actionview 6.0.0.rc2 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/action_view/digestor.rb +5 -4
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/helpers/form_options_helper.rb +4 -3
- data/lib/action_view/helpers/sanitize_helper.rb +10 -16
- data/lib/action_view/renderer/partial_renderer.rb +0 -3
- data/lib/action_view/testing/resolvers.rb +25 -13
- data/lib/assets/compiled/rails-ujs.js +3 -0
- metadata +16 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '09307c25b4aca33f07c78f0eb2b2e1dcb83316272272340495d9bdb71200b66c'
|
4
|
+
data.tar.gz: c721b0700848cd657d418b9369ce575abfc12205e764cbdd04aa4f23320b80be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: acd68ab05735381289baf92c2895b30dc73b8e25e36ea9b5496104e66d46d630e352785750518404da5c71cade47b8987effe98fcc7e35d6d108dfba51bb2b4f
|
7
|
+
data.tar.gz: d6e8f0d10ff2d4048c7ad3469584153f6faf284853b7f1afd191dbd3b3b469295855655c5ac59b986c52a894a7c774d11f0a09e747a492ad6d3b0e5edfb0bf27
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
## Rails 6.0.0 (August 16, 2019) ##
|
2
|
+
|
3
|
+
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
|
4
|
+
|
5
|
+
*Juanito Fatas*
|
6
|
+
|
7
|
+
|
1
8
|
## Rails 6.0.0.rc2 (July 22, 2019) ##
|
2
9
|
|
3
10
|
* Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
|
data/lib/action_view/digestor.rb
CHANGED
@@ -9,10 +9,11 @@ module ActionView
|
|
9
9
|
class << self
|
10
10
|
# Supported options:
|
11
11
|
#
|
12
|
-
# * <tt>name</tt>
|
13
|
-
# * <tt>
|
14
|
-
# * <tt>
|
15
|
-
|
12
|
+
# * <tt>name</tt> - Template name
|
13
|
+
# * <tt>format</tt> - Template format
|
14
|
+
# * <tt>finder</tt> - An instance of <tt>ActionView::LookupContext</tt>
|
15
|
+
# * <tt>dependencies</tt> - An array of dependent views
|
16
|
+
def digest(name:, format: nil, finder:, dependencies: nil)
|
16
17
|
if dependencies.nil? || dependencies.empty?
|
17
18
|
cache_key = "#{name}.#{format}"
|
18
19
|
else
|
@@ -566,9 +566,10 @@ module ActionView
|
|
566
566
|
# an ActiveSupport::TimeZone.
|
567
567
|
#
|
568
568
|
# By default, +model+ is the ActiveSupport::TimeZone constant (which can
|
569
|
-
# be obtained in Active Record as a value object). The
|
570
|
-
#
|
571
|
-
#
|
569
|
+
# be obtained in Active Record as a value object). The +model+ parameter
|
570
|
+
# must respond to +all+ and return an array of objects that represent time
|
571
|
+
# zones; each object must respond to +name+. If a Regexp is given it will
|
572
|
+
# attempt to match the zones using the <code>=~<code> operator.
|
572
573
|
#
|
573
574
|
# NOTE: Only the option tags are returned, you have to wrap this call in
|
574
575
|
# a regular HTML select tag.
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "active_support/core_ext/object/try"
|
4
3
|
require "rails-html-sanitizer"
|
5
4
|
|
6
5
|
module ActionView
|
@@ -17,7 +16,7 @@ module ActionView
|
|
17
16
|
# ASCII, and hex character references to work around these protocol filters.
|
18
17
|
# All special characters will be escaped.
|
19
18
|
#
|
20
|
-
# The default sanitizer is Rails::Html::
|
19
|
+
# The default sanitizer is Rails::Html::SafeListSanitizer. See {Rails HTML
|
21
20
|
# Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information.
|
22
21
|
#
|
23
22
|
# Custom sanitization rules can also be provided.
|
@@ -80,12 +79,12 @@ module ActionView
|
|
80
79
|
# config.action_view.sanitized_allowed_tags = ['strong', 'em', 'a']
|
81
80
|
# config.action_view.sanitized_allowed_attributes = ['href', 'title']
|
82
81
|
def sanitize(html, options = {})
|
83
|
-
self.class.
|
82
|
+
self.class.safe_list_sanitizer.sanitize(html, options)&.html_safe
|
84
83
|
end
|
85
84
|
|
86
85
|
# Sanitizes a block of CSS code. Used by +sanitize+ when it comes across a style attribute.
|
87
86
|
def sanitize_css(style)
|
88
|
-
self.class.
