actionview 5.2.4.4 → 6.0.0.beta1

data/lib/action_view/template/handlers/erb.rb

@@ -14,7 +14,17 @@ module ActionView
         class_attribute :erb_implementation, default: Erubi
 
         # Do not escape templates of these mime types.
-        class_attribute :escape_whitelist, default: ["text/plain"]
+        class_attribute :escape_ignore_list, default: ["text/plain"]
+
+        [self, singleton_class].each do |base|
+          base.alias_method :escape_whitelist, :escape_ignore_list
+          base.alias_method :escape_whitelist=, :escape_ignore_list=
+
+          base.deprecate(
+            escape_whitelist: "use #escape_ignore_list instead",
+            :escape_whitelist= => "use #escape_ignore_list= instead"
+          )
+        end
 
         ENCODING_TAG = Regexp.new("\\A(<%#{ENCODING_FLAG}-?%>)[ \\t]*")
 
@@ -47,7 +57,7 @@ module ActionView
 
           self.class.erb_implementation.new(
             erb,
-            escape: (self.class.escape_whitelist.include? template.type),
+            escape: (self.class.escape_ignore_list.include? template.type),
             trim: (self.class.erb_trim_mode == "-")
           ).src
         end

data/lib/action_view/template/resolver.rb

@@ -16,7 +16,7 @@ module ActionView
       alias_method :partial?, :partial
 
       def self.build(name, prefix, partial)
-        virtual = "".dup
+        virtual = +""
         virtual << "#{prefix}/" unless prefix.empty?
         virtual << (partial ? "_#{name}" : name)
         new name, prefix, partial, virtual
@@ -221,9 +221,7 @@ module ActionView
       end
 
       def query(path, details, formats, outside_app_allowed)
-        query = build_query(path, details)
-
-        template_paths = find_template_paths(query)
+        template_paths = find_template_paths_from_details(path, details)
         template_paths = reject_files_external_to_app(template_paths) unless outside_app_allowed
 
         template_paths.map do |template|
@@ -243,6 +241,11 @@ module ActionView
         files.reject { |filename| !inside_path?(@path, filename) }
       end
 
+      def find_template_paths_from_details(path, details)
+        query = build_query(path, details)
+        find_template_paths(query)
+      end
+
       def find_template_paths(query)
         Dir[query].uniq.reject do |filename|
           File.directory?(filename) ||
@@ -279,7 +282,7 @@ module ActionView
       end
 
       def escape_entry(entry)
-        entry.gsub(/[*?{}\[\]]/, '\\\\\\&'.freeze)
+        entry.gsub(/[*?{}\[\]]/, '\\\\\\&')
       end
 
       # Returns the file mtime from the filesystem.
@@ -291,7 +294,7 @@ module ActionView
       # from the path, or the handler, we should return the array of formats given
       # to the resolver.
       def extract_handler_and_format_and_variant(path)
-        pieces = File.basename(path).split(".".freeze)
+        pieces = File.basename(path).split(".")
         pieces.shift
 
         extension = pieces.pop
@@ -362,19 +365,56 @@ module ActionView
 
   # An Optimized resolver for Rails' most common case.
   class OptimizedFileSystemResolver < FileSystemResolver #:nodoc:
-    def build_query(path, details)
-      query = escape_entry(File.join(@path, path))
+    private
 
-      exts = EXTENSIONS.map do |ext, prefix|
-        if ext == :variants && details[ext] == :any
-          "{#{prefix}*,}"
-        else
-          "{#{details[ext].compact.uniq.map { |e| "#{prefix}#{e}," }.join}}"
+      def find_template_paths_from_details(path, details)
+        # Instead of checking for every possible path, as our other globs would
+        # do, scan the directory for files with the right prefix.
+        query = "#{escape_entry(File.join(@path, path))}*"
+
+        regex = build_regex(path, details)
+
+        Dir[query].uniq.reject do |filename|
+          # This regex match does double duty of finding only files which match
+          # details (instead of just matching the prefix) and also filtering for
+          # case-insensitive file systems.
+          !regex.match?(filename) ||
+            File.directory?(filename)
+        end.sort_by do |filename|
+          # Because we scanned the directory, instead of checking for files
+          # one-by-one, they will be returned in an arbitrary order.
+          # We can use the matches found by the regex and sort by their index in
+          # details.
+          match = filename.match(regex)
+          EXTENSIONS.keys.reverse.map do |ext|
+            if ext == :variants && details[ext] == :any
+              match[ext].nil? ? 0 : 1
+            elsif match[ext].nil?
+              # No match should be last
+              details[ext].length
+            else
+              found = match[ext].to_sym
+              details[ext].index(found)
+            end
+          end
         end
-      end.join
+      end
 
