actionview 6.1.7.2 → 7.0.5

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -8,7 +8,7 @@ require "action_view/helpers/tag_helper"
 
 module ActionView
   # = Action View Asset Tag Helpers
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     # This module provides methods for generating HTML that links views to assets such
     # as images, JavaScripts, stylesheets, and feeds. These methods do not verify
     # the assets exist before linking to them:
@@ -16,14 +16,15 @@ module ActionView
     #   image_tag("rails.png")
     #   # => <img src="/assets/rails.png" />
     #   stylesheet_link_tag("application")
-    #   # => <link href="/assets/application.css?body=1" media="screen" rel="stylesheet" />
+    #   # => <link href="/assets/application.css?body=1" rel="stylesheet" />
     module AssetTagHelper
-      extend ActiveSupport::Concern
-
       include AssetUrlHelper
       include TagHelper
 
+      mattr_accessor :image_loading
+      mattr_accessor :image_decoding
       mattr_accessor :preload_links_header
+      mattr_accessor :apply_stylesheet_media_default
 
       # Returns an HTML script tag for each of the +sources+ provided.
       #
@@ -40,7 +41,7 @@ module ActionView
       # When the Asset Pipeline is enabled, you can pass the name of your manifest as
       # source, and include other JavaScript or CoffeeScript files inside the manifest.
       #
-      # If the server supports Early Hints header links for these assets will be
+      # If the server supports Early Hints, header links for these assets will be
       # automatically pushed.
       #
       # ==== Options
@@ -93,11 +94,12 @@ module ActionView
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
         integrity = options["integrity"]
+        rel = options["type"] == "module" ? "modulepreload" : "preload"
 
         sources_tags = sources.uniq.map { |source|
           href = path_to_javascript(source, path_options)
-          if preload_links_header && !options["defer"]
-            preload_link = "<#{href}>; rel=preload; as=script"
+          if preload_links_header && !options["defer"] && href.present? && !href.start_with?("data:")
+            preload_link = "<#{href}>; rel=#{rel}; as=script"
             preload_link += "; crossorigin=#{crossorigin}" unless crossorigin.nil?
             preload_link += "; integrity=#{integrity}" unless integrity.nil?
             preload_link += "; nopush" if nopush
@@ -120,24 +122,41 @@ module ActionView
         sources_tags
       end
 
-      # Returns a stylesheet link tag for the sources specified as arguments. If
-      # you don't specify an extension, <tt>.css</tt> will be appended automatically.
+      # Returns a stylesheet link tag for the sources specified as arguments.
+      #
+      # When passing paths, the <tt>.css</tt> extension is optional.
+      # If you don't specify an extension, <tt>.css</tt> will be appended automatically.
+      # If you do not want <tt>.css</tt> appended to the path,
+      # set <tt>extname: false</tt> in the options.
       # You can modify the link attributes by passing a hash as the last argument.
-      # For historical reasons, the 'media' attribute will always be present and defaults
-      # to "screen", so you must explicitly set it to "all" for the stylesheet(s) to
-      # apply to all media types.
       #
-      # If the server supports Early Hints header links for these assets will be
+      # If the server supports Early Hints, header links for these assets will be
       # automatically pushed.
       #
+      # ==== Options
+      #
+      # * <tt>:extname</tt>  - Append an extension to the generated URL unless the extension
+      #   already exists. This only applies for relative URLs.
+      # * <tt>:protocol</tt>  - Sets the protocol of the generated URL. This option only
+      #   applies when a relative URL and +host+ options are provided.
+      # * <tt>:host</tt>  - When a relative URL is provided the host is added to the
+      #   that path.
+      # * <tt>:skip_pipeline</tt>  - This option is used to bypass the asset pipeline
+      #   when it is set to true.
+      #
+      # ==== Examples
+      #
       #   stylesheet_link_tag "style"
-      #   # => <link href="/assets/style.css" media="screen" rel="stylesheet" />
+      #   # => <link href="/assets/style.css" rel="stylesheet" />
       #
       #   stylesheet_link_tag "style.css"
-      #   # => <link href="/assets/style.css" media="screen" rel="stylesheet" />
+      #   # => <link href="/assets/style.css" rel="stylesheet" />
       #
       #   stylesheet_link_tag "http://www.example.com/style.css"
-      #   # => <link href="http://www.example.com/style.css" media="screen" rel="stylesheet" />
+      #   # => <link href="http://www.example.com/style.css" rel="stylesheet" />
+      #
+      #   stylesheet_link_tag "style.less", extname: false, skip_pipeline: true, rel: "stylesheet/less"
+      #   # => <link href="/stylesheets/style.less" rel="stylesheet/less">
       #
       #   stylesheet_link_tag "style", media: "all"
       #   # => <link href="/assets/style.css" media="all" rel="stylesheet" />
@@ -146,11 +165,11 @@ module ActionView
       #   # => <link href="/assets/style.css" media="print" rel="stylesheet" />
       #
       #   stylesheet_link_tag "random.styles", "/css/stylish"
-      #   # => <link href="/assets/random.styles" media="screen" rel="stylesheet" />
-      #   #    <link href="/css/stylish.css" media="screen" rel="stylesheet" />
+      #   # => <link href="/assets/random.styles" rel="stylesheet" />
+      #   #    <link href="/css/stylish.css" rel="stylesheet" />
       def stylesheet_link_tag(*sources)
         options = sources.extract_options!.stringify_keys
-        path_options = options.extract!("protocol", "host", "skip_pipeline").symbolize_keys
+        path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
         preload_links = []
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
@@ -159,7 +178,7 @@ module ActionView
 
