actionview 6.1.7.2 → 7.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +299 -277
- data/MIT-LICENSE +2 -1
- data/README.rdoc +3 -3
- data/app/assets/javascripts/rails-ujs.esm.js +686 -0
- data/app/assets/javascripts/rails-ujs.js +630 -0
- data/lib/action_view/base.rb +37 -19
- data/lib/action_view/buffers.rb +107 -9
- data/lib/action_view/cache_expiry.rb +48 -37
- data/lib/action_view/context.rb +1 -1
- data/lib/action_view/dependency_tracker/erb_tracker.rb +154 -0
- data/lib/action_view/dependency_tracker/ripper_tracker.rb +59 -0
- data/lib/action_view/dependency_tracker.rb +6 -147
- data/lib/action_view/deprecator.rb +7 -0
- data/lib/action_view/digestor.rb +8 -5
- data/lib/action_view/flows.rb +4 -4
- data/lib/action_view/gem_version.rb +4 -4
- data/lib/action_view/helpers/active_model_helper.rb +3 -3
- data/lib/action_view/helpers/asset_tag_helper.rb +200 -60
- data/lib/action_view/helpers/asset_url_helper.rb +22 -21
- data/lib/action_view/helpers/atom_feed_helper.rb +8 -9
- data/lib/action_view/helpers/cache_helper.rb +55 -12
- data/lib/action_view/helpers/capture_helper.rb +34 -14
- data/lib/action_view/helpers/content_exfiltration_prevention_helper.rb +70 -0
- data/lib/action_view/helpers/controller_helper.rb +8 -2
- data/lib/action_view/helpers/csp_helper.rb +3 -3
- data/lib/action_view/helpers/csrf_helper.rb +4 -4
- data/lib/action_view/helpers/date_helper.rb +123 -57
- data/lib/action_view/helpers/debug_helper.rb +6 -4
- data/lib/action_view/helpers/form_helper.rb +253 -97
- data/lib/action_view/helpers/form_options_helper.rb +72 -34
- data/lib/action_view/helpers/form_tag_helper.rb +189 -58
- data/lib/action_view/helpers/javascript_helper.rb +4 -5
- data/lib/action_view/helpers/number_helper.rb +43 -335
- data/lib/action_view/helpers/output_safety_helper.rb +6 -6
- data/lib/action_view/helpers/rendering_helper.rb +6 -7
- data/lib/action_view/helpers/sanitize_helper.rb +54 -24
- data/lib/action_view/helpers/tag_helper.rb +42 -35
- data/lib/action_view/helpers/tags/base.rb +16 -77
- data/lib/action_view/helpers/tags/check_box.rb +1 -1
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +1 -0
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +1 -0
- data/lib/action_view/helpers/tags/collection_select.rb +4 -1
- data/lib/action_view/helpers/tags/date_field.rb +1 -1
- data/lib/action_view/helpers/tags/date_select.rb +2 -0
- data/lib/action_view/helpers/tags/datetime_field.rb +14 -6
- data/lib/action_view/helpers/tags/datetime_local_field.rb +11 -2
- data/lib/action_view/helpers/tags/file_field.rb +16 -0
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +3 -0
- data/lib/action_view/helpers/tags/month_field.rb +1 -1
- data/lib/action_view/helpers/tags/select.rb +4 -1
- data/lib/action_view/helpers/tags/select_renderer.rb +56 -0
- data/lib/action_view/helpers/tags/time_field.rb +11 -2
- data/lib/action_view/helpers/tags/time_zone_select.rb +3 -0
- data/lib/action_view/helpers/tags/week_field.rb +1 -1
