actionview 5.2.8.1 → 6.0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a732cbd8a2b766ebf37e375ffd2f97c71760de86cb46d9a70702896d07aeb73
-  data.tar.gz: d76fb4ed63f24c3e6b09b576fe3b945b7eb436059cb703e241da7d7d9343cf90
+  metadata.gz: 85ed7f3786ca26616ab0484acdfe55d872c9d8bd1951ecc417d4112909e3d596
+  data.tar.gz: 1219bad150f3ced43cd4527b60b392607d1506c502ec866b15c66887f183b703
 SHA512:
-  metadata.gz: 69feb0b2c271b42c17c0bc55d0cee3f857aa4a177fe9e27edaf9a5cc101b2a92b5eb0cb678d89c7ea1f40fa1a1c28a6288c2ee9e5dee16db0859777259fce137
-  data.tar.gz: a04fc509175c93512d6517742c283d617749b1498a422c05a6ab02da17ce0042e33011176c83b97e48638f7e2750921d04fd8855bbfb6fc29a1cb1bbbd63bf8b
+  metadata.gz: 785a601e59d00518c26fa3b5714e930c9747131443a980b9f05d8230453f9b5e62e3b54995eeb18ebbaa0b0a1480e3fff80669c3d29e26270f685fa6a93356dd
+  data.tar.gz: 34e1410363d3b99607f88993f350e441c502938c179ec114af0d3d63f9a72b25b18c8edc258586006e75fdffbdf112bbed5b1fc6beccba995610909a5b4b2873

data/CHANGELOG.md

@@ -1,14 +1,24 @@
-## Rails 5.2.8.1 (July 12, 2022) ##
+## Rails 6.0.6.1 (January 17, 2023) ##
 
 *   No changes.
 
 
-## Rails 5.2.8 (May 09, 2022) ##
+## Rails 6.0.6 (September 09, 2022) ##
 
 *   No changes.
 
 
-## Rails 5.2.7.1 (April 26, 2022) ##
+## Rails 6.0.5.1 (July 12, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.0.5 (May 09, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.0.4.8 (April 26, 2022) ##
 
 *   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
 
@@ -20,96 +30,172 @@
     *Álvaro Martín Fraguas*
 
 
-## Rails 5.2.7 (March 10, 2022) ##
+## Rails 6.0.4.7 (March 08, 2022) ##
 
 *   No changes.
 
 
-## Rails 5.2.6.3 (March 08, 2022) ##
+## Rails 6.0.4.6 (February 11, 2022) ##
 
 *   No changes.
 
 
-## Rails 5.2.6.2 (February 11, 2022) ##
+## Rails 6.0.4.5 (February 11, 2022) ##
 
 *   No changes.
 
 
-## Rails 5.2.6.1 (February 11, 2022) ##
+## Rails 6.0.4.4 (December 15, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.6 (May 05, 2021) ##
+## Rails 6.0.4.3 (December 14, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.5 (March 26, 2021) ##
+## Rails 6.0.4.2 (December 14, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4.6 (May 05, 2021) ##
+## Rails 6.0.4.1 (August 19, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4.5 (February 10, 2021) ##
+## Rails 6.0.4 (June 15, 2021) ##
+
+*   SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
+    call safe_list_sanitizer's class method
+
+    Fixes #39586
+
+    *Taufiq Muhammadi*
+
+
+## Rails 6.0.3.7 (May 05, 2021) ##
 
 *   No changes.
 
 
-## Rails 5.2.4.4 (September 09, 2020) ##
+## Rails 6.0.3.6 (March 26, 2021) ##
+
+*   No changes.
 
-*   [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper
+
+## Rails 6.0.3.5 (February 10, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.0.3.4 (October 07, 2020) ##
+
+*   No changes.
+
+
+## Rails 6.0.3.3 (September 09, 2020) ##
+
+*   [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
 
     *Jonathan Hefner*
 
 
-## Rails 5.2.4.3 (May 18, 2020) ##
+## Rails 6.0.3.2 (June 17, 2020) ##
+
+*   No changes.
+
+
+## Rails 6.0.3.1 (May 18, 2020) ##
 