         sources_tags = sources.uniq.map { |source|
           href = path_to_stylesheet(source, path_options)
-          if preload_links_header
+          if preload_links_header && href.present? && !href.start_with?("data:")
             preload_link = "<#{href}>; rel=preload; as=style"
             preload_link += "; crossorigin=#{crossorigin}" unless crossorigin.nil?
             preload_link += "; integrity=#{integrity}" unless integrity.nil?
@@ -168,10 +187,14 @@ module ActionView
           end
           tag_options = {
             "rel" => "stylesheet",
-            "media" => "screen",
             "crossorigin" => crossorigin,
             "href" => href
           }.merge!(options)
+
+          if apply_stylesheet_media_default && tag_options["media"].blank?
+            tag_options["media"] = "screen"
+          end
+
           tag(:link, tag_options)
         }.join("\n").html_safe
 
@@ -235,14 +258,14 @@ module ActionView
       #
       # The helper gets the name of the favicon file as first argument, which
       # defaults to "favicon.ico", and also supports +:rel+ and +:type+ options
-      # to override their defaults, "shortcut icon" and "image/x-icon"
+      # to override their defaults, "icon" and "image/x-icon"
       # respectively:
       #
       #   favicon_link_tag
-      #   # => <link href="/assets/favicon.ico" rel="shortcut icon" type="image/x-icon" />
+      #   # => <link href="/assets/favicon.ico" rel="icon" type="image/x-icon" />
       #
       #   favicon_link_tag 'myicon.ico'
-      #   # => <link href="/assets/myicon.ico" rel="shortcut icon" type="image/x-icon" />
+      #   # => <link href="/assets/myicon.ico" rel="icon" type="image/x-icon" />
       #
       # Mobile Safari looks for a different link tag, pointing to an image that
       # will be used if you add the page to the home screen of an iOS device.
@@ -252,7 +275,7 @@ module ActionView
       #   # => <link href="/assets/mb-icon.png" rel="apple-touch-icon" type="image/png" />
       def favicon_link_tag(source = "favicon.ico", options = {})
         tag("link", {
-          rel: "shortcut icon",
+          rel: "icon",
           type: "image/x-icon",
           href: path_to_image(source, skip_pipeline: options.delete(:skip_pipeline))
         }.merge!(options.symbolize_keys))
@@ -302,16 +325,17 @@ module ActionView
         crossorigin = "anonymous" if crossorigin == true || (crossorigin.blank? && as_type == "font")
         integrity = options[:integrity]
         nopush = options.delete(:nopush) || false
+        rel = mime_type == "module" ? "modulepreload" : "preload"
 
         link_tag = tag.link(**{
-          rel: "preload",
+          rel: rel,
           href: href,
           as: as_type,
           type: mime_type,
           crossorigin: crossorigin
         }.merge!(options.symbolize_keys))
 