-      query + exts
-    end
+      def build_regex(path, details)
+        query = escape_entry(File.join(@path, path))
+        exts = EXTENSIONS.map do |ext, prefix|
+          match =
+            if ext == :variants && details[ext] == :any
+              ".*?"
+            else
+              details[ext].compact.uniq.map { |e| Regexp.escape(e) }.join("|")
+            end
+          prefix = Regexp.escape(prefix)
+          "(#{prefix}(?<#{ext}>#{match}))?"
+        end.join
+
+        %r{\A#{query}#{exts}\z}
+      end
   end
 
   # The same as FileSystemResolver but does not allow templates to store

data/lib/action_view/test_case.rb

@@ -107,7 +107,7 @@ module ActionView
         # empty string ensures buffer has UTF-8 encoding as
         # new without arguments returns ASCII-8BIT encoded buffer like String#new
         @output_buffer = ActiveSupport::SafeBuffer.new ""
-        @rendered = "".dup
+        @rendered = +""
 
         make_test_case_available_to_view!
         say_no_to_protect_against_forgery!

data/lib/action_view/testing/resolvers.rb

@@ -22,7 +22,7 @@ module ActionView #:nodoc:
     private
 
       def query(path, exts, _, _)
-        query = "".dup
+        query = +""
         EXTENSIONS.each_key do |ext|
           query << "(" << exts[ext].map { |e| e && Regexp.escape(".#{e}") }.join("|") << "|)"
         end

data/lib/assets/compiled/rails-ujs.js

@@ -2,7 +2,7 @@
 Unobtrusive JavaScript
 https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts
 Released under the MIT license
- */;
+ */
 
 (function() {
   var context = this;
@@ -32,17 +32,12 @@ Released under the MIT license
 
   (function() {
     (function() {
-      var nonce;
+      var cspNonce;
 
-      nonce = null;
-
-      Rails.loadCSPNonce = function() {
-        var ref;
-        return nonce = (ref = document.querySelector("meta[name=csp-nonce]")) != null ? ref.content : void 0;
-      };
-
-      Rails.cspNonce = function() {
-        return nonce != null ? nonce : Rails.loadCSPNonce();
+      cspNonce = Rails.cspNonce = function() {
+        var meta;
+        meta = document.querySelector('meta[name=csp-nonce]');
+        return meta && meta.content;
       };
 
     }).call(this);
@@ -247,8 +242,8 @@ Released under the MIT license
         }
         if (!options.crossDomain) {
           xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
-          CSRFProtection(xhr);
         }
+        CSRFProtection(xhr);
         xhr.withCredentials = !!options.withCredentials;
         xhr.onreadystatechange = function() {
           if (xhr.readyState === XMLHttpRequest.DONE) {
@@ -270,7 +265,7 @@ Released under the MIT license
             script.setAttribute('nonce', cspNonce());
             script.text = response;
             document.head.appendChild(script).parentNode.removeChild(script);
-          } else if (type.match(/\b(xml|html|svg)\b/)) {
+          } else if (type.match(/\bxml\b/)) {
             parser = new DOMParser();
             type = type.replace(/;.+/, '');
             try {
@@ -370,6 +365,10 @@ Released under the MIT license
         }
       };
 
+      Rails.confirm = function(message, element) {
+        return confirm(message);
+      };
+
       allowAction = function(element) {
         var answer, callback, message;
         message = element.getAttribute('data-confirm');
@@ -379,7 +378,7 @@ Released under the MIT license
         answer = false;
         if (fire(element, 'confirm')) {
           try {
-            answer = confirm(message);
+            answer = Rails.confirm(message, element);
           } catch (error) {}
           callback = fire(element, 'confirm:complete', [answer]);
         }
@@ -388,7 +387,7 @@ Released under the MIT license
 
     }).call(this);
     (function() {
-      var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, matches, setData, stopEverything;
+      var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isXhrRedirect, matches, setData, stopEverything;
 
       matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements;
 
@@ -402,7 +401,14 @@ Released under the MIT license
 
       Rails.enableElement = function(e) {
         var element;
-        element = e instanceof Event ? e.target : e;
+        if (e instanceof Event) {
+          if (isXhrRedirect(e)) {
+            return;
+          }
+          element = e.target;
+        } else {
+          element = e;
+        }
         if (matches(element, Rails.linkDisableSelector)) {
           return enableLinkElement(element);
         } else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formEnableSelector)) {
@@ -426,6 +432,9 @@ Released under the MIT license
 
       disableLinkElement = function(element) {
         var replacement;
+        if (getData(element, 'ujs:disabled')) {
+          return;
+        }
         replacement = element.getAttribute('data-disable-with');
         if (replacement != null) {
           setData(element, 'ujs:enable-with', element.innerHTML);
@@ -452,6 +461,9 @@ Released under the MIT license
 
       disableFormElement = function(element) {
         var replacement;
+        if (getData(element, 'ujs:disabled')) {
+          return;
+        }
         replacement = element.getAttribute('data-disable-with');
         if (replacement != null) {
           if (matches(element, 'button')) {
@@ -485,6 +497,12 @@ Released under the MIT license
         return setData(element, 'ujs:disabled', null);
       };
 