 *   [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
 
 
-## Rails 5.2.4.2 (March 19, 2020) ##
+## Rails 6.0.3 (May 06, 2020) ##
+
+*   annotated_source_code returns an empty array so TemplateErrors without a
+    template in the backtrace are surfaced properly by DebugExceptions.
+
+    *Guilherme Mansur*, *Kasper Timm Hansen*
+
+*   Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
+
+    *Guilherme Mansur*, *Gannon McGibbon*
 
-*   Fix possible XSS vector in `escape_javascript` helper
+
+## Rails 6.0.2.2 (March 19, 2020) ##
+
+*   Fix possible XSS vector in escape_javascript helper
 
     CVE-2020-5267
 
     *Aaron Patterson*
 
 
-## Rails 5.2.4.1 (December 18, 2019) ##
+## Rails 6.0.2.1 (December 18, 2019) ##
 
 *   No changes.
 
 
-## Rails 5.2.4 (November 27, 2019) ##
+## Rails 6.0.2 (December 13, 2019) ##
 
-*   Allow programmatic click events to trigger Rails UJS click handlers.
-    Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573.
+*   No changes.
 
-    *Sudara Williams*
 
+## Rails 6.0.1 (November 5, 2019) ##
 
-## Rails 5.2.3 (March 27, 2019) ##
+*   UJS avoids `Element.closest()` for IE 9 compatibility.
 
-*   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
-    Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
-    For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
+    *George Claghorn*
 
-    ```
-    <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
-    ```
 
-    Fixes #34541
+## Rails 6.0.0 (August 16, 2019) ##
 
-    *Wolfgang Hobmaier*
+*   ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
+
+    *Juanito Fatas*
+
+
+## Rails 6.0.0.rc2 (July 22, 2019) ##
+
+*   Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
+
+    *Younes SERRAJ*
+
+
+## Rails 6.0.0.rc1 (April 24, 2019) ##
 
+*   Fix partial caching skips same item issue
 
-## Rails 5.2.2.1 (March 11, 2019) ##
+    If we render cached collection partials with repeated items, those repeated items
+    will get skipped. For example, if you have 5 identical items in your collection, Rails
+    only renders the first one when `cached` is set to true. But it should render all
+    5 items instead.
+
+    Fixes #35114.
+
+    *Stan Lo*
+
+*   Only clear ActionView cache in development on file changes
+
+    To speed up development mode, view caches are only cleared when files in
+    the view paths have changed. Applications which have implemented custom
+    `ActionView::Resolver` subclasses may need to add their own cache clearing.
+
+    *John Hawthorn*
+
+*   Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
+
+    *Edward Rudd*
+
+*   `ActionView::TemplateRender.render(file: )` now renders the file directly,
+    without using any handlers, using the new `Template::RawFile` class.
+
+    *John Hawthorn*, *Cliff Pruitt*
+
+
+## Rails 6.0.0.beta3 (March 11, 2019) ##
 
 *   Only accept formats from registered mime types
 
@@ -123,22 +209,109 @@
     *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
-## Rails 5.2.2 (December 04, 2018) ##
+## Rails 6.0.0.beta2 (February 25, 2019) ##
 
-*   No changes.
+*   `ActionView::Template.finalize_compiled_template_methods` is deprecated with
+    no replacement.
 
+    *tenderlove*
 
-## Rails 5.2.1.1 (November 27, 2018) ##
+*   `config.action_view.finalize_compiled_template_methods` is deprecated with
+    no replacement.
 
-*   No changes.
+    *tenderlove*
+
+*   Ensure unique DOM IDs for collection inputs with float values.
+
+    Fixes #34974.
+
+    *Mark Edmondson*
 
+*   Single arity template handlers are deprecated.  Template handlers must
+    now accept two parameters, the view object and the source for the view object.
 
-## Rails 5.2.1 (August 07, 2018) ##
+    *tenderlove*
 
-*   Fix leak of `skip_default_ids` and `allow_method_names_outside_object` options
-    to HTML attributes.
 
