actionview 6.0.0.beta1 → 6.0.1.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +90 -3
- data/README.rdoc +3 -1
- data/lib/action_view.rb +2 -1
- data/lib/action_view/base.rb +107 -10
- data/lib/action_view/cache_expiry.rb +54 -0
- data/lib/action_view/context.rb +0 -5
- data/lib/action_view/digestor.rb +8 -17
- data/lib/action_view/gem_version.rb +2 -2
- data/lib/action_view/helpers/asset_tag_helper.rb +5 -5
- data/lib/action_view/helpers/cache_helper.rb +5 -5
- data/lib/action_view/helpers/csp_helper.rb +4 -2
- data/lib/action_view/helpers/form_helper.rb +2 -2
- data/lib/action_view/helpers/form_options_helper.rb +4 -3
- data/lib/action_view/helpers/form_tag_helper.rb +5 -2
- data/lib/action_view/helpers/output_safety_helper.rb +1 -1
- data/lib/action_view/helpers/rendering_helper.rb +6 -4
- data/lib/action_view/helpers/sanitize_helper.rb +10 -16
- data/lib/action_view/helpers/tag_helper.rb +1 -1
- data/lib/action_view/helpers/tags/base.rb +1 -1
- data/lib/action_view/helpers/translation_helper.rb +3 -3
- data/lib/action_view/helpers/url_helper.rb +2 -2
- data/lib/action_view/layouts.rb +5 -5
- data/lib/action_view/lookup_context.rb +69 -27
- data/lib/action_view/path_set.rb +5 -10
- data/lib/action_view/railtie.rb +9 -4
- data/lib/action_view/renderer/abstract_renderer.rb +56 -3
- data/lib/action_view/renderer/partial_renderer.rb +66 -55
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +27 -20
- data/lib/action_view/renderer/renderer.rb +16 -4
- data/lib/action_view/renderer/streaming_template_renderer.rb +4 -4
- data/lib/action_view/renderer/template_renderer.rb +24 -18
- data/lib/action_view/rendering.rb +46 -27
- data/lib/action_view/template.rb +84 -69
- data/lib/action_view/template/error.rb +21 -1
- data/lib/action_view/template/handlers.rb +27 -1
- data/lib/action_view/template/handlers/builder.rb +2 -2
- data/lib/action_view/template/handlers/erb.rb +5 -5
- data/lib/action_view/template/handlers/erb/erubi.rb +7 -3
- data/lib/action_view/template/handlers/html.rb +1 -1
- data/lib/action_view/template/handlers/raw.rb +2 -2
- data/lib/action_view/template/html.rb +14 -5
- data/lib/action_view/template/inline.rb +22 -0
- data/lib/action_view/template/raw_file.rb +28 -0
- data/lib/action_view/template/resolver.rb +80 -117
- data/lib/action_view/template/sources.rb +13 -0
- data/lib/action_view/template/sources/file.rb +17 -0
- data/lib/action_view/template/text.rb +5 -3
- data/lib/action_view/testing/resolvers.rb +33 -20
- data/lib/action_view/unbound_template.rb +32 -0
- data/lib/action_view/view_paths.rb +25 -1
- data/lib/assets/compiled/rails-ujs.js +21 -12
- metadata +25 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e7db7174d54140db42c5f5524831d186cbe1702461e63d7e1e488b5177b8d02
|
4
|
+
data.tar.gz: 1445fcd4a5ef341ea881f554e8b5e2e0e116510547eb3a51383cfb57a7a59c16
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7c9f50ec41db812da86f72902728a5c950842e0529c9bb55ba2d4a744a02a58a1179506745a7f71320c340f0b5da2b7d59232ba3c2db31696e41bd3127b5d356
|
7
|
+
data.tar.gz: d3bdd62644d0839c664ac78b2273e91bdcab0cd27e84a867743730f78e518eb098df861dd9fe972453039f72ddb98f20b85e01af56543ee4ff28e979ba90a899
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,91 @@
|
|
1
|
+
## Rails 6.0.1.rc1 (October 31, 2019) ##
|
2
|
+
|
3
|
+
* UJS avoids `Element.closest()` for IE 9 compatibility.
