actionview 6.1.0.rc2 → 6.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 562e430d06a88bfaa7ebf87316f486b7ed0031ac41feec1e6e4eb0c69578216c
-  data.tar.gz: a19b3a1d9e524cdc1a9714f94891ff8b6f5eb296c14f2e4e662c2b232fecba24
+  metadata.gz: 0e360541fbfb56762e0dac78816c97dce20ba6d432b5b6375610469b24cc8862
+  data.tar.gz: 39bf5abef640b296fff2768d6ecc2042b9b267cc1532de093eeebde49eef5251
 SHA512:
-  metadata.gz: afde04e25e22d1b1dc999322969b96b52b361823dafc75f5c257a001704bd4a8be0d16c6fdf501c2888aeaa87da11bbebeb9b7daf917f719fb565bfa9646479d
-  data.tar.gz: 98fc45cbfce87e37456f5e3eacf7c53b7d3fb89cc05b44d335b7202128fe444e3a17ce69bdc3f0de0aa10bc6e73dbc56e5241694a895f5fbac635292adde4aae
+  metadata.gz: 4b26681dfbda3d9f9f2641ee5ba5d7c5bef8f7036fd2d22aa5b1900f4ce1a6217db7b304fa200b6380b9a3ebc3b99cff8e7645d9f60ecd14d081485d90fda79d
+  data.tar.gz: afb4e325e40416b669cd98ec1f8db60dddec57f14a0c029730191fcac755e38775bc309e68df047baea51796ea0675aa36c47df1c8c1362fc1a169d18254e55f

data/CHANGELOG.md

@@ -1,4 +1,52 @@
-## Rails 6.1.0.rc2 (December 01, 2020) ##
+## Rails 6.1.3 (February 17, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.2.1 (February 10, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.2 (February 09, 2021) ##
+
+*   No changes.
+
+
+## Rails 6.1.1 (January 07, 2021) ##
+
+*   Fix lazy translation in partial with block.
+
+    *Marek Kasztelnik*
+
+*   Avoid extra `SELECT COUNT` queries when rendering Active Record collections.
+
+    *aar0nr*
+
+*   Link preloading keep integrity hashes in the header.
+
+    *Étienne Barrié*
+
+*   Add `config.action_view.preload_links_header` to allow disabling of
+    the `Link` header being added by default when using `stylesheet_link_tag`
+    and `javascript_include_tag`.
+
+    *Andrew White*
+
+*   The `translate` helper now resolves `default` values when a `nil` key is
+    specified, instead of always returning `nil`.
+
+    *Jonathan Hefner*
+
+
+## Rails 6.1.0 (December 09, 2020) ##
+
+*   SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
+    call safe_list_sanitizer's class method
+
+    Fixes #39586
+
+    *Taufiq Muhammadi*
 
 *   Change form_with to generate non-remote forms by default.
 
@@ -11,9 +59,6 @@
 
     *Petrik de Heus*
 
-
-## Rails 6.1.0.rc1 (November 02, 2020) ##
-
 *   Yield translated strings to calls of `ActionView::FormBuilder#button`
     when a block is given.
 

data/README.rdoc

@@ -15,7 +15,7 @@ The latest version of Action View can be installed with RubyGems:
 
 Source code can be downloaded as part of the Rails project on GitHub:
 
-* https://github.com/rails/rails/tree/master/actionview
+* https://github.com/rails/rails/tree/main/actionview
 
 
 == License

data/lib/action_view/base.rb

@@ -241,12 +241,12 @@ module ActionView #:nodoc:
     end
 
     def _run(method, template, locals, buffer, add_to_stack: true, &block)
-      _old_output_buffer, _old_template = @output_buffer, @current_template
+      _old_output_buffer, _old_virtual_path, _old_template = @output_buffer, @virtual_path, @current_template
       @current_template = template if add_to_stack
       @output_buffer = buffer
       public_send(method, locals, buffer, &block)
     ensure
-      @output_buffer, @current_template = _old_output_buffer, _old_template
+      @output_buffer, @virtual_path, @current_template = _old_output_buffer, _old_virtual_path, _old_template
     end
 
     def compiled_method_container

data/lib/action_view/context.rb

@@ -18,6 +18,7 @@ module ActionView
     def _prepare_context
       @view_flow     = OutputFlow.new
       @output_buffer = nil
+      @virtual_path  = nil
     end
 