-    *Yurii Cherniavskyi*
+## Rails 6.0.0.beta1 (January 18, 2019) ##
+
+*   [Rename npm package](https://github.com/rails/rails/pull/34905) from
+    [`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
+    [`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
+
+    *Javan Makhmali*
+
+*   Remove deprecated `image_alt` helper.
+
+    *Rafael Mendonça França*
+
+*   Fix the need of `#protect_against_forgery?` method defined in
+    `ActionView::Base` subclasses. This prevents the use of forms and buttons.
+
+    *Genadi Samokovarov*
+
+*   Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
+
+    Fixes #33889.
+
+    *Wolfgang Hobmaier*
+
+*   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
+    Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
+    For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
+
+    ```
+    <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
+    ```
+
+    Fixes #34541.
+
+    *Wolfgang Hobmaier*
+
+*   Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
+
+    For example, given input like this:
+
+    ```
+        This is a paragraph with an initial indent,
+    followed by additional lines that are not indented,
+    and finally terminated with a blockquote:
+      "A pithy saying"
+    ```
+
+    Calling `word_wrap` should not trim the indents on the first and last lines.
+
+    Fixes #34487.
+
+    *Lyle Mullican*
+
+*   Add allocations to template rendering instrumentation.
+
+    Adds the allocations for template and partial rendering to the server output on render.
+
+    ```
+      Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
+      Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
+    Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
+    ```
+
+    *Eileen M. Uchitelle*, *Aaron Patterson*
+
+*   Respect the `only_path` option passed to `url_for` when the options are passed in as an array
+
+    Fixes #33237.
+
+    *Joel Ambass*
+
+*   Deprecate calling private model methods from view helpers.
+
+    For example, in methods like `options_from_collection_for_select`
+    and `collection_select` it is possible to call private methods from
+    the objects used.
+
+    Fixes #33546.
+
+    *Ana María Martínez Gómez*
 
 *   Fix issue with `button_to`'s `to_form_params`
 
@@ -151,97 +324,110 @@
 
     *Georgi Georgiev*
 
-*   Fix JavaScript views rendering does not work with Firefox when using
-    Content Security Policy.
+*   Mark arrays of translations as trusted safe by using the `_html` suffix.
 
-    Fixes #32577.
+    Example:
 
-    *Yuji Yaginuma*
+        en:
+          foo_html:
+            - "One"
+            - "<strong>Two</strong>"
+            - "Three &#128075; &#128578;"
 
-*   Add the `nonce: true` option for `javascript_include_tag` helper to
-    support automatic nonce generation for Content Security Policy.
-    Works the same way as `javascript_tag nonce: true` does.
+    *Juan Broullon*
 
-    *Yaroslav Markin*
-
-
-## Rails 5.2.0 (April 09, 2018) ##
-
-*   Pass the `:skip_pipeline` option in `image_submit_tag` when calling `path_to_image`.
+*   Add `year_format` option to date_select tag. This option makes it possible to customize year
+    names. Lambda should be passed to use this option.
 
-    Fixes #32248.
+    Example:
 
-    *Andrew White*
+        date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
 
-*   Allow the use of callable objects as group methods for grouped selects.
+    The HTML produced:
 
-    Until now, the `option_groups_from_collection_for_select` method was only able to
-    handle method names as `group_method` and `group_label_method` parameters,
-    it is now able to receive procs and other callable objects too.
+        <select id="user_birthday__1i" name="user_birthday[(1i)]">
+        <option value="1998">Heisei 10</option>
+        <option value="1999">Heisei 11</option>
+        <option value="2000">Heisei 12</option>
+        </select>
+        /* The rest is omitted */
 
-    *Jérémie Bonal*
+    *Koki Ryu*
 
-*   Add `preload_link_tag` helper.
+*   Fix JavaScript views rendering does not work with Firefox when using
+    Content Security Policy.
 
-    This helper that allows to the browser to initiate early fetch of resources
-    (different to the specified in `javascript_include_tag` and `stylesheet_link_tag`).
-    Additionally, this sends Early Hints if supported by browser.
+    Fixes #32577.
 
-    *Guillermo Iguaran*
+    *Yuji Yaginuma*
 
-*   Change `form_with` to generates ids by default.
+*   Add the `nonce: true` option for `javascript_include_tag` helper to
+    support automatic nonce generation for Content Security Policy.
+    Works the same way as `javascript_tag nonce: true` does.
 