|
4
|
+
|
5
|
+
*George Claghorn*
|
6
|
+
|
7
|
+
|
8
|
+
## Rails 6.0.0 (August 16, 2019) ##
|
9
|
+
|
10
|
+
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
|
11
|
+
|
12
|
+
*Juanito Fatas*
|
13
|
+
|
14
|
+
|
15
|
+
## Rails 6.0.0.rc2 (July 22, 2019) ##
|
16
|
+
|
17
|
+
* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
|
18
|
+
|
19
|
+
*Younes SERRAJ*
|
20
|
+
|
21
|
+
|
22
|
+
## Rails 6.0.0.rc1 (April 24, 2019) ##
|
23
|
+
|
24
|
+
* Fix partial caching skips same item issue
|
25
|
+
|
26
|
+
If we render cached collection partials with repeated items, those repeated items
|
27
|
+
will get skipped. For example, if you have 5 identical items in your collection, Rails
|
28
|
+
only renders the first one when `cached` is set to true. But it should render all
|
29
|
+
5 items instead.
|
30
|
+
|
31
|
+
Fixes #35114.
|
32
|
+
|
33
|
+
*Stan Lo*
|
34
|
+
|
35
|
+
* Only clear ActionView cache in development on file changes
|
36
|
+
|
37
|
+
To speed up development mode, view caches are only cleared when files in
|
38
|
+
the view paths have changed. Applications which have implemented custom
|
39
|
+
`ActionView::Resolver` subclasses may need to add their own cache clearing.
|
40
|
+
|
41
|
+
*John Hawthorn*
|
42
|
+
|
43
|
+
* Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
|
44
|
+
|
45
|
+
*Edward Rudd*
|
46
|
+
|
47
|
+
|
48
|
+
## Rails 6.0.0.beta3 (March 11, 2019) ##
|
49
|
+
|
50
|
+
* Only accept formats from registered mime types
|
51
|
+
|
52
|
+
A lack of filtering on mime types could allow an attacker to read
|
53
|
+
arbitrary files on the target server or to perform a denial of service
|
54
|
+
attack.
|
55
|
+
|
56
|
+
Fixes CVE-2019-5418
|
57
|
+
Fixes CVE-2019-5419
|
58
|
+
|
59
|
+
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
|
60
|
+
|
61
|
+
|
62
|
+
## Rails 6.0.0.beta2 (February 25, 2019) ##
|
63
|
+
|
64
|
+
* `ActionView::Template.finalize_compiled_template_methods` is deprecated with
|
65
|
+
no replacement.
|
66
|
+
|
67
|
+
*tenderlove*
|
68
|
+
|
69
|
+
* `config.action_view.finalize_compiled_template_methods` is deprecated with
|
70
|
+
no replacement.
|
71
|
+
|
72
|
+
*tenderlove*
|
73
|
+
|
74
|
+
* Ensure unique DOM IDs for collection inputs with float values.
|
75
|
+
|
76
|
+
Fixes #34974.
|
77
|
+
|
78
|
+
*Mark Edmondson*
|
79
|
+
|
80
|
+
|
1
81
|
## Rails 6.0.0.beta1 (January 18, 2019) ##
|
2
82
|
|
83
|
+
* [Rename npm package](https://github.com/rails/rails/pull/34905) from
|
84
|
+
[`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
|
85
|
+
[`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
|
86
|
+
|
87
|
+
*Javan Makhmali*
|
88
|
+
|
3
89
|
* Remove deprecated `image_alt` helper.
|
4
90
|
|
5
91
|
*Rafael Mendonça França*
|
@@ -10,7 +96,8 @@
|
|
10
96
|
*Genadi Samokovarov*
|
11
97
|
|
12
98
|
* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
|
13
|
-
|
99
|
+
|
100
|
+
Fixes #33889.
|
14
101
|
|
15
102
|
*Wolfgang Hobmaier*
|
16
103
|
|
@@ -22,7 +109,7 @@
|
|
22
109
|
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
|
23
110
|
```
|
24
111
|
|
25
|
-
Fixes #34541
|
112
|
+
Fixes #34541.
|
26
113
|
|
27
114
|
*Wolfgang Hobmaier*
|
28
115
|
|
@@ -39,7 +126,7 @@
|
|
39
126
|
|
40
127
|
Calling `word_wrap` should not trim the indents on the first and last lines.
|
41
128
|
|
42
|
-
Fixes #34487
|
129
|
+
Fixes #34487.
|
43
130
|
|
44
131
|
*Lyle Mullican*
|
45
132
|
|
data/README.rdoc
CHANGED
@@ -5,6 +5,8 @@ view helpers that assist when building HTML forms, Atom feeds and more.
|
|
5
5
|
Template formats that Action View handles are ERB (embedded Ruby, typically
|
6
6
|
used to inline short Ruby snippets inside HTML), and XML Builder.