-        preload_link = "<#{href}>; rel=preload; as=#{as_type}"
+        preload_link = "<#{href}>; rel=#{rel}; as=#{as_type}"
         preload_link += "; type=#{mime_type}" if mime_type
         preload_link += "; crossorigin=#{crossorigin}" if crossorigin
         preload_link += "; integrity=#{integrity}" if integrity
@@ -382,6 +406,10 @@ module ActionView
         end
 
         options[:width], options[:height] = extract_dimensions(options.delete(:size)) if options[:size]
+
+        options[:loading] ||= image_loading if image_loading
+        options[:decoding] ||= image_decoding if image_decoding
+
         tag("img", options)
       end
 
@@ -489,9 +517,9 @@ module ActionView
 
         def extract_dimensions(size)
           size = size.to_s
-          if /\A\d+x\d+\z/.match?(size)
+          if /\A(\d+|\d+.\d+)x(\d+|\d+.\d+)\z/.match?(size)
             size.split("x")
-          elsif /\A\d+\z/.match?(size)
+          elsif /\A(\d+|\d+.\d+)\z/.match?(size)
             [size, size]
           end
         end
@@ -503,24 +531,52 @@ module ActionView
         end
 
         def resolve_link_as(extname, mime_type)
-          if extname == "js"
-            "script"
-          elsif extname == "css"
-            "style"
-          elsif extname == "vtt"
-            "track"
-          elsif (type = mime_type.to_s.split("/")[0]) && type.in?(%w(audio video font image))
-            type
+          case extname
+          when "js"  then "script"
+          when "css" then "style"
+          when "vtt" then "track"
+          else
+            mime_type.to_s.split("/").first.presence_in(%w(audio video font image))
           end
         end
 
-        def send_preload_links_header(preload_links)
+        MAX_HEADER_SIZE = 8_000 # Some HTTP client and proxies have a 8kiB header limit
+        def send_preload_links_header(preload_links, max_header_size: MAX_HEADER_SIZE)
+          return if preload_links.empty?
+          return if respond_to?(:response) && response&.sending?
+
           if respond_to?(:request) && request
             request.send_early_hints("Link" => preload_links.join("\n"))
           end
 
           if respond_to?(:response) && response
-            response.headers["Link"] = [response.headers["Link"].presence, *preload_links].compact.join(",")
+            header = response.headers["Link"]
+            header = header ? header.dup : +""
+
+            # rindex count characters not bytes, but we assume non-ascii characters
+            # are rare in urls, and we have a 192 bytes margin.
+            last_line_offset = header.rindex("\n")
+            last_line_size = if last_line_offset
+              header.bytesize - last_line_offset
+            else
+              header.bytesize
+            end
+
+            preload_links.each do |link|
+              if link.bytesize + last_line_size + 1 < max_header_size
+                unless header.empty?
+                  header << ","
+                  last_line_size += 1
+                end
+              else
+                header << "\n"
+                last_line_size = 0
+              end
+              header << link
+              last_line_size += link.bytesize
+            end
+
+            response.headers["Link"] = header
           end
         end
     end

data/lib/action_view/helpers/asset_url_helper.rb

@@ -4,7 +4,7 @@ require "zlib"
 
