actionview 6.0.5.1 → 6.1.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ae06527b9554d55d60951ace58d19621b78d4504a38d85f1611ee1a9159e6e8
-  data.tar.gz: 7739ec7a12cd620ea5334f5f730b875b1d1521e7c9983a4f22ad499840059164
+  metadata.gz: c6501d14d3ded1b369986260419c6aee627f1b7799b3c3c4218873bfe8d4b479
+  data.tar.gz: 989267ee82dfffffb28da4b86b9eb462dd4e0bd3d379763b6b1e263ff29739b1
 SHA512:
-  metadata.gz: b73a0f76f4aea630ef0cd80b18aaec8907842b351d3eca8a72ed256807774fe45af4ef71de6111f0fb7a655e36cd7a086de45d6f8f0ef4af7a63951f9e9eb748
-  data.tar.gz: 29e9ed9c4903f6d712e4b1a12d7e8f6c49d6bc4de6a9ae877605757f159ea20b72a1db3c60c528520102674bc3cf8e48d0a50dd88007cc4b67c423c1fb1caaa7
+  metadata.gz: 0604fd5bb813f716bff94d3ac476ad3a466b8ea6e02e022b4ee29cf5f3a0389ec70f50fc532e37a857307b2180e69d0db2c0c42abcf603677789df8b44acad0f
+  data.tar.gz: 54f5d17012d6817bd687d80dff5bd36ffff2ea6fc8461ac2e81fde65a73dea829a076351ff812516f80869ae0dbda5eda4d8181b731bfd31ae92b56cca03ab53

data/CHANGELOG.md

@@ -1,423 +1,260 @@
-## Rails 6.0.5.1 (July 12, 2022) ##
+## Rails 6.1.0.rc1 (November 02, 2020) ##
 
-*   No changes.
+*   Yield translated strings to calls of `ActionView::FormBuilder#button`
+    when a block is given.
 
+    *Sean Doyle*
 
-## Rails 6.0.5 (May 09, 2022) ##
+*   Alias `ActionView::Helpers::Tags::Label::LabelBuilder#translation` to
+    `#to_s` so that `form.label` calls can yield that value to their blocks.
 
-*   No changes.
+    *Sean Doyle*
 
+*   Rename the new `TagHelper#class_names` method to `TagHelper#token_list`,
+    and make the original available as an alias.
 
-## Rails 6.0.4.8 (April 26, 2022) ##
+        token_list("foo", "foo bar")
+        # => "foo bar"
 
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
+    *Sean Doyle*
 
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
+*   ARIA Array and Hash attributes are treated as space separated `DOMTokenList`
+    values. This is useful when declaring lists of label text identifiers in
+    `aria-labelledby` or `aria-describedby`.
 
