     # * <tt>:disabled</tt> - can be a single value or an array of values that will be disabled options in the final output.
     #
-    #     select("post", "category", Post::CATEGORIES, {disabled: 'restricted'})
+    #     select("post", "category", Post::CATEGORIES, { disabled: 'restricted' })
     #
     #   could become:
     #
@@ -82,7 +82,7 @@ module ActionView
     #
     #   When used with the <tt>collection_select</tt> helper, <tt>:disabled</tt> can also be a Proc that identifies those options that should be disabled.
     #
-    #     collection_select(:post, :category_id, Category.all, :id, :name, {disabled: -> (category) { category.archived? }})
+    #     collection_select(:post, :category_id, Category.all, :id, :name, { disabled: -> (category) { category.archived? } })
     #
     #   If the categories "2008 stuff" and "Christmas" return true when the method <tt>archived?</tt> is called, this would return:
     #     <select name="post[category_id]" id="post_category_id">
@@ -107,7 +107,7 @@ module ActionView
       #
       # For example:
       #
-      #   select("post", "person_id", Person.all.collect {|p| [ p.name, p.id ] }, { include_blank: true })
+      #   select("post", "person_id", Person.all.collect { |p| [ p.name, p.id ] }, { include_blank: true })
       #
       # would become:
       #
@@ -323,12 +323,12 @@ module ActionView
       #
       # You can optionally provide HTML attributes as the last element of the array.
       #
-      #   options_for_select([ "Denmark", ["USA", {class: 'bold'}], "Sweden" ], ["USA", "Sweden"])
+      #   options_for_select([ "Denmark", ["USA", { class: 'bold' }], "Sweden" ], ["USA", "Sweden"])
       #   # => <option value="Denmark">Denmark</option>
       #   # => <option value="USA" class="bold" selected="selected">USA</option>
       #   # => <option value="Sweden" selected="selected">Sweden</option>
       #
-      #   options_for_select([["Dollar", "$", {class: "bold"}], ["Kroner", "DKK", {onclick: "alert('HI');"}]])
+      #   options_for_select([["Dollar", "$", { class: "bold" }], ["Kroner", "DKK", { onclick: "alert('HI');" }]])
       #   # => <option value="$" class="bold">Dollar</option>
       #   # => <option value="DKK" onclick="alert('HI');">Kroner</option>
       #
@@ -463,7 +463,7 @@ module ActionView
           option_tags = options_from_collection_for_select(
             value_for_collection(group, group_method), option_key_method, option_value_method, selected_key)
 
-          content_tag("optgroup".freeze, option_tags, label: value_for_collection(group, group_label_method))
+          content_tag("optgroup", option_tags, label: value_for_collection(group, group_label_method))
         end.join.html_safe
       end
 
@@ -535,7 +535,7 @@ module ActionView
         body = "".html_safe
 
         if prompt
-          body.safe_concat content_tag("option".freeze, prompt_text(prompt), value: "")
+          body.safe_concat content_tag("option", prompt_text(prompt), value: "")
         end
 
         grouped_options.each do |container|
@@ -548,7 +548,7 @@ module ActionView
           end
 
           html_attributes = { label: label }.merge!(html_attributes)
-          body.safe_concat content_tag("optgroup".freeze, options_for_select(container, selected_key), html_attributes)
+          body.safe_concat content_tag("optgroup", options_for_select(container, selected_key), html_attributes)
         end
 
         body
@@ -584,7 +584,7 @@ module ActionView
           end
 
           zone_options.safe_concat options_for_select(convert_zones[priority_zones], selected)
-          zone_options.safe_concat content_tag("option".freeze, "-------------", value: "", disabled: true)
+          zone_options.safe_concat content_tag("option", "-------------", value: "", disabled: true)
           zone_options.safe_concat "\n"
 