     # Encapsulates the interaction with the view flow so it

data/lib/action_view/gem_version.rb

@@ -9,8 +9,8 @@ module ActionView
   module VERSION
     MAJOR = 6
     MINOR = 1
-    TINY  = 0
-    PRE   = "rc2"
+    TINY  = 3
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -23,6 +23,8 @@ module ActionView
       include AssetUrlHelper
       include TagHelper
 
+      mattr_accessor :preload_links_header
+
       # Returns an HTML script tag for each of the +sources+ provided.
       #
       # Sources may be paths to JavaScript files. Relative paths are assumed to be relative
@@ -90,12 +92,14 @@ module ActionView
         nopush = options["nopush"].nil? ? true : options.delete("nopush")
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
+        integrity = options["integrity"]
 
         sources_tags = sources.uniq.map { |source|
           href = path_to_javascript(source, path_options)
-          unless options["defer"]
+          if preload_links_header && !options["defer"]
             preload_link = "<#{href}>; rel=preload; as=script"
             preload_link += "; crossorigin=#{crossorigin}" unless crossorigin.nil?
+            preload_link += "; integrity=#{integrity}" unless integrity.nil?
             preload_link += "; nopush" if nopush
             preload_links << preload_link
           end
@@ -109,7 +113,9 @@ module ActionView
           content_tag("script", "", tag_options)
         }.join("\n").html_safe
 
-        send_preload_links_header(preload_links)
+        if preload_links_header
+          send_preload_links_header(preload_links)
+        end
 
         sources_tags
       end
@@ -149,13 +155,17 @@ module ActionView
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
         nopush = options["nopush"].nil? ? true : options.delete("nopush")
+        integrity = options["integrity"]
 
         sources_tags = sources.uniq.map { |source|
           href = path_to_stylesheet(source, path_options)
-          preload_link = "<#{href}>; rel=preload; as=style"
-          preload_link += "; crossorigin=#{crossorigin}" unless crossorigin.nil?
-          preload_link += "; nopush" if nopush
-          preload_links << preload_link
+          if preload_links_header
+            preload_link = "<#{href}>; rel=preload; as=style"
+            preload_link += "; crossorigin=#{crossorigin}" unless crossorigin.nil?
+            preload_link += "; integrity=#{integrity}" unless integrity.nil?
+            preload_link += "; nopush" if nopush
+            preload_links << preload_link
+          end
           tag_options = {
             "rel" => "stylesheet",
             "media" => "screen",
@@ -165,7 +175,9 @@ module ActionView
           tag(:link, tag_options)
         }.join("\n").html_safe
 
-        send_preload_links_header(preload_links)
+        if preload_links_header
+          send_preload_links_header(preload_links)
+        end
 
         sources_tags
       end
@@ -256,6 +268,7 @@ module ActionView
       # * <tt>:as</tt>  - Override the auto-generated value for as attribute, calculated using +source+ extension and mime type.
       # * <tt>:crossorigin</tt>  - Specify the crossorigin attribute, required to load cross-origin resources.
       # * <tt>:nopush</tt>  - Specify if the use of server push is not desired for the resource. Defaults to +false+.
+      # * <tt>:integrity</tt> - Specify the integrity attribute.
       #
       # ==== Examples
       #
@@ -287,6 +300,7 @@ module ActionView
         as_type = options.delete(:as) || resolve_link_as(extname, mime_type)
         crossorigin = options.delete(:crossorigin)
         crossorigin = "anonymous" if crossorigin == true || (crossorigin.blank? && as_type == "font")
+        integrity = options[:integrity]
         nopush = options.delete(:nopush) || false
 