-    *Álvaro Martín Fraguas*
-
-
-## Rails 6.0.4.7 (March 08, 2022) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.6 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.5 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.4 (December 15, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.3 (December 14, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.2 (December 14, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4.1 (August 19, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.4 (June 15, 2021) ##
-
-*   SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
-    call safe_list_sanitizer's class method
-
-    Fixes #39586
-
-    *Taufiq Muhammadi*
-
-
-## Rails 6.0.3.7 (May 05, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.6 (March 26, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.5 (February 10, 2021) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.4 (October 07, 2020) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.3 (September 09, 2020) ##
-
-*   [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
-
-    *Jonathan Hefner*
-
-
-## Rails 6.0.3.2 (June 17, 2020) ##
-
-*   No changes.
-
-
-## Rails 6.0.3.1 (May 18, 2020) ##
-
-*   [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
-
-
-## Rails 6.0.3 (May 06, 2020) ##
-
-*   annotated_source_code returns an empty array so TemplateErrors without a
-    template in the backtrace are surfaced properly by DebugExceptions.
-
-    *Guilherme Mansur*, *Kasper Timm Hansen*
-
-*   Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
-
-    *Guilherme Mansur*, *Gannon McGibbon*
-
-
-## Rails 6.0.2.2 (March 19, 2020) ##
-
-*   Fix possible XSS vector in escape_javascript helper
-
-    CVE-2020-5267
-
-    *Aaron Patterson*
-
-
-## Rails 6.0.2.1 (December 18, 2019) ##
-
-*   No changes.
-
-
-## Rails 6.0.2 (December 13, 2019) ##
-
-*   No changes.
-
-
-## Rails 6.0.1 (November 5, 2019) ##
-
-*   UJS avoids `Element.closest()` for IE 9 compatibility.
-
-    *George Claghorn*
-
-
-## Rails 6.0.0 (August 16, 2019) ##
-
-*   ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
-
-    *Juanito Fatas*
-
-
-## Rails 6.0.0.rc2 (July 22, 2019) ##
-
-*   Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
-
-    *Younes SERRAJ*
-
-
-## Rails 6.0.0.rc1 (April 24, 2019) ##
-
-*   Fix partial caching skips same item issue
-
-    If we render cached collection partials with repeated items, those repeated items
-    will get skipped. For example, if you have 5 identical items in your collection, Rails
-    only renders the first one when `cached` is set to true. But it should render all
-    5 items instead.
-
-    Fixes #35114.
-
-    *Stan Lo*
-
-*   Only clear ActionView cache in development on file changes
+        tag.input type: 'checkbox', name: 'published', aria: {
+          invalid: @post.errors[:published].any?,
+          labelledby: ['published_context', 'published_label'],
+          describedby: { published_errors: @post.errors[:published].any? }
+        }
+        #=> <input
+              type="checkbox" name="published" aria-invalid="true"
+              aria-labelledby="published_context published_label"
+              aria-describedby="published_errors"
+            >
 
-    To speed up development mode, view caches are only cleared when files in
-    the view paths have changed. Applications which have implemented custom
-    `ActionView::Resolver` subclasses may need to add their own cache clearing.
+    *Sean Doyle*
 
-    *John Hawthorn*
+*   Remove deprecated `escape_whitelist` from `ActionView::Template::Handlers::ERB`.
 
-*   Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
+    *Rafael Mendonça França*
 
-    *Edward Rudd*
+*   Remove deprecated `find_all_anywhere` from `ActionView::Resolver`.
 
-*   `ActionView::TemplateRender.render(file: )` now renders the file directly,
-    without using any handlers, using the new `Template::RawFile` class.
+    *Rafael Mendonça França*
 
-    *John Hawthorn*, *Cliff Pruitt*
+*   Remove deprecated `formats` from `ActionView::Template::HTML`.
 
+    *Rafael Mendonça França*
 
-## Rails 6.0.0.beta3 (March 11, 2019) ##
+*   Remove deprecated `formats` from `ActionView::Template::RawFile`.
 
-*   Only accept formats from registered mime types
+    *Rafael Mendonça França*
 
-    A lack of filtering on mime types could allow an attacker to read
-    arbitrary files on the target server or to perform a denial of service
-    attack.
+*   Remove deprecated `formats` from `ActionView::Template::Text`.
 
-    Fixes CVE-2019-5418
-    Fixes CVE-2019-5419
+    *Rafael Mendonça França*
 
-    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
+*   Remove deprecated `find_file` from `ActionView::PathSet`.
 
+    *Rafael Mendonça França*
 
-## Rails 6.0.0.beta2 (February 25, 2019) ##
+*   Remove deprecated `rendered_format` from `ActionView::LookupContext`.
 
-*   `ActionView::Template.finalize_compiled_template_methods` is deprecated with
-    no replacement.
+    *Rafael Mendonça França*
 
-    *tenderlove*
+*   Remove deprecated `find_file` from `ActionView::ViewPaths`.
 