           zones = zones - priority_zones
@@ -654,7 +654,7 @@ module ActionView
       #
       # ==== Gotcha
       #
-      # The HTML specification says when nothing is select on a collection of radio buttons
+      # The HTML specification says when nothing is selected on a collection of radio buttons
       # web browsers do not send any value to server.
       # Unfortunately this introduces a gotcha:
       # if a +User+ model has a +category_id+ field and in the form no category is selected, no +category_id+ parameter is sent. So,
@@ -794,7 +794,7 @@ module ActionView
         def extract_values_from_collection(collection, value_method, selected)
           if selected.is_a?(Proc)
             collection.map do |element|
-              element.send(value_method) if selected.call(element)
+              public_or_deprecated_send(element, value_method) if selected.call(element)
             end.compact
           else
             selected
@@ -802,7 +802,15 @@ module ActionView
         end
 
         def value_for_collection(item, value)
-          value.respond_to?(:call) ? value.call(item) : item.send(value)
+          value.respond_to?(:call) ? value.call(item) : public_or_deprecated_send(item, value)
+        end
+
+        def public_or_deprecated_send(item, value)
+          item.public_send(value)
+        rescue NoMethodError
+          raise unless item.respond_to?(value, true) && !item.respond_to?(value)
+          ActiveSupport::Deprecation.warn "Using private methods from view helpers is deprecated (calling private #{item.class}##{value})"
+          item.send(value)
         end
 
         def prompt_text(prompt)

data/lib/action_view/helpers/form_tag_helper.rb

@@ -22,6 +22,8 @@ module ActionView
       mattr_accessor :embed_authenticity_token_in_remote_forms
       self.embed_authenticity_token_in_remote_forms = nil
 
+      mattr_accessor :default_enforce_utf8, default: true
+
       # Starts a form tag that points the action to a url configured with <tt>url_for_options</tt> just like
       # ActionController::Base#url_for. The method for the form defaults to POST.
       #
@@ -144,15 +146,15 @@ module ActionView
           end
 
           if include_blank
-            option_tags = content_tag("option".freeze, include_blank, options_for_blank_options_tag).safe_concat(option_tags)
+            option_tags = content_tag("option", include_blank, options_for_blank_options_tag).safe_concat(option_tags)
           end
         end
 
         if prompt = options.delete(:prompt)
-          option_tags = content_tag("option".freeze, prompt, value: "").safe_concat(option_tags)
+          option_tags = content_tag("option", prompt, value: "").safe_concat(option_tags)
         end
 
-        content_tag "select".freeze, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
+        content_tag "select", option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
       end
 
       # Creates a standard text field; use these text fields to input smaller chunks of text like a username
@@ -163,8 +165,6 @@ module ActionView
       # * <tt>:size</tt> - The number of visible characters that will fit in the input.
       # * <tt>:maxlength</tt> - The maximum number of characters that the browser will allow the user to enter.
       # * <tt>:placeholder</tt> - The text contained in the field by default which is removed when the field receives focus.
-      #   If set to true, use a translation is found in the current I18n locale
-      #   (through helpers.placeholders.<modelname>.<attribute>).
       # * Any other key creates standard HTML attributes for the tag.
       #
       # ==== Examples
@@ -389,8 +389,8 @@ module ActionView
       # * Any other key creates standard HTML options for the tag.
       #
       # ==== Examples
-      #   radio_button_tag 'gender', 'male'
-      #   # => <input id="gender_male" name="gender" type="radio" value="male" />
+      #   radio_button_tag 'favorite_color', 'maroon'
+      #   # => <input id="favorite_color_maroon" name="favorite_color" type="radio" value="maroon" />
       #
       #   radio_button_tag 'receive_updates', 'no', true
       #   # => <input checked="checked" id="receive_updates_no" name="receive_updates" type="radio" value="no" />
@@ -577,7 +577,7 @@ module ActionView
       #   # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset>
       def field_set_tag(legend = nil, options = nil, &block)
         output = tag(:fieldset, options, true)
-        output.safe_concat(content_tag("legend".freeze, legend)) unless legend.blank?
+        output.safe_concat(content_tag("legend", legend)) unless legend.blank?
         output.concat(capture(&block)) if block_given?
         output.safe_concat("</fieldset>")
       end
@@ -869,7 +869,7 @@ module ActionView
               })
             end
 