|
87
|
+
self.class.safe_list_sanitizer.sanitize_css(style)
|
89
88
|
end
|
90
89
|
|
91
90
|
# Strips all HTML tags from +html+, including comments and special characters.
|
@@ -123,20 +122,18 @@ module ActionView
|
|
123
122
|
end
|
124
123
|
|
125
124
|
module ClassMethods #:nodoc:
|
126
|
-
attr_writer :full_sanitizer, :link_sanitizer, :
|
125
|
+
attr_writer :full_sanitizer, :link_sanitizer, :safe_list_sanitizer
|
127
126
|
|
128
|
-
# Vendors the full, link and white list sanitizers.
|
129
|
-
# Provided strictly for compatibility and can be removed in Rails 6.
|
130
127
|
def sanitizer_vendor
|
131
128
|
Rails::Html::Sanitizer
|
132
129
|
end
|
133
130
|
|
134
131
|
def sanitized_allowed_tags
|
135
|
-
|
132
|
+
safe_list_sanitizer.allowed_tags
|
136
133
|
end
|
137
134
|
|
138
135
|
def sanitized_allowed_attributes
|
139
|
-
|
136
|
+
safe_list_sanitizer.allowed_attributes
|
140
137
|
end
|
141
138
|
|
142
139
|
# Gets the Rails::Html::FullSanitizer instance used by +strip_tags+. Replace with
|
@@ -145,7 +142,6 @@ module ActionView
|
|
145
142
|
# class Application < Rails::Application
|
146
143
|
# config.action_view.full_sanitizer = MySpecialSanitizer.new
|
147
144
|
# end
|
148
|
-
#
|
149
145
|
def full_sanitizer
|
150
146
|
@full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
|
151
147
|
end
|
@@ -156,20 +152,18 @@ module ActionView
|
|
156
152
|
# class Application < Rails::Application
|
157
153
|
# config.action_view.link_sanitizer = MySpecialSanitizer.new
|
158
154
|
# end
|
159
|
-
#
|
160
155
|
def link_sanitizer
|
161
156
|
@link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
|
162
157
|
end
|
163
158
|
|
164
|
-
# Gets the Rails::Html::
|
159
|
+
# Gets the Rails::Html::SafeListSanitizer instance used by sanitize and +sanitize_css+.
|
165
160
|
# Replace with any object that responds to +sanitize+.
|
166
161
|
#
|
167
162
|
# class Application < Rails::Application
|
168
|
-
# config.action_view.
|
163
|
+
# config.action_view.safe_list_sanitizer = MySpecialSanitizer.new
|
169
164
|
# end
|
170
|
-
|
171
|
-
|
172
|
-
@white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new
|
165
|
+
def safe_list_sanitizer
|
166
|
+
@safe_list_sanitizer ||= sanitizer_vendor.safe_list_sanitizer.new
|
173
167
|
end
|
174
168
|
end
|
175
169
|
end
|
@@ -105,9 +105,6 @@ module ActionView
|
|
105
105
|
#
|
106
106
|
# <%= render(partial: "ad", collection: @advertisements) || "There's no ad to be displayed" %>
|
107
107
|
#
|
108
|
-
# NOTE: Due to backwards compatibility concerns, the collection can't be one of hashes. Normally you'd also
|
109
|
-
# just keep domain objects, like Active Records, in there.
|
110
|
-
#
|
111
108
|
# == \Rendering shared partials
|
112
109
|
#
|
113
110
|
# Two controllers can share a set of partials and render them like this:
|
@@ -7,10 +7,15 @@ module ActionView #:nodoc:
|
|
7
7
|
# file system. This is used internally by Rails' own test suite, and is
|
8
8
|
# useful for testing extensions that have no way of knowing what the file
|
9
9
|
# system will look like at runtime.
|
10
|
-
class FixtureResolver <
|
10
|
+
class FixtureResolver < OptimizedFileSystemResolver
|
11
11
|
def initialize(hash = {}, pattern = nil)
|
12
|
-
super(
|
12
|
+
super("")
|
13
|
+
if pattern
|
14
|
+
ActiveSupport::Deprecation.warn "Specifying a custom path for #{self.class} is deprecated. Implement a custom Resolver subclass instead."