-*   `config.action_view.finalize_compiled_template_methods` is deprecated with
-    no replacement.
+    *Rafael Mendonça França*
 
-    *tenderlove*
+*   Require that `ActionView::Base` subclasses implement `#compiled_method_container`.
 
-*   Ensure unique DOM IDs for collection inputs with float values.
+    *Rafael Mendonça França*
 
-    Fixes #34974.
+*   Remove deprecated support to pass an object that is not a `ActionView::LookupContext` as the first argument
+    in `ActionView::Base#initialize`.
 
-    *Mark Edmondson*
+    *Rafael Mendonça França*
 
-*   Single arity template handlers are deprecated.  Template handlers must
-    now accept two parameters, the view object and the source for the view object.
+*   Remove deprecated `format` argument `ActionView::Base#initialize`.
 
-    *tenderlove*
+    *Rafael Mendonça França*
 
+*   Remove deprecated `ActionView::Template#refresh`.
 
-## Rails 6.0.0.beta1 (January 18, 2019) ##
+    *Rafael Mendonça França*
 
-*   [Rename npm package](https://github.com/rails/rails/pull/34905) from
-    [`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
-    [`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
+*   Remove deprecated `ActionView::Template#original_encoding`.
 
-    *Javan Makhmali*
+    *Rafael Mendonça França*
 
-*   Remove deprecated `image_alt` helper.
+*   Remove deprecated `ActionView::Template#variants`.
 
     *Rafael Mendonça França*
 
-*   Fix the need of `#protect_against_forgery?` method defined in
-    `ActionView::Base` subclasses. This prevents the use of forms and buttons.
+*   Remove deprecated `ActionView::Template#formats`.
 
-    *Genadi Samokovarov*
-
-*   Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
+    *Rafael Mendonça França*
 
-    Fixes #33889.
+*   Remove deprecated `ActionView::Template#virtual_path=`.
 
-    *Wolfgang Hobmaier*
+    *Rafael Mendonça França*
 
-*   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
-    Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
-    For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
+*   Remove deprecated `ActionView::Template#updated_at`.
 
-    ```
-    <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
-    ```
+    *Rafael Mendonça França*
 
-    Fixes #34541.
+*   Remove deprecated `updated_at` argument required on `ActionView::Template#initialize`.
 
-    *Wolfgang Hobmaier*
+    *Rafael Mendonça França*
 
-*   Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
+*   Make `locals` argument required on `ActionView::Template#initialize`.
 
-    For example, given input like this:
+    *Rafael Mendonça França*
 
-    ```
-        This is a paragraph with an initial indent,
-    followed by additional lines that are not indented,
-    and finally terminated with a blockquote:
-      "A pithy saying"
-    ```
+*   Remove deprecated `ActionView::Template.finalize_compiled_template_methods`.
 
-    Calling `word_wrap` should not trim the indents on the first and last lines.
+    *Rafael Mendonça França*
 
-    Fixes #34487.
+*   Remove deprecated `config.action_view.finalize_compiled_template_methods`
 
-    *Lyle Mullican*
+    *Rafael Mendonça França*
 
-*   Add allocations to template rendering instrumentation.
+*   Remove deprecated support to calling `ActionView::ViewPaths#with_fallback` with a block.
 
-    Adds the allocations for template and partial rendering to the server output on render.
+    *Rafael Mendonça França*
 
-    ```
-      Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
-      Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
-    Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
-    ```
+*   Remove deprecated support to passing absolute paths to `render template:`.
 
-    *Eileen M. Uchitelle*, *Aaron Patterson*
+    *Rafael Mendonça França*
 
-*   Respect the `only_path` option passed to `url_for` when the options are passed in as an array
+*   Remove deprecated support to passing relative paths to `render file:`.
 
-    Fixes #33237.
+    *Rafael Mendonça França*
 
-    *Joel Ambass*
+*   Remove support to template handlers that don't accept two arguments.
 