-          if html_options.delete("enforce_utf8") { true }
+          if html_options.delete("enforce_utf8") { default_enforce_utf8 }
             utf8_enforcer_tag + method_tag
           else
             method_tag

data/lib/action_view/helpers/javascript_helper.rb

@@ -12,13 +12,11 @@ module ActionView
         "\n"    => '\n',
         "\r"    => '\n',
         '"'     => '\\"',
-        "'"     => "\\'",
-        "`"     => "\\`",
-        "$"     => "\\$"
+        "'"     => "\\'"
       }
 
-      JS_ESCAPE_MAP["\342\200\250".dup.force_encoding(Encoding::UTF_8).encode!] = "
"
-      JS_ESCAPE_MAP["\342\200\251".dup.force_encoding(Encoding::UTF_8).encode!] = "
"
+      JS_ESCAPE_MAP[(+"\342\200\250").force_encoding(Encoding::UTF_8).encode!] = "
"
+      JS_ESCAPE_MAP[(+"\342\200\251").force_encoding(Encoding::UTF_8).encode!] = "
"
 
       # Escapes carriage returns and single and double quotes for JavaScript segments.
       #
@@ -27,12 +25,13 @@ module ActionView
       #
       #   $('some_element').replaceWith('<%= j render 'some/element_template' %>');
       def escape_javascript(javascript)
-        if javascript
-          result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) { |match| JS_ESCAPE_MAP[match] }
-          javascript.html_safe? ? result.html_safe : result
+        javascript = javascript.to_s
+        if javascript.empty?
+          result = ""
         else
-          ""
+          result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] }
         end
+        javascript.html_safe? ? result.html_safe : result
       end
 
       alias_method :j, :escape_javascript
@@ -67,7 +66,7 @@ module ActionView
       #   <% end -%>
       #
       # If you have a content security policy enabled then you can add an automatic
-      # nonce value by passing +nonce: true+ as part of +html_options+. Example:
+      # nonce value by passing <tt>nonce: true</tt> as part of +html_options+. Example:
       #
       #   <%= javascript_tag nonce: true do -%>
       #     alert('All is good')
@@ -85,7 +84,7 @@ module ActionView
           html_options[:nonce] = content_security_policy_nonce
         end
 
-        content_tag("script".freeze, javascript_cdata_section(content), html_options)
+        content_tag("script", javascript_cdata_section(content), html_options)
       end
 
       def javascript_cdata_section(content) #:nodoc:

data/lib/action_view/helpers/number_helper.rb

@@ -100,6 +100,9 @@ module ActionView
       #   absolute value of the number.
       # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
       #   the argument is invalid.
+      # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+      #   insignificant zeros after the decimal separator (defaults to
+      #   +false+).
       #
       # ==== Examples
       #
@@ -117,6 +120,8 @@ module ActionView
       #   # => R$1234567890,50
       #   number_to_currency(1234567890.50, unit: "R$", separator: ",", delimiter: "", format: "%n %u")
       #   # => 1234567890,50 R$
+      #   number_to_currency(1234567890.50, strip_insignificant_zeros: true)
+      #   # => "$1,234,567,890.5"
       def number_to_currency(number, options = {})
         delegate_number_helper_method(:number_to_currency, number, options)
       end

data/lib/action_view/helpers/sanitize_helper.rb

@@ -10,7 +10,7 @@ module ActionView
     # These helper methods extend Action View making them callable within your template files.
     module SanitizeHelper
       extend ActiveSupport::Concern
-      # Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted.
+      # Sanitizes HTML input, stripping all but known-safe tags and attributes.
       #
       # It also strips href/src attributes with unsafe protocols like
       # <tt>javascript:</tt>, while also protecting against attempts to use Unicode,
@@ -40,7 +40,7 @@ module ActionView
       #
       #   <%= sanitize @comment.body %>
       #
-      # Providing custom whitelisted tags and attributes:
+      # Providing custom lists of permitted tags and attributes:
       #
       #   <%= sanitize @comment.body, tags: %w(strong em a), attributes: %w(href) %>
       #
@@ -126,7 +126,7 @@ module ActionView
         attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer
 