- data/lib/action_view/helpers/tags/weekday_select.rb +31 -0
- data/lib/action_view/helpers/tags.rb +5 -2
- data/lib/action_view/helpers/text_helper.rb +180 -97
- data/lib/action_view/helpers/translation_helper.rb +14 -45
- data/lib/action_view/helpers/url_helper.rb +230 -132
- data/lib/action_view/helpers.rb +27 -25
- data/lib/action_view/layouts.rb +15 -10
- data/lib/action_view/log_subscriber.rb +49 -32
- data/lib/action_view/lookup_context.rb +58 -61
- data/lib/action_view/model_naming.rb +2 -2
- data/lib/action_view/path_registry.rb +57 -0
- data/lib/action_view/path_set.rb +28 -35
- data/lib/action_view/railtie.rb +44 -9
- data/lib/action_view/record_identifier.rb +16 -9
- data/lib/action_view/render_parser.rb +188 -0
- data/lib/action_view/renderer/abstract_renderer.rb +3 -3
- data/lib/action_view/renderer/collection_renderer.rb +10 -2
- data/lib/action_view/renderer/partial_renderer/collection_caching.rb +21 -3
- data/lib/action_view/renderer/partial_renderer.rb +3 -36
- data/lib/action_view/renderer/renderer.rb +6 -4
- data/lib/action_view/renderer/streaming_template_renderer.rb +6 -5
- data/lib/action_view/renderer/template_renderer.rb +9 -4
- data/lib/action_view/rendering.rb +25 -7
- data/lib/action_view/ripper_ast_parser.rb +198 -0
- data/lib/action_view/routing_url_for.rb +8 -5
- data/lib/action_view/template/error.rb +122 -14
- data/lib/action_view/template/handlers/builder.rb +4 -4
- data/lib/action_view/template/handlers/erb/erubi.rb +23 -27
- data/lib/action_view/template/handlers/erb.rb +79 -1
- data/lib/action_view/template/handlers.rb +4 -4
- data/lib/action_view/template/html.rb +4 -4
- data/lib/action_view/template/inline.rb +3 -3
- data/lib/action_view/template/raw_file.rb +4 -4
- data/lib/action_view/template/renderable.rb +1 -1
- data/lib/action_view/template/resolver.rb +96 -313
- data/lib/action_view/template/text.rb +4 -4
- data/lib/action_view/template/types.rb +25 -32
- data/lib/action_view/template.rb +245 -41
- data/lib/action_view/template_details.rb +66 -0
- data/lib/action_view/template_path.rb +66 -0
- data/lib/action_view/test_case.rb +182 -23
- data/lib/action_view/testing/resolvers.rb +11 -12
- data/lib/action_view/unbound_template.rb +43 -7
- data/lib/action_view/version.rb +1 -1
- data/lib/action_view/view_paths.rb +19 -28
- data/lib/action_view.rb +6 -4
- data/lib/assets/compiled/rails-ujs.js +36 -5
- metadata +32 -25
data/CHANGELOG.md
CHANGED
@@ -1,439 +1,461 @@
|
|
1
|
-
## Rails
|
2
|
-
|
3
|
-
* No changes.
|
4
|
-
|
5
|
-
|
6
|
-
## Rails 6.1.7.1 (January 17, 2023) ##
|
7
|
-
|
8
|
-
* No changes.
|
9
|
-
|
10
|
-
|
11
|
-
## Rails 6.1.7 (September 09, 2022) ##
|
12
|
-
|
13
|
-
* No changes.
|
1
|
+
## Rails 7.1.3 (January 16, 2024) ##
|
14
2
|
|
3
|
+
* Better handle SyntaxError in Action View.
|
15
4
|
|
16
|
-
|
5
|
+
*Mario Caropreso*
|
17
6
|
|
18
|
-
*
|
19
|
-
|
20
|
-
|
21
|
-
## Rails 6.1.6 (May 09, 2022) ##
|
22
|
-
|
23
|
-
* No changes.