-*   Deprecate calling private model methods from view helpers.
+    *Rafael Mendonça França*
 
-    For example, in methods like `options_from_collection_for_select`
-    and `collection_select` it is possible to call private methods from
-    the objects used.
+*   Remove deprecated pattern argument in `ActionView::Template::PathResolver`.
 
-    Fixes #33546.
+    *Rafael Mendonça França*
 
-    *Ana María Martínez Gómez*
+*   Remove deprecated support to call private methods from object in some view helpers.
 
-*   Fix issue with `button_to`'s `to_form_params`
+    *Rafael Mendonça França*
 
-    `button_to` was throwing exception when invoked with `params` hash that
-    contains symbol and string keys. The reason for the exception was that
-    `to_form_params` was comparing the given symbol and string keys.
+*   `ActionView::Helpers::TranslationHelper#translate` accepts a block, yielding
+    the translated text and the fully resolved translation key:
 
-    The issue is fixed by turning all keys to strings inside
-    `to_form_params` before comparing them.
+        <%= translate(".relative_key") do |translation, resolved_key| %>
+          <span title="<%= resolved_key %>"><%= translation %></span>
+        <% end %>
 
-    *Georgi Georgiev*
+    *Sean Doyle*
 
-*   Mark arrays of translations as trusted safe by using the `_html` suffix.
+*   Ensure cache fragment digests include all relevant template dependencies when
+    fragments are contained in a block passed to the render helper. Remove the
+    virtual_path keyword arguments found in CacheHelper as they no longer possess
+    any function following 1581cab.
 
-    Example:
+    Fixes #38984.
 
-        en:
-          foo_html:
-            - "One"
-            - "<strong>Two</strong>"
-            - "Three &#128075; &#128578;"
+    *Aaron Lipman*
 
-    *Juan Broullon*
+*   Deprecate `config.action_view.raise_on_missing_translations` in favor of
+    `config.i18n.raise_on_missing_translations`.
 
-*   Add `year_format` option to date_select tag. This option makes it possible to customize year
-    names. Lambda should be passed to use this option.
+    New generalized configuration option now determines whether an error should be raised
+    for missing translations in controllers and views.
 
-    Example:
+    *fatkodima*
 
-        date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
+*   Instrument layout rendering in `TemplateRenderer#render_with_layout` as `render_layout.action_view`,
+    and include (when necessary) the layout's virtual path in notification payloads for collection and partial renders.
 
-    The HTML produced:
+    *Zach Kemp*
 
-        <select id="user_birthday__1i" name="user_birthday[(1i)]">
-        <option value="1998">Heisei 10</option>
-        <option value="1999">Heisei 11</option>
-        <option value="2000">Heisei 12</option>
-        </select>
-        /* The rest is omitted */
+*   `ActionView::Base.annotate_rendered_view_with_filenames` annotates HTML output with template file names.
 
-    *Koki Ryu*
+    *Joel Hawksley*, *Aaron Patterson*
 
-*   Fix JavaScript views rendering does not work with Firefox when using
-    Content Security Policy.
+*   `ActionView::Helpers::TranslationHelper#translate` returns nil when
+    passed `default: nil` without a translation matching `I18n#translate`.
 
-    Fixes #32577.
+    *Stefan Wrobel*
 
-    *Yuji Yaginuma*
+*   `OptimizedFileSystemResolver` prefers template details in order of locale,
+    formats, variants, handlers.
 
-*   Add the `nonce: true` option for `javascript_include_tag` helper to
-    support automatic nonce generation for Content Security Policy.
-    Works the same way as `javascript_tag nonce: true` does.
+    *Iago Pimenta*
 
-    *Yaroslav Markin*
+*   Added `class_names` helper to create a CSS class value with conditional classes.
 
-*   Remove `ActionView::Helpers::RecordTagHelper`.
+    *Joel Hawksley*, *Aaron Patterson*
 
-    *Yoshiyuki Hirano*
+*   Add support for conditional values to TagBuilder.
 
