actionview 6.0.0.beta1 → 6.0.1.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58d19af0e853c217ca89f2167775195c7a44ebba26e4d9a682aabeb6a25b6af4
-  data.tar.gz: 15d2c9faa90c17d33772df3ce0eacccecb090e7310af47ab1d82bca6448a2a11
+  metadata.gz: 5e7db7174d54140db42c5f5524831d186cbe1702461e63d7e1e488b5177b8d02
+  data.tar.gz: 1445fcd4a5ef341ea881f554e8b5e2e0e116510547eb3a51383cfb57a7a59c16
 SHA512:
-  metadata.gz: dc169a10649b5f6cdfb8488bd16cbb7cab049081e7a6c53821cfab497e8035c7843c690e3bffcffc571bf2f610e5f2b7eee80283f622262d5ff9f1f20c8ef210
-  data.tar.gz: ed371d7bec363bafe775d5a1ed3d11a1002f96589c142c662afabc1862c71314427fc07004d0bfa4bc2ac5078f0c0b38410ccca1ee738594223a1a3a336ffa14
+  metadata.gz: 7c9f50ec41db812da86f72902728a5c950842e0529c9bb55ba2d4a744a02a58a1179506745a7f71320c340f0b5da2b7d59232ba3c2db31696e41bd3127b5d356
+  data.tar.gz: d3bdd62644d0839c664ac78b2273e91bdcab0cd27e84a867743730f78e518eb098df861dd9fe972453039f72ddb98f20b85e01af56543ee4ff28e979ba90a899

data/CHANGELOG.md

@@ -1,5 +1,91 @@
+## Rails 6.0.1.rc1 (October 31, 2019) ##
+
+*   UJS avoids `Element.closest()` for IE 9 compatibility.
+
+    *George Claghorn*
+
+
+## Rails 6.0.0 (August 16, 2019) ##
+
+*   ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
+
+    *Juanito Fatas*
+
+
+## Rails 6.0.0.rc2 (July 22, 2019) ##
+
+*   Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
+
+    *Younes SERRAJ*
+
+
+## Rails 6.0.0.rc1 (April 24, 2019) ##
+
+*   Fix partial caching skips same item issue
+
+    If we render cached collection partials with repeated items, those repeated items
+    will get skipped. For example, if you have 5 identical items in your collection, Rails
+    only renders the first one when `cached` is set to true. But it should render all
+    5 items instead.
+
+    Fixes #35114.
+
+    *Stan Lo*
+
+*   Only clear ActionView cache in development on file changes
+
+    To speed up development mode, view caches are only cleared when files in
+    the view paths have changed. Applications which have implemented custom
+    `ActionView::Resolver` subclasses may need to add their own cache clearing.
+
+    *John Hawthorn*
+
+*   Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
+
+    *Edward Rudd*
+
+
+## Rails 6.0.0.beta3 (March 11, 2019) ##
+
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
+
+
+## Rails 6.0.0.beta2 (February 25, 2019) ##
+
+*   `ActionView::Template.finalize_compiled_template_methods` is deprecated with
+    no replacement.
+
+    *tenderlove*
+
+*   `config.action_view.finalize_compiled_template_methods` is deprecated with
+    no replacement.
+
+    *tenderlove*
+
+*   Ensure unique DOM IDs for collection inputs with float values.
+
+    Fixes #34974.
+
+    *Mark Edmondson*
+
+
 ## Rails 6.0.0.beta1 (January 18, 2019) ##
 
+*   [Rename npm package](https://github.com/rails/rails/pull/34905) from
+    [`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
+    [`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
+
+    *Javan Makhmali*
+
 *   Remove deprecated `image_alt` helper.
 
     *Rafael Mendonça França*
@@ -10,7 +96,8 @@
     *Genadi Samokovarov*
 
 *   Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
-    Fixes #33889
+
+    Fixes #33889.
 
     *Wolfgang Hobmaier*
 
@@ -22,7 +109,7 @@
     <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
     ```
 
-    Fixes #34541
+    Fixes #34541.
 
     *Wolfgang Hobmaier*
 
@@ -39,7 +126,7 @@
 
     Calling `word_wrap` should not trim the indents on the first and last lines.
 
-    Fixes #34487
+    Fixes #34487.
 
     *Lyle Mullican*
 

data/README.rdoc

@@ -5,6 +5,8 @@ view helpers that assist when building HTML forms, Atom feeds and more.
 Template formats that Action View handles are ERB (embedded Ruby, typically
 used to inline short Ruby snippets inside HTML), and XML Builder.
 