|
24
|
-
|
25
|
-
|
26
|
-
## Rails 6.1.5.1 (April 26, 2022) ##
|
27
|
-
|
28
|
-
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
|
29
|
-
|
30
|
-
Escape dangerous characters in names of tags and names of attributes in the
|
31
|
-
tag helpers, following the XML specification. Rename the option
|
32
|
-
`:escape_attributes` to `:escape`, to simplify by applying the option to the
|
33
|
-
whole tag.
|
34
|
-
|
35
|
-
*Álvaro Martín Fraguas*
|
36
|
-
|
37
|
-
## Rails 6.1.5 (March 09, 2022) ##
|
38
|
-
|
39
|
-
* `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
|
40
|
-
types, such as JPG or SVG.
|
41
|
-
|
42
|
-
*Nate Berkopec*
|
43
|
-
|
44
|
-
* Add `autocomplete="off"` to all generated hidden fields.
|
45
|
-
|
46
|
-
Fixes #42610.
|
47
|
-
|
48
|
-
*Ryan Baumann*
|
49
|
-
|
50
|
-
* Fix `current_page?` when URL has trailing slash.
|
51
|
-
|
52
|
-
This fixes the `current_page?` helper when the given URL has a trailing slash,
|
53
|
-
and is an absolute URL or also has query params.
|
54
|
-
|
55
|
-
Fixes #33956.
|
7
|
+
* Fix `word_wrap` with empty string.
|
56
8
|
|
57
9
|
*Jonathan Hefner*
|
58
10
|
|
11
|
+
* Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
|
59
12
|
|
60
|
-
|
61
|
-
|
62
|
-
* No changes.
|
63
|
-
|
64
|
-
|
65
|
-
## Rails 6.1.4.6 (February 11, 2022) ##
|
13
|
+
Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`.
|
66
14
|
|
67
|
-
*
|
68
|
-
|
69
|
-
|
70
|
-
## Rails 6.1.4.5 (February 11, 2022) ##
|
15
|
+
*Sean Doyle*
|
71
16
|
|
72
|
-
*
|
17
|
+
* Fix detection of required strict locals.
|
73
18
|
|
19
|
+
Further fix `render @collection` compatibility with strict locals
|
74
20
|
|
75
|
-
|
21
|
+
*Jean Boussier*
|
76
22
|
|
77
|
-
* No changes.
|
78
23
|
|
24
|
+
## Rails 7.1.2 (November 10, 2023) ##
|
79
25
|
|
80
|
-
|
26
|
+
* Fix the `number_to_human_size` view helper to correctly work with negative numbers.
|
81
27
|
|
82
|
-
*
|
28
|
+
*Earlopain*
|
83
29
|
|
30
|
+
* Automatically discard the implicit locals injected by collection rendering for template that can't accept them
|
84
31
|
|
85
|
-
|
32
|
+
When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
|
86
33
|
|
87
|
-
|
34
|
+
Now they are only passed if the template will actually accept them.
|
88
35
|
|
36
|
+
*Yasha Krasnou*, *Jean Boussier*
|
89
37
|
|
90
|
-
|
38
|
+
* Fix `@rails/ujs` calling `start()` an extra time when using bundlers
|
91
39
|
|
92
|
-
*
|
40
|
+
*Hartley McGuire*, *Ryunosuke Sato*
|
93
41
|
|
42
|
+
* Fix the `capture` view helper compatibility with HAML and Slim
|
94
43
|
|
95
|
-
|
44
|
+
When a blank string was captured in HAML or Slim (and possibly other template engines)
|
45
|
+
it would instead return the entire buffer.
|
96
46
|
|
97
|
-
*
|
98
|
-
translation keys through `I18n.translate` for interpolation.
|
47
|
+
*Jean Boussier*
|
99
48
|
|
100
|
-
*Jonathan Hefner*
|
101
49
|
|
102
|
-
|
50
|
+
## Rails 7.1.1 (October 11, 2023) ##
|
103
51
|
|
104
|
-
|
52
|
+
* Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
|
105
53
|
|
106
|
-
|
54
|
+
This fix was already landed in >= 7.0.4.3, < 7.1.0.