 module ActionView
   # = Action View Asset URL Helpers
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     # This module provides methods for generating asset paths and
     # URLs.
     #
@@ -31,7 +31,7 @@ module ActionView
     #   image_tag("rails.png")
     #   # => <img src="http://assets.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
-    #   # => <link href="http://assets.example.com/assets/application.css" media="screen" rel="stylesheet" />
+    #   # => <link href="http://assets.example.com/assets/application.css" rel="stylesheet" />
     #
     # Browsers open a limited number of simultaneous connections to a single
     # host. The exact number varies by browser and version. This limit may cause
@@ -44,7 +44,7 @@ module ActionView
     #   image_tag("rails.png")
     #   # => <img src="http://assets0.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
-    #   # => <link href="http://assets2.example.com/assets/application.css" media="screen" rel="stylesheet" />
+    #   # => <link href="http://assets2.example.com/assets/application.css" rel="stylesheet" />
     #
     # This may improve the asset loading performance of your application.
     # It is also possible the combination of additional connection overhead
@@ -65,12 +65,12 @@ module ActionView
     # +asset_host+ to a proc like this:
     #
     #   ActionController::Base.asset_host = Proc.new { |source|
-    #     "http://assets#{Digest::MD5.hexdigest(source).to_i(16) % 2 + 1}.example.com"
+    #     "http://assets#{OpenSSL::Digest::SHA256.hexdigest(source).to_i(16) % 2 + 1}.example.com"
     #   }
     #   image_tag("rails.png")
     #   # => <img src="http://assets1.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
-    #   # => <link href="http://assets2.example.com/assets/application.css" media="screen" rel="stylesheet" />
+    #   # => <link href="http://assets2.example.com/assets/application.css" rel="stylesheet" />
     #
     # The example above generates "http://assets1.example.com" and
     # "http://assets2.example.com". This option is useful for example if
@@ -89,7 +89,7 @@ module ActionView
     #   image_tag("rails.png")
     #   # => <img src="http://assets.example.com/assets/rails.png" />
     #   stylesheet_link_tag("application")
-    #   # => <link href="http://stylesheets.example.com/assets/application.css" media="screen" rel="stylesheet" />
+    #   # => <link href="http://stylesheets.example.com/assets/application.css" rel="stylesheet" />
     #
     # Alternatively you may ask for a second parameter +request+. That one is
     # particularly useful for serving assets from an SSL-protected page. The
@@ -121,7 +121,7 @@ module ActionView
       URI_REGEXP = %r{^[-a-z]+://|^(?:cid|data):|^//}i
 
       # This is the entry point for all assets.
-      # When using the asset pipeline (i.e. sprockets and sprockets-rails), the
+      # When using an asset pipeline gem (e.g. propshaft or sprockets-rails), the
       # behavior is "enhanced". You can bypass the asset pipeline by passing in
       # <tt>skip_pipeline: true</tt> to the options.
       #
@@ -130,7 +130,7 @@ module ActionView
       # === With the asset pipeline
       #
       # All options passed to +asset_path+ will be passed to +compute_asset_path+
-      # which is implemented by sprockets-rails.
+      # which is implemented by asset pipeline gems.
       #
       #   asset_path("application.js") # => "/assets/application-60aa4fdc5cea14baf5400fba1abf4f2a46a5166bad4772b1effe341570f07de9.js"
       #   asset_path('application.js', host: 'example.com') # => "//example.com/assets/application.js"
@@ -190,7 +190,7 @@ module ActionView
         return "" if source.blank?
         return source if URI_REGEXP.match?(source)
 
-        tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "")
+        tail, source = source[/([?#].+)$/], source.sub(/([?#].+)$/, "")
 
         if extname = compute_asset_extname(source, options)
           source = "#{source}#{extname}"
@@ -219,7 +219,7 @@ module ActionView
 
       # Computes the full URL to an asset in the public directory. This
       # will use +asset_path+ internally, so most of their behaviors
-      # will be the same. If :host options is set, it overwrites global
+      # will be the same. If +:host+ options is set, it overwrites global
       # +config.action_controller.asset_host+ setting.
       #
       # All other options provided are forwarded to +asset_path+ call.
@@ -324,7 +324,7 @@ module ActionView
 
       # Computes the full URL to a JavaScript asset in the public javascripts directory.
       # This will use +javascript_path+ internally, so most of their behaviors will be the same.
-      # Since +javascript_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +javascript_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   javascript_url "js/xmlhr.js", host: "http://stage.example.com" # => http://stage.example.com/assets/js/xmlhr.js
@@ -351,7 +351,7 @@ module ActionView
 