-    When `form_with` was introduced we disabled the automatic generation of ids
-    that was enabled in `form_for`. This usually is not an good idea since labels don't work
-    when the input doesn't have an id and it made harder to test with Capybara.
+    *Yaroslav Markin*
 
-    You can still disable the automatic generation of ids setting `config.action_view.form_with_generates_ids`
-    to `false.`
+*   Remove `ActionView::Helpers::RecordTagHelper`.
 
-    *Nick Pezza*
+    *Yoshiyuki Hirano*
 
-*   Fix issues with `field_error_proc` wrapping `optgroup` and select divider `option`.
+*   Disable `ActionView::Template` finalizers in test environment.
 
-    Fixes #31088
+    Template finalization can be expensive in large view test suites.
+    Add a configuration option,
+    `action_view.finalize_compiled_template_methods`, and turn it off in
+    the test environment.
 
-    *Matthias Neumayr*
+    *Simon Coffey*
 
-*   Remove deprecated Erubis ERB handler.
+*   Extract the `confirm` call in its own, overridable method in `rails_ujs`.
 
-    *Rafael Mendonça França*
+    Example:
 
-*   Remove default `alt` text generation.
+        Rails.confirm = function(message, element) {
+          return (my_bootstrap_modal_confirm(message));
+        }
 
-    Fixes #30096
+    *Mathieu Mahé*
 
-    *Cameron Cundiff*
+*   Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
+    field.
 
-*   Add `srcset` option to `image_tag` helper.
+    Example:
 
-    *Roberto Miranda*
+        select :post,
+               :category,
+               ["lifestyle", "programming", "spiritual"],
+               { selected: "", disabled: "", prompt: "Choose one" },
+               { required: true }
 
-*   Fix issues with scopes and engine on `current_page?` method.
+    Placeholder option would be selected and disabled.
 
-    Fixes #29401.
+    The HTML produced:
 
-    *Nikita Savrov*
+        <select required="required" name="post[category]" id="post_category">
+        <option disabled="disabled" selected="selected" value="">Choose one</option>
+        <option value="lifestyle">lifestyle</option>
+        <option value="programming">programming</option>
+        <option value="spiritual">spiritual</option></select>
 
-*   Generate field ids in `collection_check_boxes` and `collection_radio_buttons`.
+    *Sergey Prikhodko*
 
-    This makes sure that the labels are linked up with the fields.
+*   Don't enforce UTF-8 by default.
 
-    Fixes #29014.
+    With the disabling of TLS 1.0 by most major websites, continuing to run
+    IE8 or lower becomes increasingly difficult so default to not enforcing
+    UTF-8 encoding as it's not relevant to other browsers.
 
-    *Yuji Yaginuma*
+    *Andrew White*
 
-*   Add `:json` type to `auto_discovery_link_tag` to support [JSON Feeds](https://jsonfeed.org/version/1).
+*   Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
 
-    *Mike Gunderloy*
+    *Rui Onodera*
 
-*   Update `distance_of_time_in_words` helper to display better error messages
-    for bad input.
+*   Rails 6 requires Ruby 2.5.0 or newer.
 
-    *Jay Hayes*
+    *Jeremy Daer*, *Kasper Timm Hansen*
 
 
-Please check [5-1-stable](https://github.com/rails/rails/blob/5-1-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2018 David Heinemeier Hansson
+Copyright (c) 2004-2019 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -5,6 +5,8 @@ view helpers that assist when building HTML forms, Atom feeds and more.
 Template formats that Action View handles are ERB (embedded Ruby, typically
 used to inline short Ruby snippets inside HTML), and XML Builder.
 
+You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
+
 == Download and installation
 
 The latest version of Action View can be installed with RubyGems:
@@ -13,7 +15,7 @@ The latest version of Action View can be installed with RubyGems:
 
 Source code can be downloaded as part of the Rails project on GitHub:
 
-* https://github.com/rails/rails/tree/5-2-stable/actionview
+* https://github.com/rails/rails/tree/main/actionview
 
 
 == License
@@ -27,7 +29,7 @@ Action View is released under the MIT license:
 
 API documentation is at
 
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 
 Bug reports for the Ruby on Rails project can be filed here:
 
@@ -35,4 +37,4 @@ Bug reports for the Ruby on Rails project can be filed here:
 
 Feature requests should be discussed on the rails-core mailing list here:
 
-* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core
+* https://discuss.rubyonrails.org/c/rubyonrails-core