|
55
|
+
[[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
|
107
56
|
|
108
|
-
*
|
57
|
+
*Ryunosuke Sato*
|
109
58
|
|
110
59
|
|
111
|
-
## Rails
|
60
|
+
## Rails 7.1.0 (October 05, 2023) ##
|
112
61
|
|
113
62
|
* No changes.
|
114
63
|
|
115
64
|
|
116
|
-
## Rails
|
65
|
+
## Rails 7.1.0.rc2 (October 01, 2023) ##
|
117
66
|
|
118
67
|
* No changes.
|
119
68
|
|
120
69
|
|
121
|
-
## Rails
|
70
|
+
## Rails 7.1.0.rc1 (September 27, 2023) ##
|
122
71
|
|
123
|
-
*
|
124
|
-
|
125
|
-
|
126
|
-
## Rails 6.1.2.1 (February 10, 2021) ##
|
72
|
+
* Introduce `ActionView::TestCase.register_parser`
|
127
73
|
|
128
|
-
|
74
|
+
```ruby
|
75
|
+
register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }
|
129
76
|
|
77
|
+
test "renders RSS" do
|
78
|
+
article = Article.create!(title: "Hello, world")
|
130
79
|
|
131
|
-
|
80
|
+
render formats: :rss, partial: article
|
132
81
|
|
133
|
-
|
82
|
+
assert_equal "Hello, world", rendered.rss.items.last.title
|
83
|
+
end
|
84
|
+
```
|
134
85
|
|
86
|
+
By default, register parsers for `:html` and `:json`.
|
135
87
|
|
136
|
-
|
88
|
+
*Sean Doyle*
|
137
89
|
|
138
|
-
* Fix lazy translation in partial with block.
|
139
90
|
|
140
|
-
|
91
|
+
## Rails 7.1.0.beta1 (September 13, 2023) ##
|
141
92
|
|
142
|
-
*
|
93
|
+
* Fix `simple_format` with blank `wrapper_tag` option returns plain html tag
|
143
94
|
|
144
|
-
|
95
|
+
By default `simple_format` method returns the text wrapped with `<p>`. But if we explicitly specify
|
96
|
+
the `wrapper_tag: nil` in the options, it returns the text wrapped with `<></>` tag.
|
145
97
|
|
146
|
-
|
98
|
+
Before:
|
147
99
|
|
148
|
-
|
100
|
+
```ruby
|
101
|
+
simple_format("Hello World", {}, { wrapper_tag: nil })
|
102
|
+
# <>Hello World</>
|
103
|
+
```
|
149
104
|
|
150
|
-
|
151
|
-
the `Link` header being added by default when using `stylesheet_link_tag`
|
152
|
-
and `javascript_include_tag`.
|
105
|
+
After:
|
153
106
|
|
154
|
-
|
107
|
+
```ruby
|
108
|
+
simple_format("Hello World", {}, { wrapper_tag: nil })
|
109
|
+
# <p>Hello World</p>
|
110
|
+
```
|
155
111
|
|
156
|
-
*
|
157
|
-
specified, instead of always returning `nil`.
|
112
|
+
*Akhil G Krishnan*, *Junichi Ito*
|
158
113
|
|
159
|
-
|
114
|
+
* Don't double-encode nested `field_id` and `field_name` index values
|
160
115
|
|
116
|
+
Pass `index: @options` as a default keyword argument to `field_id` and
|
117
|
+
`field_name` view helper methods.