|
7
7
|
|
8
|
+
You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
|
9
|
+
|
8
10
|
== Download and installation
|
9
11
|
|
10
12
|
The latest version of Action View can be installed with RubyGems:
|
@@ -27,7 +29,7 @@ Action View is released under the MIT license:
|
|
27
29
|
|
28
30
|
API documentation is at
|
29
31
|
|
30
|
-
*
|
32
|
+
* https://api.rubyonrails.org
|
31
33
|
|
32
34
|
Bug reports for the Ruby on Rails project can be filed here:
|
33
35
|
|
data/lib/action_view.rb
CHANGED
@@ -35,7 +35,6 @@ module ActionView
|
|
35
35
|
eager_autoload do
|
36
36
|
autoload :Base
|
37
37
|
autoload :Context
|
38
|
-
autoload :CompiledTemplates, "action_view/context"
|
39
38
|
autoload :Digestor
|
40
39
|
autoload :Helpers
|
41
40
|
autoload :LookupContext
|
@@ -45,6 +44,7 @@ module ActionView
|
|
45
44
|
autoload :Rendering
|
46
45
|
autoload :RoutingUrlFor
|
47
46
|
autoload :Template
|
47
|
+
autoload :UnboundTemplate
|
48
48
|
autoload :ViewPaths
|
49
49
|
|
50
50
|
autoload_under "renderer" do
|
@@ -81,6 +81,7 @@ module ActionView
|
|
81
81
|
end
|
82
82
|
end
|
83
83
|
|
84
|
+
autoload :CacheExpiry
|
84
85
|
autoload :TestCase
|
85
86
|
|
86
87
|
def self.eager_load!
|
data/lib/action_view/base.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
require "active_support/core_ext/module/attr_internal"
|
4
4
|
require "active_support/core_ext/module/attribute_accessors"
|
5
5
|
require "active_support/ordered_options"
|
6
|
+
require "active_support/deprecation"
|
6
7
|
require "action_view/log_subscriber"
|
7
8
|
require "action_view/helpers"
|
8
9
|
require "action_view/context"
|
@@ -179,37 +180,133 @@ module ActionView #:nodoc:
|
|
179
180
|
def xss_safe? #:nodoc:
|
180
181
|
true
|
181
182
|
end
|
183
|
+
|
184
|
+
def with_empty_template_cache # :nodoc:
|
185
|
+
subclass = Class.new(self) {
|
186
|
+
# We can't implement these as self.class because subclasses will
|
187
|
+
# share the same template cache as superclasses, so "changed?" won't work
|
188
|
+
# correctly.
|
189
|
+
define_method(:compiled_method_container) { subclass }
|
190
|
+
define_singleton_method(:compiled_method_container) { subclass }
|
191
|
+
}
|
192
|
+
end
|
193
|
+
|
194
|
+
def changed?(other) # :nodoc:
|
195
|
+
compiled_method_container != other.compiled_method_container
|
196
|
+
end
|
182
197
|
end
|
183
198
|
|
184
|
-
|
199
|
+
attr_reader :view_renderer, :lookup_context
|
185
200
|
attr_internal :config, :assigns
|
186
201
|
|
187
|
-
delegate :lookup_context, to: :view_renderer
|
188
202
|
delegate :formats, :formats=, :locale, :locale=, :view_paths, :view_paths=, to: :lookup_context
|
189
203
|
|
190
204
|
def assign(new_assigns) # :nodoc:
|
191
205
|
@_assigns = new_assigns.each { |key, value| instance_variable_set("@#{key}", value) }
|
192
206
|
end
|
193
207
|
|
194
|
-
|
208
|
+
# :stopdoc:
|
209
|
+
|
210
|
+
def self.build_lookup_context(context)
|
211
|
+
case context
|
212
|
+
when ActionView::Renderer
|
213
|
+
context.lookup_context
|
214
|
+
when Array
|
215
|
+
ActionView::LookupContext.new(context)
|
216
|
+
when ActionView::PathSet
|
217
|
+
ActionView::LookupContext.new(context)
|
218
|
+
when nil
|
219
|
+
ActionView::LookupContext.new([])
|
220
|
+
else
|
221
|
+
raise NotImplementedError, context.class.name
|
222
|
+
end
|
223
|
+
end
|
224
|
+
|
225
|
+
def self.empty
|
226
|
+
with_view_paths([])
|
227
|
+
end
|
228
|
+
|
229
|
+
def self.with_view_paths(view_paths, assigns = {}, controller = nil)
|
230
|
+
with_context ActionView::LookupContext.new(view_paths), assigns, controller
|
231
|
+
end
|
232
|
+
|
233
|
+