         link_tag = tag.link(**{
@@ -300,6 +314,7 @@ module ActionView
         preload_link = "<#{href}>; rel=preload; as=#{as_type}"
         preload_link += "; type=#{mime_type}" if mime_type
         preload_link += "; crossorigin=#{crossorigin}" if crossorigin
+        preload_link += "; integrity=#{integrity}" if integrity
         preload_link += "; nopush" if nopush
 
         send_preload_links_header([preload_link])

data/lib/action_view/helpers/asset_url_helper.rb

@@ -98,7 +98,7 @@ module ActionView
     # have SSL certificates for each of the asset hosts this technique allows you
     # to avoid warnings in the client about mixed media.
     # Note that the +request+ parameter might not be supplied, e.g. when the assets
-    # are precompiled with the command `bin/rails assets:precompile`. Make sure to use a
+    # are precompiled with the command <tt>bin/rails assets:precompile</tt>. Make sure to use a
     # +Proc+ instead of a lambda, since a +Proc+ allows missing parameters and sets them
     # to +nil+.
     #

data/lib/action_view/helpers/form_helper.rb

@@ -186,8 +186,7 @@ module ActionView
       #   get the authenticity token from the <tt>meta</tt> tag, so embedding is
       #   unnecessary unless you support browsers without JavaScript.
       # * <tt>:remote</tt> - If set to true, will allow the Unobtrusive
-      #   JavaScript drivers to control the submit behavior. By default this
-      #   behavior is an ajax submit.
+      #   JavaScript drivers to control the submit behavior.
       # * <tt>:enforce_utf8</tt> - If set to false, a hidden input with name
       #   utf8 is not output.
       # * <tt>:html</tt> - Optional HTML attributes for the form tag.
@@ -323,10 +322,8 @@ module ActionView
       #    remote: true
       #
       # in the options hash creates a form that will allow the unobtrusive JavaScript drivers to modify its
-      # behavior. The expected default behavior is an XMLHttpRequest in the background instead of the regular
-      # POST arrangement, but ultimately the behavior is the choice of the JavaScript driver implementor.
-      # Even though it's using JavaScript to serialize the form elements, the form submission will work just like
-      # a regular submission as viewed by the receiving side (all elements available in <tt>params</tt>).
+      # behavior. The form submission will work just like a regular submission as viewed by the receiving
+      # side (all elements available in <tt>params</tt>).
       #
       # Example:
       #
@@ -536,11 +533,6 @@ module ActionView
       # accessible as <tt>params[:title]</tt> and <tt>params[:post][:title]</tt>
       # respectively.
       #
-      # By default +form_with+ attaches the <tt>data-remote</tt> attribute
-      # submitting the form via an XMLHTTPRequest in the background if an
-      # Unobtrusive JavaScript driver, like rails-ujs, is used. See the
-      # <tt>:local</tt> option for more.
-      #
       # For ease of comparison the examples above left out the submit button,
       # as well as the auto generated hidden fields that enable UTF-8 support
       # and adds an authenticity token needed for cross site request forgery
@@ -612,8 +604,10 @@ module ActionView
       #   This is helpful when fragment-caching the form. Remote forms
       #   get the authenticity token from the <tt>meta</tt> tag, so embedding is
       #   unnecessary unless you support browsers without JavaScript.
-      # * <tt>:local</tt> - By default form submits are remote and unobtrusive XHRs.
-      #   Disable remote submits with <tt>local: true</tt>.
+      # * <tt>:local</tt> - By default form submits via typical HTTP requests.
+      #   Enable remote and unobtrusive XHRs submits with <tt>local: false</tt>.
+      #   Remote forms may be enabled by default by setting
+      #   <tt>config.action_view.form_with_generates_remote_forms = true</tt>.
       # * <tt>:skip_enforcing_utf8</tt> - If set to true, a hidden input with name
       #   utf8 is not output.
       # * <tt>:builder</tt> - Override the object used to build the form.