|
161
118
|
|
162
|
-
|
119
|
+
*Sean Doyle*
|
163
120
|
|
164
|
-
*
|
165
|
-
call safe_list_sanitizer's class method
|
121
|
+
* Allow opting in/out of `Link preload` headers when calling `stylesheet_link_tag` or `javascript_include_tag`
|
166
122
|
|
167
|
-
|
123
|
+
```ruby
|
124
|
+
# will exclude header, even if setting is enabled:
|
125
|
+
javascript_include_tag("http://example.com/all.js", preload_links_header: false)
|
168
126
|
|
169
|
-
|
127
|
+
# will include header, even if setting is disabled:
|
128
|
+
stylesheet_link_tag("http://example.com/all.js", preload_links_header: true)
|
129
|
+
```
|
170
130
|
|
171
|
-
*
|
131
|
+
*Alex Ghiculescu*
|
172
132
|
|
173
|
-
|
174
|
-
users because they were forced to handle remote requests.
|
133
|
+
* Stop generating `Link preload` headers once it has reached 1KB.
|
175
134
|
|
176
|
-
|
177
|
-
|
178
|
-
setting `config.action_view.form_with_generates_remote_forms` to `true`.
|
135
|
+
Some proxies have trouble handling large headers, but more importantly preload links
|
136
|
+
have diminishing returns so it's preferable not to go overboard with them.
|
179
137
|
|
180
|
-
|
138
|
+
If tighter control is needed, it's recommended to disable automatic generation of preloads
|
139
|
+
and to generate them manually from the controller or from a middleware.
|
181
140
|
|
182
|
-
*
|
183
|
-
when a block is given.
|
141
|
+
*Jean Boussier*
|
184
142
|
|
185
|
-
|
143
|
+
* `simple_format` helper now handles a `:sanitize_options` - any extra options you want appending to the sanitize.
|
186
144
|
|
187
|
-
|
188
|
-
|
145
|
+
Before:
|
146
|
+
```ruby
|
147
|
+
simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>")
|
148
|
+
# => "<p><a href=\"http://example.com\">Continue</a></p>"
|
149
|
+
```
|
189
150
|
|
190
|
-
|
151
|
+
After:
|
152
|
+
```ruby
|
153
|
+
simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>", {}, { sanitize_options: { attributes: %w[target href] } })
|
154
|
+
# => "<p><a target=\"_blank\" href=\"http://example.com\">Continue</a></p>"
|
155
|
+
```
|
191
156
|
|
192
|
-
*
|
193
|
-
and make the original available as an alias.
|
157
|
+
*Andrei Andriichuk*
|
194
158
|
|
195
|
-
|
196
|
-
|
159
|
+
* Add support for HTML5 standards-compliant sanitizers, and default to `Rails::HTML5::Sanitizer`
|
160
|
+
in the Rails 7.1 configuration if it is supported.
|
197
161
|
|
198
|
-
|
162
|
+
Action View's HTML sanitizers can be configured by setting
|
163
|
+
`config.action_view.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
|
164
|
+
`Rails::HTML5::Sanitizer`.
|
199
165
|
|
200
|
-
|
201
|
-
|
202
|
-
`
|
203
|
-
|
204
|
-
tag.input type: 'checkbox', name: 'published', aria: {
|
205
|
-
invalid: @post.errors[:published].any?,
|
206
|
-
labelledby: ['published_context', 'published_label'],
|
207
|
-
describedby: { published_errors: @post.errors[:published].any? }
|
208
|
-
}
|
209
|
-
#=> <input
|
210
|
-
type="checkbox" name="published" aria-invalid="true"
|
211
|
-
aria-labelledby="published_context published_label"
|
212
|
-
aria-describedby="published_errors"
|
213
|
-
>
|
166
|
+
The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
|
167
|
+
fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
|
168
|
+
`Rails::HTML4::Sanitizer`.
|
214
169
|
|
215
|
-
*
|
170
|
+
*Mike Dalessio*
|
216
171
|
|
217
|
-
*
|
172
|
+
* `config.dom_testing_default_html_version` controls the HTML parser used by
|
173
|
+
`ActionView::TestCase#document_root_element`, which creates the DOM used by the assertions in
|
174
|
+
Rails::Dom::Testing.