       # Computes the full URL to a stylesheet asset in the public stylesheets directory.
       # This will use +stylesheet_path+ internally, so most of their behaviors will be the same.
-      # Since +stylesheet_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +stylesheet_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   stylesheet_url "css/style.css", host: "http://stage.example.com" # => http://stage.example.com/assets/css/style.css
@@ -381,7 +381,7 @@ module ActionView
 
       # Computes the full URL to an image asset.
       # This will use +image_path+ internally, so most of their behaviors will be the same.
-      # Since +image_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +image_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   image_url "edit.png", host: "http://stage.example.com" # => http://stage.example.com/assets/edit.png
@@ -407,7 +407,7 @@ module ActionView
 
       # Computes the full URL to a video asset in the public videos directory.
       # This will use +video_path+ internally, so most of their behaviors will be the same.
-      # Since +video_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +video_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   video_url "hd.avi", host: "http://stage.example.com" # => http://stage.example.com/videos/hd.avi
@@ -433,7 +433,7 @@ module ActionView
 
       # Computes the full URL to an audio asset in the public audios directory.
       # This will use +audio_path+ internally, so most of their behaviors will be the same.
-      # Since +audio_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +audio_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   audio_url "horse.wav", host: "http://stage.example.com" # => http://stage.example.com/audios/horse.wav
@@ -458,7 +458,7 @@ module ActionView
 
       # Computes the full URL to a font asset.
       # This will use +font_path+ internally, so most of their behaviors will be the same.
-      # Since +font_url+ is based on +asset_url+ method you can set :host options. If :host
+      # Since +font_url+ is based on +asset_url+ method you can set +:host+ options. If +:host+
       # options is set, it overwrites global +config.action_controller.asset_host+ setting.
       #
       #   font_url "font.ttf", host: "http://stage.example.com" # => http://stage.example.com/fonts/font.ttf

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
 require "set"
-require "active_support/core_ext/symbol/starts_ends_with"
 
 module ActionView
   # = Action View Atom Feed Helpers
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     module AtomFeedHelper
       # Adds easy defaults to writing Atom feeds with the Builder template engine (this does not work on ERB or any other
       # template languages).
@@ -127,7 +126,7 @@ module ActionView
         end
       end
 
-      class AtomBuilder #:nodoc:
+      class AtomBuilder # :nodoc:
         XHTML_TAG_NAMES = %w(content rights title subtitle summary).to_set
 
         def initialize(xml)
@@ -161,7 +160,7 @@ module ActionView
           end
       end
 
-      class AtomFeedBuilder < AtomBuilder #:nodoc:
+      class AtomFeedBuilder < AtomBuilder # :nodoc:
         def initialize(xml, view, feed_options = {})
           @xml, @view, @feed_options = xml, view, feed_options
         end

data/lib/action_view/helpers/cache_helper.rb

@@ -2,8 +2,10 @@
 
 module ActionView
   # = Action View Cache Helper
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     module CacheHelper
+      class UncacheableFragmentError < StandardError; end
+
       # This helper exposes a method for caching fragments of a view
       # rather than an entire action or page. This technique is useful
       # caching pieces like menus, lists of new topics, static HTML
@@ -165,8 +167,10 @@ module ActionView
       # expire the cache.
       def cache(name = {}, options = {}, &block)
         if controller.respond_to?(:perform_caching) && controller.perform_caching
-          name_options = options.slice(:skip_digest)
-          safe_concat(fragment_for(cache_fragment_name(name, **name_options), options, &block))
+          CachingRegistry.track_caching do
+            name_options = options.slice(:skip_digest)
+            safe_concat(fragment_for(cache_fragment_name(name, **name_options), options, &block))
+          end
         else
           yield
         end
@@ -174,6 +178,34 @@ module ActionView
         nil
       end
 