+You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
+
 == Download and installation
 
 The latest version of Action View can be installed with RubyGems:
@@ -27,7 +29,7 @@ Action View is released under the MIT license:
 
 API documentation is at
 
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 
 Bug reports for the Ruby on Rails project can be filed here:
 

data/lib/action_view.rb

@@ -35,7 +35,6 @@ module ActionView
   eager_autoload do
     autoload :Base
     autoload :Context
-    autoload :CompiledTemplates, "action_view/context"
     autoload :Digestor
     autoload :Helpers
     autoload :LookupContext
@@ -45,6 +44,7 @@ module ActionView
     autoload :Rendering
     autoload :RoutingUrlFor
     autoload :Template
+    autoload :UnboundTemplate
     autoload :ViewPaths
 
     autoload_under "renderer" do
@@ -81,6 +81,7 @@ module ActionView
     end
   end
 
+  autoload :CacheExpiry
   autoload :TestCase
 
   def self.eager_load!

data/lib/action_view/base.rb

@@ -3,6 +3,7 @@
 require "active_support/core_ext/module/attr_internal"
 require "active_support/core_ext/module/attribute_accessors"
 require "active_support/ordered_options"
+require "active_support/deprecation"
 require "action_view/log_subscriber"
 require "action_view/helpers"
 require "action_view/context"
@@ -179,37 +180,133 @@ module ActionView #:nodoc:
       def xss_safe? #:nodoc:
         true
       end
+
+      def with_empty_template_cache # :nodoc:
+        subclass = Class.new(self) {
+          # We can't implement these as self.class because subclasses will
+          # share the same template cache as superclasses, so "changed?" won't work
+          # correctly.
+          define_method(:compiled_method_container)           { subclass }
+          define_singleton_method(:compiled_method_container) { subclass }
+        }
+      end
+
+      def changed?(other) # :nodoc:
+        compiled_method_container != other.compiled_method_container
+      end
     end
 
-    attr_accessor :view_renderer
+    attr_reader :view_renderer, :lookup_context
     attr_internal :config, :assigns
 
-    delegate :lookup_context, to: :view_renderer
     delegate :formats, :formats=, :locale, :locale=, :view_paths, :view_paths=, to: :lookup_context
 
     def assign(new_assigns) # :nodoc:
       @_assigns = new_assigns.each { |key, value| instance_variable_set("@#{key}", value) }
     end
 
-    def initialize(context = nil, assigns = {}, controller = nil, formats = nil) #:nodoc:
+    # :stopdoc:
+
+    def self.build_lookup_context(context)
+      case context
+      when ActionView::Renderer
+        context.lookup_context
+      when Array
+        ActionView::LookupContext.new(context)
+      when ActionView::PathSet
+        ActionView::LookupContext.new(context)
+      when nil
+        ActionView::LookupContext.new([])
+      else
+        raise NotImplementedError, context.class.name
+      end
+    end
+
+    def self.empty
+      with_view_paths([])
+    end
+
+    def self.with_view_paths(view_paths, assigns = {}, controller = nil)
+      with_context ActionView::LookupContext.new(view_paths), assigns, controller
+    end
+
+    def self.with_context(context, assigns = {}, controller = nil)
+      new context, assigns, controller
+    end
+
+    NULL = Object.new
+
+    # :startdoc:
+
+    def initialize(lookup_context = nil, assigns = {}, controller = nil, formats = NULL) #:nodoc:
       @_config = ActiveSupport::InheritableOptions.new
 
-      if context.is_a?(ActionView::Renderer)
-        @view_renderer = context
+      unless formats == NULL
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
+        Passing formats to ActionView::Base.new is deprecated
+        eowarn
+      end
+
+      case lookup_context
+      when ActionView::LookupContext
+        @lookup_context = lookup_context
       else
-        lookup_context = context.is_a?(ActionView::LookupContext) ?
-          context : ActionView::LookupContext.new(context)
-        lookup_context.formats  = formats if formats
-        lookup_context.prefixes = controller._prefixes if controller
-        @view_renderer = ActionView::Renderer.new(lookup_context)
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
+        ActionView::Base instances should be constructed with a lookup context,
+        assignments, and a controller.
+        eowarn
+        @lookup_context = self.class.build_lookup_context(lookup_context)
       end
 
+      @view_renderer = ActionView::Renderer.new @lookup_context
+      @current_template = nil
+
       @cache_hit = {}
       assign(assigns)
       assign_controller(controller)
       _prepare_context
     end
 