def self.with_context(context, assigns = {}, controller = nil)
|
234
|
+
new context, assigns, controller
|
235
|
+
end
|
236
|
+
|
237
|
+
NULL = Object.new
|
238
|
+
|
239
|
+
# :startdoc:
|
240
|
+
|
241
|
+
def initialize(lookup_context = nil, assigns = {}, controller = nil, formats = NULL) #:nodoc:
|
195
242
|
@_config = ActiveSupport::InheritableOptions.new
|
196
243
|
|
197
|
-
|
198
|
-
|
244
|
+
unless formats == NULL
|
245
|
+
ActiveSupport::Deprecation.warn <<~eowarn.squish
|
246
|
+
Passing formats to ActionView::Base.new is deprecated
|
247
|
+
eowarn
|
248
|
+
end
|
249
|
+
|
250
|
+
case lookup_context
|
251
|
+
when ActionView::LookupContext
|
252
|
+
@lookup_context = lookup_context
|
199
253
|
else
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
@
|
254
|
+
ActiveSupport::Deprecation.warn <<~eowarn.squish
|
255
|
+
ActionView::Base instances should be constructed with a lookup context,
|
256
|
+
assignments, and a controller.
|
257
|
+
eowarn
|
258
|
+
@lookup_context = self.class.build_lookup_context(lookup_context)
|
205
259
|
end
|
206
260
|
|
261
|
+
@view_renderer = ActionView::Renderer.new @lookup_context
|
262
|
+
@current_template = nil
|
263
|
+
|
207
264
|
@cache_hit = {}
|
208
265
|
assign(assigns)
|
209
266
|
assign_controller(controller)
|
210
267
|
_prepare_context
|
211
268
|
end
|
212
269
|
|
270
|
+
def _run(method, template, locals, buffer, &block)
|
271
|
+
_old_output_buffer, _old_virtual_path, _old_template = @output_buffer, @virtual_path, @current_template
|
272
|
+
@current_template = template
|
273
|
+
@output_buffer = buffer
|
274
|
+
send(method, locals, buffer, &block)
|
275
|
+
ensure
|
276
|
+
@output_buffer, @virtual_path, @current_template = _old_output_buffer, _old_virtual_path, _old_template
|
277
|
+
end
|
278
|
+
|
279
|
+
def compiled_method_container
|
280
|
+
if self.class == ActionView::Base
|
281
|
+
ActiveSupport::Deprecation.warn <<~eowarn.squish
|
282
|
+
ActionView::Base instances must implement `compiled_method_container`
|
283
|
+
or use the class method `with_empty_template_cache` for constructing
|
284
|
+
an ActionView::Base instances that has an empty cache.
|
285
|
+
eowarn
|
286
|
+
end
|
287
|
+
|
288
|
+
self.class
|
289
|
+
end
|
290
|
+
|
291
|
+
def in_rendering_context(options)
|
292
|
+
old_view_renderer = @view_renderer
|
293
|
+
old_lookup_context = @lookup_context
|
294
|
+
|
295
|
+
if !lookup_context.html_fallback_for_js && options[:formats]
|
296
|
+
formats = Array(options[:formats])
|
297
|
+
if formats == [:js]
|
298
|
+
formats << :html
|
299
|
+
end
|
300
|
+
@lookup_context = lookup_context.with_prepended_formats(formats)
|
301
|
+
@view_renderer = ActionView::Renderer.new @lookup_context
|
302
|
+
end
|
303
|
+
|
304
|
+
yield @view_renderer
|
305
|
+
ensure
|
306
|
+
@view_renderer = old_view_renderer
|
307
|
+
@lookup_context = old_lookup_context
|
308
|
+
end
|
309
|
+
|
213
310
|
ActiveSupport.run_load_hooks(:action_view, self)
|
214
311
|
end
|
215
312
|
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionView
|
4
|
+
class CacheExpiry
|
5
|
+
class Executor
|
6
|
+
def initialize(watcher:)
|
7
|
+
@cache_expiry = CacheExpiry.new(watcher: watcher)
|
8
|
+
end
|
9
|
+
|
10
|
+
def before(target)
|
11
|
+
@cache_expiry.clear_cache_if_necessary
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def initialize(watcher:)
|
16
|
+
@watched_dirs = nil
|
17
|
+
@watcher_class = watcher
|
18
|
+
@watcher = nil
|
19
|
+
@mutex = Mutex.new
|
20
|
+
end
|
21
|
+
|
22
|
+
def clear_cache_if_necessary
|
23
|
+
@mutex.synchronize do
|
24
|
+
watched_dirs = dirs_to_watch
|
25
|
+
return if watched_dirs.empty?