+      # Returns whether the current view fragment is within a +cache+ block.
+      #
+      # Useful when certain fragments aren't cacheable:
+      #
+      #   <% cache project do %>
+      #     <% raise StandardError, "Caching private data!" if caching? %>
+      #   <% end %>
+      def caching?
+        CachingRegistry.caching?
+      end
+
+      # Raises +UncacheableFragmentError+ when called from within a +cache+ block.
+      #
+      # Useful to denote helper methods that can't participate in fragment caching:
+      #
+      #   def project_name_with_time(project)
+      #     uncacheable!
+      #     "#{project.name} - #{Time.now}"
+      #   end
+      #
+      #   # Which will then raise if used within a +cache+ block:
+      #   <% cache project do %>
+      #     <%= project_name_with_time(project) %>
+      #   <% end %>
+      def uncacheable!
+        raise UncacheableFragmentError, "can't be fragment cached" if caching?
+      end
+
       # Cache fragments of a view if +condition+ is true
       #
       #   <% cache_if admin?, project do %>
@@ -259,6 +291,23 @@ module ActionView
         end
         controller.write_fragment(name, fragment, options)
       end
+
+      module CachingRegistry # :nodoc:
+        extend self
+
+        def caching?
+          ActiveSupport::IsolatedExecutionState[:action_view_caching] ||= false
+        end
+
+        def track_caching
+          caching_was = ActiveSupport::IsolatedExecutionState[:action_view_caching]
+          ActiveSupport::IsolatedExecutionState[:action_view_caching] = true
+
+          yield
+        ensure
+          ActiveSupport::IsolatedExecutionState[:action_view_caching] = caching_was
+        end
+      end
     end
   end
 end

data/lib/action_view/helpers/capture_helper.rb

@@ -4,7 +4,7 @@ require "active_support/core_ext/string/output_safety"
 
 module ActionView
   # = Action View Capture Helper
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     # CaptureHelper exposes methods to let you extract generated markup which
     # can be used in other parts of a template or layout file.
     #
@@ -121,7 +121,7 @@ module ActionView
       #     <li><%= link_to 'Home', action: 'index' %></li>
       #   <% end %>
       #
-      #  And in another place:
+      # And in another place:
       #
       #   <% content_for :navigation do %>
       #     <li><%= link_to 'Login', action: 'login' %></li>
@@ -137,7 +137,7 @@ module ActionView
       #     <li><%= link_to 'Home', action: 'index' %></li>
       #   <% end %>
       #
-      #   <%#  Add some other content, or use a different template: %>
+      #   <%# Add some other content, or use a different template: %>
       #
       #   <% content_for :navigation, flush: true do %>
       #     <li><%= link_to 'Login', action: 'login' %></li>
@@ -198,7 +198,7 @@ module ActionView
 
       # Use an alternate output buffer for the duration of the block.
       # Defaults to a new empty string.
-      def with_output_buffer(buf = nil) #:nodoc:
+      def with_output_buffer(buf = nil) # :nodoc:
         unless buf
           buf = ActionView::OutputBuffer.new
           if output_buffer && output_buffer.respond_to?(:encoding)

data/lib/action_view/helpers/controller_helper.rb

@@ -3,10 +3,10 @@
 require "active_support/core_ext/module/attr_internal"
 
 module ActionView
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     # This module keeps all methods and behavior in ActionView
     # that simply delegates to the controller.
-    module ControllerHelper #:nodoc:
+    module ControllerHelper # :nodoc:
       attr_internal :controller, :request
 
       CONTROLLER_DELEGATES = [:request_forgery_protection_token, :params,

data/lib/action_view/helpers/csp_helper.rb

@@ -2,7 +2,7 @@
 
 module ActionView
   # = Action View CSP Helper
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     module CspHelper
       # Returns a meta tag "csp-nonce" with the per-session nonce value
       # for allowing inline <script> tags.

data/lib/action_view/helpers/csrf_helper.rb

@@ -2,7 +2,7 @@
 
 module ActionView
   # = Action View CSRF Helper
-  module Helpers #:nodoc:
+  module Helpers # :nodoc:
     module CsrfHelper
       # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
       # request forgery protection parameter and token, respectively.
@@ -17,7 +17,7 @@ module ActionView
       # You don't need to use these tags for regular forms as they generate their own hidden fields.
       #
       # For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
-      # "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically.
+      # +X-CSRF-Token+ HTTP header. If you are using rails-ujs, this happens automatically.
       #
       def csrf_meta_tags
         if defined?(protect_against_forgery?) && protect_against_forgery?