-*   Disable `ActionView::Template` finalizers in test environment.
+    *Joel Hawksley*
 
-    Template finalization can be expensive in large view test suites.
-    Add a configuration option,
-    `action_view.finalize_compiled_template_methods`, and turn it off in
-    the test environment.
+*   `ActionView::Helpers::FormOptionsHelper#select` should mark option for `nil` as selected.
 
-    *Simon Coffey*
+    ```ruby
+    @post = Post.new
+    @post.category = nil
 
-*   Extract the `confirm` call in its own, overridable method in `rails_ujs`.
+    # Before
+    select("post", "category", none: nil, programming: 1, economics: 2)
+    # =>
+    # <select name="post[category]" id="post_category">
+    #   <option value="">none</option>
+    #  <option value="1">programming</option>
+    #  <option value="2">economics</option>
+    # </select>
 
-    Example:
+    # After
+    select("post", "category", none: nil, programming: 1, economics: 2)
+    # =>
+    # <select name="post[category]" id="post_category">
+    #   <option selected="selected" value="">none</option>
+    #  <option value="1">programming</option>
+    #  <option value="2">economics</option>
+    # </select>
+    ```
 
-        Rails.confirm = function(message, element) {
-          return (my_bootstrap_modal_confirm(message));
-        }
+    *bogdanvlviv*
 
-    *Mathieu Mahé*
+*   Log lines for partial renders and started template renders are now
+    emitted at the `DEBUG` level instead of `INFO`.
 
-*   Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
-    field.
+    Completed template renders are still logged at the `INFO` level.
 
-    Example:
+    *DHH*
 
-        select :post,
-               :category,
-               ["lifestyle", "programming", "spiritual"],
-               { selected: "", disabled: "", prompt: "Choose one" },
-               { required: true }
+*   ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
 
-    Placeholder option would be selected and disabled.
+    *Juanito Fatas*
 
-    The HTML produced:
+*   Added `phone_to` helper method to create a link from mobile numbers.
 
-        <select required="required" name="post[category]" id="post_category">
-        <option disabled="disabled" selected="selected" value="">Choose one</option>
-        <option value="lifestyle">lifestyle</option>
-        <option value="programming">programming</option>
-        <option value="spiritual">spiritual</option></select>
+    *Pietro Moro*
 
-    *Sergey Prikhodko*
+*   annotated_source_code returns an empty array so TemplateErrors without a
+    template in the backtrace are surfaced properly by DebugExceptions.
 
-*   Don't enforce UTF-8 by default.
+    *Guilherme Mansur*, *Kasper Timm Hansen*
 
-    With the disabling of TLS 1.0 by most major websites, continuing to run
-    IE8 or lower becomes increasingly difficult so default to not enforcing
-    UTF-8 encoding as it's not relevant to other browsers.
+*   Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
 
-    *Andrew White*
+    *Guilherme Mansur*, *Gannon McGibbon*
 
-*   Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
+*   `RenderingHelper` supports rendering objects that `respond_to?` `:render_in`.
 
-    *Rui Onodera*
+    *Joel Hawksley*, *Natasha Umer*, *Aaron Patterson*, *Shawn Allen*, *Emily Plummer*, *Diana Mounter*, *John Hawthorn*, *Nathan Herald*, *Zaid Zawaideh*, *Zach Ahn*
 
-*   Rails 6 requires Ruby 2.5.0 or newer.
+*   Fix `select_tag` so that it doesn't change `options` when `include_blank` is present.
 
-    *Jeremy Daer*, *Kasper Timm Hansen*
+    *Younes SERRAJ*
 
 
-Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2019 David Heinemeier Hansson
+Copyright (c) 2004-2020 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -15,7 +15,7 @@ The latest version of Action View can be installed with RubyGems:
 
 Source code can be downloaded as part of the Rails project on GitHub:
 
-* https://github.com/rails/rails/tree/main/actionview
+* https://github.com/rails/rails/tree/master/actionview
 
 
 == License