data/lib/action_view/helpers/form_tag_helper.rb

@@ -897,16 +897,15 @@ module ActionView
         end
 
         def set_default_disable_with(value, tag_options)
-          return unless ActionView::Base.automatically_disable_submit_tag
-          data = tag_options["data"]
+          data = tag_options.fetch("data", {})
 
-          unless tag_options["data-disable-with"] == false || (data && data["disable_with"] == false)
+          if tag_options["data-disable-with"] == false || data["disable_with"] == false
+            data.delete("disable_with")
+          elsif ActionView::Base.automatically_disable_submit_tag
             disable_with_text = tag_options["data-disable-with"]
-            disable_with_text ||= data["disable_with"] if data
+            disable_with_text ||= data["disable_with"]
             disable_with_text ||= value.to_s.clone
             tag_options.deep_merge!("data" => { "disable_with" => disable_with_text })
-          else
-            data.delete("disable_with") if data
           end
 
           tag_options.delete("data-disable-with")

data/lib/action_view/helpers/rendering_helper.rb

@@ -24,7 +24,7 @@ module ActionView
       #
       # If no <tt>options</tt> hash is passed or if <tt>:update</tt> is specified, then:
       #
-      # If an object responding to `render_in` is passed, `render_in` is called on the object,
+      # If an object responding to +render_in+ is passed, +render_in+ is called on the object,
       # passing in the current view context.
       #
       # Otherwise, a partial is rendered using the second parameter as the locals hash.

data/lib/action_view/helpers/sanitize_helper.rb

@@ -129,11 +129,11 @@ module ActionView
         end
 
         def sanitized_allowed_tags
-          safe_list_sanitizer.allowed_tags
+          sanitizer_vendor.safe_list_sanitizer.allowed_tags
         end
 
         def sanitized_allowed_attributes
-          safe_list_sanitizer.allowed_attributes
+          sanitizer_vendor.safe_list_sanitizer.allowed_attributes
         end
 
         # Gets the Rails::Html::FullSanitizer instance used by +strip_tags+. Replace with

data/lib/action_view/helpers/text_helper.rb

@@ -105,7 +105,7 @@ module ActionView
       # Highlights one or more +phrases+ everywhere in +text+ by inserting it into
       # a <tt>:highlighter</tt> string. The highlighter can be specialized by passing <tt>:highlighter</tt>
       # as a single-quoted string with <tt>\1</tt> where the phrase is to be inserted (defaults to
-      # '<mark>\1</mark>') or passing a block that receives each matched term. By default +text+
+      # <tt><mark>\1</mark></tt>) or passing a block that receives each matched term. By default +text+
       # is sanitized to prevent possible XSS attacks. If the input is trustworthy, passing false
       # for <tt>:sanitize</tt> will turn sanitizing off.
       #

data/lib/action_view/helpers/translation_helper.rb

@@ -69,6 +69,7 @@ module ActionView
       #
       def translate(key, **options)
         return key.map { |k| translate(k, **options) } if key.is_a?(Array)
+        key = key&.to_s unless key.is_a?(Symbol)
 
         alternatives = if options.key?(:default)
           options[:default].is_a?(Array) ? options.delete(:default).compact : [options.delete(:default)]
@@ -77,13 +78,12 @@ module ActionView
         options[:raise] = true if options[:raise].nil? && ActionView::Base.raise_on_missing_translations
         default = MISSING_TRANSLATION
 
-        translation = while key
+        translation = while key || alternatives.present?
           if alternatives.blank? && !options[:raise].nil?
             default = NO_DEFAULT # let I18n handle missing translation
           end
 
           key = scope_key_by_partial(key)
-          first_key ||= key
 
           if html_safe_translation_key?(key)
             html_safe_options ||= html_escape_translation_options(options)
@@ -96,10 +96,11 @@ module ActionView
 
           break alternatives.first if alternatives.present? && !alternatives.first.is_a?(Symbol)
 