|
26
|
+
|
27
|
+
if watched_dirs != @watched_dirs
|
28
|
+
@watched_dirs = watched_dirs
|
29
|
+
@watcher = @watcher_class.new([], watched_dirs) do
|
30
|
+
clear_cache
|
31
|
+
end
|
32
|
+
@watcher.execute
|
33
|
+
else
|
34
|
+
@watcher.execute_if_updated
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def clear_cache
|
40
|
+
ActionView::LookupContext::DetailsKey.clear
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
def dirs_to_watch
|
46
|
+
fs_paths = all_view_paths.grep(FileSystemResolver)
|
47
|
+
fs_paths.map(&:path).sort.uniq
|
48
|
+
end
|
49
|
+
|
50
|
+
def all_view_paths
|
51
|
+
ActionView::ViewPaths.all_view_paths.flat_map(&:paths)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
data/lib/action_view/context.rb
CHANGED
@@ -1,10 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module ActionView
|
4
|
-
module CompiledTemplates #:nodoc:
|
5
|
-
# holds compiled template code
|
6
|
-
end
|
7
|
-
|
8
4
|
# = Action View Context
|
9
5
|
#
|
10
6
|
# Action View contexts are supplied to Action Controller to render a template.
|
@@ -16,7 +12,6 @@ module ActionView
|
|
16
12
|
# object that includes this module (although you can call _prepare_context
|
17
13
|
# defined below).
|
18
14
|
module Context
|
19
|
-
include CompiledTemplates
|
20
15
|
attr_accessor :output_buffer, :view_flow
|
21
16
|
|
22
17
|
# Prepares the context by setting the appropriate instance variables.
|
data/lib/action_view/digestor.rb
CHANGED
@@ -6,23 +6,18 @@ module ActionView
|
|
6
6
|
class Digestor
|
7
7
|
@@digest_mutex = Mutex.new
|
8
8
|
|
9
|
-
module PerExecutionDigestCacheExpiry
|
10
|
-
def self.before(target)
|
11
|
-
ActionView::LookupContext::DetailsKey.clear
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
9
|
class << self
|
16
10
|
# Supported options:
|
17
11
|
#
|
18
|
-
# * <tt>name</tt>
|
19
|
-
# * <tt>
|
20
|
-
# * <tt>
|
21
|
-
|
12
|
+
# * <tt>name</tt> - Template name
|
13
|
+
# * <tt>format</tt> - Template format
|
14
|
+
# * <tt>finder</tt> - An instance of <tt>ActionView::LookupContext</tt>
|
15
|
+
# * <tt>dependencies</tt> - An array of dependent views
|
16
|
+
def digest(name:, format: nil, finder:, dependencies: nil)
|
22
17
|
if dependencies.nil? || dependencies.empty?
|
23
|
-
cache_key = "#{name}.#{
|
18
|
+
cache_key = "#{name}.#{format}"
|
24
19
|
else
|
25
|
-
cache_key = [ name,
|
20
|
+
cache_key = [ name, format, dependencies ].flatten.compact.join(".")
|
26
21
|
end
|
27
22
|
|
28
23
|
# this is a correctly done double-checked locking idiom
|
@@ -48,8 +43,6 @@ module ActionView
|
|
48
43
|
logical_name = name.gsub(%r|/_|, "/")
|
49
44
|
|
50
45
|
if template = find_template(finder, logical_name, [], partial, [])
|
51
|
-
finder.rendered_format ||= template.formats.first
|
52
|
-
|
53
46
|
if node = seen[template.identifier] # handle cycles in the tree
|
54
47
|
node
|
55
48
|
else
|
@@ -73,9 +66,7 @@ module ActionView
|
|
73
66
|
private
|
74
67
|
def find_template(finder, name, prefixes, partial, keys)
|
75
68
|
finder.disable_cache do
|
76
|
-
|
77
|
-
result = finder.find_all(name, prefixes, partial, keys, formats: [format]).first if format
|
78
|
-
result || finder.find_all(name, prefixes, partial, keys).first
|
69
|
+
finder.find_all(name, prefixes, partial, keys).first
|
79
70
|
end
|
80
71
|
end
|
81
72
|
end
|