         # Vendors the full, link and white list sanitizers.
-        # Provided strictly for compatibility and can be removed in Rails 5.1.
+        # Provided strictly for compatibility and can be removed in Rails 6.
         def sanitizer_vendor
           Rails::Html::Sanitizer
         end

data/lib/action_view/helpers/tag_helper.rb

@@ -58,7 +58,7 @@ module ActionView
 
         def tag_options(options, escape = true)
           return if options.blank?
-          output = "".dup
+          output = +""
           sep    = " "
           options.each_pair do |key, value|
             if TAG_PREFIXES.include?(key) && value.is_a?(Hash)
@@ -86,11 +86,12 @@ module ActionView
 
         def tag_option(key, value, escape)
           if value.is_a?(Array)
-            value = escape ? safe_join(value, " ".freeze) : value.join(" ".freeze)
+            value = escape ? safe_join(value, " ") : value.join(" ")
           else
-            value = escape ? ERB::Util.unwrapped_html_escape(value) : value.to_s
+            value = escape ? ERB::Util.unwrapped_html_escape(value) : value.to_s.dup
           end
-          %(#{key}="#{value.gsub('"'.freeze, '"'.freeze)}")
+          value.gsub!('"', """)
+          %(#{key}="#{value}")
         end
 
         private
@@ -227,10 +228,10 @@ module ActionView
       #   tag("img", src: "open & shut.png")
       #   # => <img src="open &amp; shut.png" />
       #
-      #   tag("img", {src: "open &amp; shut.png"}, false, false)
+      #   tag("img", { src: "open &amp; shut.png" }, false, false)
       #   # => <img src="open &amp; shut.png" />
       #
-      #   tag("div", data: {name: 'Stephen', city_state: %w(Chicago IL)})
+      #   tag("div", data: { name: 'Stephen', city_state: %w(Chicago IL) })
       #   # => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
       def tag(name = nil, options = nil, open = false, escape = true)
         if name.nil?

data/lib/action_view/helpers/tags/base.rb

@@ -109,11 +109,11 @@ module ActionView
             # a little duplication to construct less strings
             case
             when @object_name.empty?
-              "#{sanitized_method_name}#{"[]" if multiple}"
+              "#{sanitized_method_name}#{multiple ? "[]" : ""}"
             when index
-              "#{@object_name}[#{index}][#{sanitized_method_name}]#{"[]" if multiple}"
+              "#{@object_name}[#{index}][#{sanitized_method_name}]#{multiple ? "[]" : ""}"
             else
-              "#{@object_name}[#{sanitized_method_name}]#{"[]" if multiple}"
+              "#{@object_name}[#{sanitized_method_name}]#{multiple ? "[]" : ""}"
             end
           end
 
@@ -170,7 +170,11 @@ module ActionView
               option_tags = tag_builder.content_tag_string("option", options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, value: "") + "\n" + option_tags
             end
             if value.blank? && options[:prompt]
-              option_tags = tag_builder.content_tag_string("option", prompt_text(options[:prompt]), value: "") + "\n" + option_tags
+              tag_options = { value: "" }.tap do |prompt_opts|
+                prompt_opts[:disabled] = true if options[:disabled] == ""
+                prompt_opts[:selected] = true if options[:selected] == ""
+              end
+              option_tags = tag_builder.content_tag_string("option", prompt_text(options[:prompt]), tag_options) + "\n" + option_tags
             end
             option_tags
           end

data/lib/action_view/helpers/tags/color_field.rb

@@ -15,7 +15,7 @@ module ActionView
 
           def validate_color_string(string)
             regex = /#[0-9a-fA-F]{6}/
-            if regex.match(string)
+            if regex.match?(string)
               string.downcase
             else
               "#000000"

data/lib/action_view/helpers/tags/translator.rb

@@ -16,13 +16,8 @@ module ActionView
           translated_attribute || human_attribute_name
         end
 