+      isXhrRedirect = function(event) {
+        var ref, xhr;
+        xhr = (ref = event.detail) != null ? ref[0] : void 0;
+        return (xhr != null ? xhr.getResponseHeader("X-Xhr-Redirect") : void 0) != null;
+      };
+
     }).call(this);
     (function() {
       var stopEverything;
@@ -622,23 +640,23 @@ Released under the MIT license
       };
 
       Rails.preventInsignificantClick = function(e) {
-        var data, insignificantMetaClick, link, metaClick, method, nonPrimaryMouseClick;
+        var data, insignificantMetaClick, link, metaClick, method, primaryMouseKey;
         link = this;
         method = (link.getAttribute('data-method') || 'GET').toUpperCase();
         data = link.getAttribute('data-params');
         metaClick = e.metaKey || e.ctrlKey;
         insignificantMetaClick = metaClick && method === 'GET' && !data;
-        nonPrimaryMouseClick = (e.button != null) && e.button !== 0;
-        if (nonPrimaryMouseClick || insignificantMetaClick) {
+        primaryMouseKey = e.button === 0;
+        if (!primaryMouseKey || insignificantMetaClick) {
           return e.stopImmediatePropagation();
         }
       };
 
     }).call(this);
     (function() {
-      var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMethod, handleRemote, loadCSPNonce, preventInsignificantClick, refreshCSRFTokens;
+      var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMethod, handleRemote, preventInsignificantClick, refreshCSRFTokens;
 
-      fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, loadCSPNonce = Rails.loadCSPNonce, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, preventInsignificantClick = Rails.preventInsignificantClick, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMethod = Rails.handleMethod;
+      fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, preventInsignificantClick = Rails.preventInsignificantClick, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMethod = Rails.handleMethod;
 
       if ((typeof jQuery !== "undefined" && jQuery !== null) && (jQuery.ajax != null)) {
         if (jQuery.rails) {
@@ -701,7 +719,6 @@ Released under the MIT license
         delegate(document, Rails.formInputClickSelector, 'click', handleConfirm);
         delegate(document, Rails.formInputClickSelector, 'click', formSubmitButtonClick);
         document.addEventListener('DOMContentLoaded', refreshCSRFTokens);
-        document.addEventListener('DOMContentLoaded', loadCSPNonce);
         return window._rails_loaded = true;
       };
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 5.2.4.4
+  version: 6.0.0.beta1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-09 00:00:00.000000000 Z
+date: 2019-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.4.4
+        version: 6.0.0.beta1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -149,7 +149,6 @@ files:
 - lib/action_view/helpers/javascript_helper.rb
 - lib/action_view/helpers/number_helper.rb
 - lib/action_view/helpers/output_safety_helper.rb
-- lib/action_view/helpers/record_tag_helper.rb
 - lib/action_view/helpers/rendering_helper.rb
 - lib/action_view/helpers/sanitize_helper.rb
 - lib/action_view/helpers/tag_helper.rb
@@ -230,8 +229,8 @@ homepage: http://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.4.4/actionview
-  changelog_uri: https://github.com/rails/rails/blob/v5.2.4.4/actionview/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v6.0.0.beta1/actionview
+  changelog_uri: https://github.com/rails/rails/blob/v6.0.0.beta1/actionview/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -240,15 +239,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
-rubygems_version: 3.1.2
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).

data/lib/action_view/helpers/record_tag_helper.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module ActionView
-  module Helpers #:nodoc:
-    module RecordTagHelper
-      def div_for(*) # :nodoc:
-        raise NoMethodError, "The `div_for` method has been removed from " \
-          "Rails. To continue using it, add the `record_tag_helper` gem to " \
-          "your Gemfile:\n" \
-          "  gem 'record_tag_helper', '~> 1.0'\n" \
-          "Consult the Rails upgrade guide for details."
-      end
-
-      def content_tag_for(*) # :nodoc:
-        raise NoMethodError, "The `content_tag_for` method has been removed from " \
-          "Rails. To continue using it, add the `record_tag_helper` gem to " \
-          "your Gemfile:\n" \
-          "  gem 'record_tag_helper', '~> 1.0'\n" \
-          "Consult the Rails upgrade guide for details."
-      end
-    end
-  end
-end