|
218
175
|
|
219
|
-
|
176
|
+
The Rails 7.1 default configuration opts into the HTML5 parser when it is supported, to better
|
177
|
+
represent what the DOM would be in a browser user agent. Previously this test helper always used
|
178
|
+
Nokogiri's HTML4 parser.
|
220
179
|
|
221
|
-
*
|
180
|
+
*Mike Dalessio*
|
222
181
|
|
223
|
-
|
182
|
+
* Add support for the HTML picture tag. It supports passing a String, an Array or a Block.
|
183
|
+
Supports passing properties directly to the img tag via the `:image` key.
|
184
|
+
Since the picture tag requires an img tag, the last element you provide will be used for the img tag.
|
185
|
+
For complete control over the picture tag, a block can be passed, which will populate the contents of the tag accordingly.
|
224
186
|
|
225
|
-
|
187
|
+
Can be used like this for a single source:
|
188
|
+
```erb
|
189
|
+
<%= picture_tag("picture.webp") %>
|
190
|
+
```
|
191
|
+
which will generate the following:
|
192
|
+
```html
|
193
|
+
<picture>
|
194
|
+
<img src="/images/picture.webp" />
|
195
|
+
</picture>
|
196
|
+
```
|
226
197
|
|
227
|
-
|
198
|
+
For multiple sources:
|
199
|
+
```erb
|
200
|
+
<%= picture_tag("picture.webp", "picture.png", :class => "mt-2", :image => { alt: "Image", class: "responsive-img" }) %>
|
201
|
+
```
|
202
|
+
will generate:
|
203
|
+
```html
|
204
|
+
<picture class="mt-2">
|
205
|
+
<source srcset="/images/picture.webp" />
|
206
|
+
<source srcset="/images/picture.png" />
|
207
|
+
<img alt="Image" class="responsive-img" src="/images/picture.png" />
|
208
|
+
</picture>
|
209
|
+
```
|
228
210
|
|
229
|
-
|
211
|
+
Full control via a block:
|
212
|
+
```erb
|
213
|
+
<%= picture_tag(:class => "my-class") do %>
|
214
|
+
<%= tag(:source, :srcset => image_path("picture.webp")) %>
|
215
|
+
<%= tag(:source, :srcset => image_path("picture.png")) %>
|
216
|
+
<%= image_tag("picture.png", :alt => "Image") %>
|
217
|
+
<% end %>
|
218
|
+
```
|
219
|
+
will generate:
|
220
|
+
```html
|
221
|
+
<picture class="my-class">
|
222
|
+
<source srcset="/images/picture.webp" />
|
223
|
+
<source srcset="/images/picture.png" />
|
224
|
+
<img alt="Image" src="/images/picture.png" />
|
225
|
+
</picture>
|
226
|
+
```
|
230
227
|
|
231
|
-
*
|
228
|
+
*Juan Pablo Balarini*
|
232
229
|
|
233
|
-
* Remove deprecated
|
230
|
+
* Remove deprecated support to passing instance variables as locals to partials.
|
234
231
|
|
235
232
|
*Rafael Mendonça França*
|
236
233
|
|
237
|
-
* Remove deprecated
|
234
|
+
* Remove deprecated constant `ActionView::Path`.
|
238
235
|
|
239
236
|
*Rafael Mendonça França*
|
240
237
|
|
241
|
-
*
|
238
|
+
* Guard `token_list` calls from escaping HTML too often
|
242
239
|
|
243
|
-
*
|
240
|
+
*Sean Doyle*
|
244
241
|
|
245
|
-
*
|
242
|
+
* `select` can now be called with a single hash containing options and some HTML options
|
246
243
|
|
247
|
-
|
244
|
+
Previously this would not work as expected:
|
248
245
|
|
249
|
-
|
246
|
+
```erb
|
247
|
+
<%= select :post, :author, authors, required: true %>
|
248
|
+
```
|
250
249
|
|
251
|
-
|
250
|
+
Instead you needed to do this:
|
252
251
|
|
253
|
-
|
254
|
-
|
252
|
+
```erb
|
253
|
+
<%= select :post, :author, authors, {}, required: true %>
|
254
|
+
```
|
255
255
|
|
256
|
-
|
256
|
+
Now, either form is accepted, for the following HTML attributes: `required`, `multiple`, `size`.