-        # TODO Change this to private once we've dropped Ruby 2.2 support.
-        # Workaround for Ruby 2.2 "private attribute?" warning.
-        protected
-
-          attr_reader :object_name, :method_and_value, :scope, :model
-
         private
+          attr_reader :object_name, :method_and_value, :scope, :model
 
           def i18n_default
             if model

data/lib/action_view/helpers/text_helper.rb

@@ -188,7 +188,7 @@ module ActionView
 
         unless separator.empty?
           text.split(separator).each do |value|
-            if value.match(regex)
+            if value.match?(regex)
               phrase = value
               break
             end
@@ -228,7 +228,7 @@ module ActionView
       #   pluralize(2, 'Person', locale: :de)
       #   # => 2 Personen
       def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale)
-        word = if (count == 1 || count.to_s =~ /^1(\.0+)?$/)
+        word = if count == 1 || count.to_s =~ /^1(\.0+)?$/
           singular
         else
           plural || singular.pluralize(locale)
@@ -259,7 +259,7 @@ module ActionView
       #   # => Once\r\nupon\r\na\r\ntime
       def word_wrap(text, line_width: 80, break_sequence: "\n")
         text.split("\n").collect! do |line|
-          line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1#{break_sequence}").strip : line
+          line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1#{break_sequence}").rstrip : line
         end * break_sequence
       end
 

data/lib/action_view/helpers/translation_helper.rb

@@ -59,11 +59,9 @@ module ActionView
       # they can provide HTML values for.
       def translate(key, options = {})
         options = options.dup
-        has_default = options.has_key?(:default)
-        remaining_defaults = Array(options.delete(:default)).compact
-
-        if has_default && !remaining_defaults.first.kind_of?(Symbol)
-          options[:default] = remaining_defaults
+        if options.has_key?(:default)
+          remaining_defaults = Array(options.delete(:default)).compact
+          options[:default] = remaining_defaults unless remaining_defaults.first.kind_of?(Symbol)
         end
 
         # If the user has explicitly decided to NOT raise errors, pass that option to I18n.
@@ -79,19 +77,14 @@ module ActionView
 
         if html_safe_translation_key?(key)
           html_safe_options = options.dup
-
           options.except(*I18n::RESERVED_KEYS).each do |name, value|
             unless name == :count && value.is_a?(Numeric)
               html_safe_options[name] = ERB::Util.html_escape(value.to_s)
             end
           end
-
-          html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank?
-
           translation = I18n.translate(scope_key_by_partial(key), html_safe_options.merge(raise: i18n_raise))
-
-          if translation.equal?(MISSING_TRANSLATION)
-            options[:default].first
+          if translation.respond_to?(:map)
+            translation.map { |element| element.respond_to?(:html_safe) ? element.html_safe : element }
           else
             translation.respond_to?(:html_safe) ? translation.html_safe : translation
           end
@@ -105,7 +98,7 @@ module ActionView
           raise e if raise_error
 
           keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope])
-          title = "translation missing: #{keys.join('.')}".dup
+          title = +"translation missing: #{keys.join('.')}"
 
           interpolations = options.except(:default, :scope)
           if interpolations.any?
@@ -129,13 +122,13 @@ module ActionView
       alias :l :localize
 
       private
-        MISSING_TRANSLATION = Object.new
-        private_constant :MISSING_TRANSLATION
-
         def scope_key_by_partial(key)
-          if key.to_s.first == "."
+          stringified_key = key.to_s
+          if stringified_key.first == "."
             if @virtual_path
-              @virtual_path.gsub(%r{/_?}, ".") + key.to_s
+              @_scope_key_by_partial_cache ||= {}
+              @_scope_key_by_partial_cache[@virtual_path] ||= @virtual_path.gsub(%r{/_?}, ".")
+              "#{@_scope_key_by_partial_cache[@virtual_path]}#{stringified_key}"
             else
               raise "Cannot use t(#{key.inspect}) shortcut because path is not available"
             end