+    def _run(method, template, locals, buffer, &block)
+      _old_output_buffer, _old_virtual_path, _old_template = @output_buffer, @virtual_path, @current_template
+      @current_template = template
+      @output_buffer = buffer
+      send(method, locals, buffer, &block)
+    ensure
+      @output_buffer, @virtual_path, @current_template = _old_output_buffer, _old_virtual_path, _old_template
+    end
+
+    def compiled_method_container
+      if self.class == ActionView::Base
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
+          ActionView::Base instances must implement `compiled_method_container`
+          or use the class method `with_empty_template_cache` for constructing
+          an ActionView::Base instances that has an empty cache.
+        eowarn
+      end
+
+      self.class
+    end
+
+    def in_rendering_context(options)
+      old_view_renderer  = @view_renderer
+      old_lookup_context = @lookup_context
+
+      if !lookup_context.html_fallback_for_js && options[:formats]
+        formats = Array(options[:formats])
+        if formats == [:js]
+          formats << :html
+        end
+        @lookup_context = lookup_context.with_prepended_formats(formats)
+        @view_renderer = ActionView::Renderer.new @lookup_context
+      end
+
+      yield @view_renderer
+    ensure
+      @view_renderer = old_view_renderer
+      @lookup_context = old_lookup_context
+    end
+
     ActiveSupport.run_load_hooks(:action_view, self)
   end
 end

data/lib/action_view/cache_expiry.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module ActionView
+  class CacheExpiry
+    class Executor
+      def initialize(watcher:)
+        @cache_expiry = CacheExpiry.new(watcher: watcher)
+      end
+
+      def before(target)
+        @cache_expiry.clear_cache_if_necessary
+      end
+    end
+
+    def initialize(watcher:)
+      @watched_dirs = nil
+      @watcher_class = watcher
+      @watcher = nil
+      @mutex = Mutex.new
+    end
+
+    def clear_cache_if_necessary
+      @mutex.synchronize do
+        watched_dirs = dirs_to_watch
+        return if watched_dirs.empty?
+
+        if watched_dirs != @watched_dirs
+          @watched_dirs = watched_dirs
+          @watcher = @watcher_class.new([], watched_dirs) do
+            clear_cache
+          end
+          @watcher.execute
+        else
+          @watcher.execute_if_updated
+        end
+      end
+    end
+
+    def clear_cache
+      ActionView::LookupContext::DetailsKey.clear
+    end
+
+    private
+
+      def dirs_to_watch
+        fs_paths = all_view_paths.grep(FileSystemResolver)
+        fs_paths.map(&:path).sort.uniq
+      end
+
+      def all_view_paths
+        ActionView::ViewPaths.all_view_paths.flat_map(&:paths)
+      end
+  end
+end

data/lib/action_view/context.rb

@@ -1,10 +1,6 @@
 # frozen_string_literal: true
 
 module ActionView
-  module CompiledTemplates #:nodoc:
-    # holds compiled template code
-  end
-
   # = Action View Context
   #
   # Action View contexts are supplied to Action Controller to render a template.
@@ -16,7 +12,6 @@ module ActionView
   # object that includes this module (although you can call _prepare_context
   # defined below).
   module Context
-    include CompiledTemplates
     attr_accessor :output_buffer, :view_flow
 
     # Prepares the context by setting the appropriate instance variables.

data/lib/action_view/digestor.rb

@@ -6,23 +6,18 @@ module ActionView
   class Digestor
     @@digest_mutex = Mutex.new
 
-    module PerExecutionDigestCacheExpiry
-      def self.before(target)
-        ActionView::LookupContext::DetailsKey.clear
-      end
-    end
-
     class << self
       # Supported options:
       #
-      # * <tt>name</tt>   - Template name
-      # * <tt>finder</tt>  - An instance of <tt>ActionView::LookupContext</tt>
-      # * <tt>dependencies</tt>  - An array of dependent views
-      def digest(name:, finder:, dependencies: nil)
+      # * <tt>name</tt>         - Template name
+      # * <tt>format</tt>       - Template format
+      # * <tt>finder</tt>       - An instance of <tt>ActionView::LookupContext</tt>
+      # * <tt>dependencies</tt> - An array of dependent views
+      def digest(name:, format: nil, finder:, dependencies: nil)
         if dependencies.nil? || dependencies.empty?
-          cache_key = "#{name}.#{finder.rendered_format}"
+          cache_key = "#{name}.#{format}"
         else
-          cache_key = [ name, finder.rendered_format, dependencies ].flatten.compact.join(".")
+          cache_key = [ name, format, dependencies ].flatten.compact.join(".")
         end
 
         # this is a correctly done double-checked locking idiom
@@ -48,8 +43,6 @@ module ActionView
         logical_name = name.gsub(%r|/_|, "/")
 
         if template = find_template(finder, logical_name, [], partial, [])
-          finder.rendered_format ||= template.formats.first
-
           if node = seen[template.identifier] # handle cycles in the tree
             node
           else
@@ -73,9 +66,7 @@ module ActionView
       private
         def find_template(finder, name, prefixes, partial, keys)
           finder.disable_cache do
-            format = finder.rendered_format
-            result = finder.find_all(name, prefixes, partial, keys, formats: [format]).first if format
-            result || finder.find_all(name, prefixes, partial, keys).first
+            finder.find_all(name, prefixes, partial, keys).first
           end
         end
     end