+          first_key ||= key
           key = alternatives&.shift
         end
 
-        if key.nil?
+        if key.nil? && !first_key.nil?
           translation = missing_translation(first_key, options)
           key = first_key
         end
@@ -129,11 +130,11 @@ module ActionView
         end
 
         def scope_key_by_partial(key)
-          if key.start_with?(".")
-            if @current_template&.virtual_path
+          if key&.start_with?(".")
+            if @virtual_path
               @_scope_key_by_partial_cache ||= {}
-              @_scope_key_by_partial_cache[@current_template.virtual_path] ||= @current_template.virtual_path.gsub(%r{/_?}, ".")
-              "#{@_scope_key_by_partial_cache[@current_template.virtual_path]}#{key}"
+              @_scope_key_by_partial_cache[@virtual_path] ||= @virtual_path.gsub(%r{/_?}, ".")
+              "#{@_scope_key_by_partial_cache[@virtual_path]}#{key}"
             else
               raise "Cannot use t(#{key.inspect}) shortcut because path is not available"
             end

data/lib/action_view/helpers/url_helper.rb

@@ -539,7 +539,7 @@ module ActionView
       #
       # We can also pass in the symbol arguments instead of strings.
       #
-      def current_page?(options, check_parameters: false)
+      def current_page?(options = nil, check_parameters: false, **options_as_kwargs)
         unless request
           raise "You cannot use helpers that need to determine the current " \
                 "page unless your view context provides a Request object " \
@@ -548,6 +548,7 @@ module ActionView
 
         return false unless request.get? || request.head?
 
+        options ||= options_as_kwargs
         check_parameters ||= options.is_a?(Hash) && options.delete(:check_parameters)
         url_string = URI::DEFAULT_PARSER.unescape(url_for(options)).force_encoding(Encoding::BINARY)
 

data/lib/action_view/railtie.rb

@@ -37,6 +37,10 @@ module ActionView
       end
     end
 
+    config.after_initialize do |app|
+      ActionView::Helpers::AssetTagHelper.preload_links_header = app.config.action_view.delete(:preload_links_header)
+    end
+
     config.after_initialize do |app|
       ActiveSupport.on_load(:action_view) do
         app.config.action_view.each do |k, v|

data/lib/action_view/renderer/collection_renderer.rb

@@ -47,6 +47,10 @@ module ActionView
       def size
         @collection.size
       end
+
+      def length
+        @collection.respond_to?(:length) ? @collection.length : size
+      end
     end
 
     class SameCollectionIterator < CollectionIterator # :nodoc:
@@ -144,7 +148,7 @@ module ActionView
           "render_collection.action_view",
           identifier: identifier,
           layout: layout && layout.virtual_path,
-          count: collection.size
+          count: collection.length
         ) do |payload|
           spacer = if @options.key?(:spacer_template)
             spacer_template = find_template(@options[:spacer_template], @locals.keys)

data/lib/assets/compiled/rails-ujs.js

@@ -1,6 +1,6 @@
 /*
 Unobtrusive JavaScript
-https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts
+https://github.com/rails/rails/blob/main/actionview/app/assets/javascripts
 Released under the MIT license
  */;
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 6.1.0.rc2
+  version: 6.1.3
 platform: ruby
 authors:
 - David Heinemeier Hansson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-01 00:00:00.000000000 Z
+date: 2021-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.1.0.rc2
+        version: 6.1.3
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -239,11 +239,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v6.1.0.rc2/actionview/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v6.1.0.rc2/
+  changelog_uri: https://github.com/rails/rails/blob/v6.1.3/actionview/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v6.1.3/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v6.1.0.rc2/actionview
-post_install_message: 
+  source_code_uri: https://github.com/rails/rails/tree/v6.1.3/actionview
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -254,13 +254,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements:
 - none
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).
 test_files: []