|
15
|
+
@pattern = pattern
|
16
|
+
end
|
13
17
|
@hash = hash
|
18
|
+
@path = ""
|
14
19
|
end
|
15
20
|
|
16
21
|
def data
|
@@ -24,25 +29,32 @@ module ActionView #:nodoc:
|
|
24
29
|
private
|
25
30
|
|
26
31
|
def query(path, exts, _, locals, cache:)
|
27
|
-
|
28
|
-
EXTENSIONS.each do |ext, prefix|
|
29
|
-
query << "(" << exts[ext].map { |e| e && Regexp.escape("#{prefix}#{e}") }.join("|") << "|)"
|
30
|
-
end
|
31
|
-
query = /^(#{Regexp.escape(path)})#{query}$/
|
32
|
+
regex = build_regex(path, exts)
|
32
33
|
|
33
|
-
|
34
|
-
|
35
|
-
|
34
|
+
@hash.select do |_path, _|
|
35
|
+
("/" + _path).match?(regex)
|
36
|
+
end.map do |_path, source|
|
36
37
|
handler, format, variant = extract_handler_and_format_and_variant(_path)
|
37
|
-
|
38
|
+
|
39
|
+
Template.new(source, _path, handler,
|
38
40
|
virtual_path: path.virtual,
|
39
41
|
format: format,
|
40
42
|
variant: variant,
|
41
43
|
locals: locals
|
42
44
|
)
|
45
|
+
end.sort_by do |t|
|
46
|
+
match = ("/" + t.identifier).match(regex)
|
47
|
+
EXTENSIONS.keys.reverse.map do |ext|
|
48
|
+
if ext == :variants && exts[ext] == :any
|
49
|
+
match[ext].nil? ? 0 : 1
|
50
|
+
elsif match[ext].nil?
|
51
|
+
exts[ext].length
|
52
|
+
else
|
53
|
+
found = match[ext].to_sym
|
54
|
+
exts[ext].index(found)
|
55
|
+
end
|
56
|
+
end
|
43
57
|
end
|
44
|
-
|
45
|
-
templates.sort_by { |t| -t.identifier.match(/^#{query}$/).captures.reject(&:blank?).size }
|
46
58
|
end
|
47
59
|
end
|
48
60
|
|
@@ -320,6 +320,9 @@ Released under the MIT license
|
|
320
320
|
if (!input.name || input.disabled) {
|
321
321
|
return;
|
322
322
|
}
|
323
|
+
if (input.closest('fieldset[disabled]')) {
|
324
|
+
return;
|
325
|
+
}
|
323
326
|
if (matches(input, 'select')) {
|
324
327
|
return toArray(input.options).forEach(function(option) {
|
325
328
|
if (option.selected) {
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionview
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.0
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 6.0.0
|
19
|
+
version: 6.0.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 6.0.0
|
26
|
+
version: 6.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: builder
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,20 +58,20 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '1.
|
61
|
+
version: '1.1'
|
62
62
|
- - ">="
|
63
63
|
- !ruby/object:Gem::Version
|
64
|
-
version: 1.0
|
64
|
+
version: 1.2.0
|
65
65
|
type: :runtime
|
66
66
|
prerelease: false
|
67
67
|
version_requirements: !ruby/object:Gem::Requirement
|
68
68
|
requirements:
|
69
69
|
- - "~>"
|
70
70
|
- !ruby/object:Gem::Version
|
71
|
-
version: '1.
|
71
|
+
version: '1.1'
|
72
72
|
- - ">="
|
73
73
|
- !ruby/object:Gem::Version
|
74
|
-
version: 1.0
|
74
|
+
version: 1.2.0
|
75
75
|
- !ruby/object:Gem::Dependency
|
76
76
|
name: rails-dom-testing
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -92,28 +92,28 @@ dependencies:
|
|
92
92
|
requirements:
|
93
93
|
- - '='
|
94
94
|
- !ruby/object:Gem::Version
|
95
|
-
version: 6.0.0
|
95
|
+
version: 6.0.0
|
96
96
|
type: :development
|
97
97
|
prerelease: false
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
99
99
|
requirements:
|
100
100
|
- - '='
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: 6.0.0
|
102
|
+
version: 6.0.0
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: activemodel
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
106
106
|
requirements:
|
107
107
|
- - '='
|
108
108
|
- !ruby/object:Gem::Version
|
109
|
-
version: 6.0.0
|
109
|
+
version: 6.0.0
|
110
110
|
type: :development
|
111
111
|
prerelease: false
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
113
113
|
requirements:
|
114
114
|
- - '='
|
115
115
|
- !ruby/object:Gem::Version
|
116
|
-
version: 6.0.0
|
116
|
+
version: 6.0.0
|
117
117
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
118
118
|
email: david@loudthinking.com
|
119
119
|
executables: []
|
@@ -235,8 +235,8 @@ homepage: https://rubyonrails.org
|
|
235
235
|
licenses:
|
236
236
|
- MIT
|
237
237
|
metadata:
|
238
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.0.0
|
239
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.0.0
|
238
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.0.0/actionview
|
239
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.0.0/actionview/CHANGELOG.md
|
240
240
|
post_install_message:
|
241
241
|
rdoc_options: []
|
242
242
|
require_paths:
|
@@ -248,9 +248,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
248
248
|
version: 2.5.0
|
249
249
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
250
250
|
requirements:
|
251
|
-
- - "
|
251
|
+
- - ">="
|
252
252
|
- !ruby/object:Gem::Version
|
253
|
-
version:
|
253
|
+
version: '0'
|
254
254
|
requirements:
|
255
255
|
- none
|
256
256
|
rubygems_version: 3.0.1
|