|
257
257
|
|
258
|
-
*
|
258
|
+
*Alex Ghiculescu*
|
259
259
|
|
260
|
-
|
260
|
+
* Datetime form helpers (`time_field`, `date_field`, `datetime_field`, `week_field`, `month_field`) now accept an instance of Time/Date/DateTime as `:value` option.
|
261
261
|
|
262
|
-
|
262
|
+
Before:
|
263
|
+
```erb
|
264
|
+
<%= form.datetime_field :written_at, value: Time.current.strftime("%Y-%m-%dT%T") %>
|
265
|
+
```
|
263
266
|
|
264
|
-
|
267
|
+
After:
|
268
|
+
```erb
|
269
|
+
<%= form.datetime_field :written_at, value: Time.current %>
|
270
|
+
```
|
265
271
|
|
266
|
-
*
|
272
|
+
*Andrey Samsonov*
|
267
273
|
|
268
|
-
|
274
|
+
* Choices of `select` can optionally contain html attributes as the last element
|
275
|
+
of the child arrays when using grouped/nested collections
|
269
276
|
|
270
|
-
|
277
|
+
```erb
|
278
|
+
<%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
|
279
|
+
# => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
|
280
|
+
```
|
271
281
|
|
272
|
-
*
|
282
|
+
*Chris Gunther*
|
273
283
|
|
274
|
-
*
|
284
|
+
* `check_box_tag` and `radio_button_tag` now accept `checked` as a keyword argument
|
275
285
|
|
276
|
-
|
286
|
+
This is to make the API more consistent with the `FormHelper` variants. You can now
|
287
|
+
provide `checked` as a positional or keyword argument:
|
277
288
|
|
278
|
-
|
289
|
+
```erb
|
290
|
+
= check_box_tag "admin", "1", false
|
291
|
+
= check_box_tag "admin", "1", checked: false
|
279
292
|
|
280
|
-
|
293
|
+
= radio_button_tag 'favorite_color', 'maroon', false
|
294
|
+
= radio_button_tag 'favorite_color', 'maroon', checked: false
|
295
|
+
```
|
281
296
|
|
282
|
-
*
|
297
|
+
*Alex Ghiculescu*
|
283
298
|
|
284
|
-
|
299
|
+
* Allow passing a class to `dom_id`.
|
300
|
+
You no longer need to call `new` when passing a class to `dom_id`.
|
301
|
+
This makes `dom_id` behave like `dom_class` in this regard.
|
302
|
+
Apart from saving a few keystrokes, it prevents Ruby from needing
|
303
|
+
to instantiate a whole new object just to generate a string.
|
285
304
|
|
286
|
-
|
305
|
+
Before:
|
306
|
+
```ruby
|
307
|
+
dom_id(Post) # => NoMethodError: undefined method `to_key' for Post:Class
|
308
|
+
```
|
287
309
|
|
288
|
-
|
310
|
+
After:
|
311
|
+
```ruby
|
312
|
+
dom_id(Post) # => "new_post"
|
313
|
+
```
|
289
314
|
|
290
|
-
*
|
315
|
+
*Goulven Champenois*
|
291
316
|
|
292
|
-
|
317
|
+
* Report `:locals` as part of the data returned by ActionView render instrumentation.
|
293
318
|
|
294
|
-
|
319
|
+
Before:
|
320
|
+
```ruby
|
321
|
+
{
|
322
|
+
identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
|
323
|
+
layout: "layouts/application"
|
324
|
+
}
|
325
|
+
```
|
295
326
|
|
296
|
-
|
327
|
+
After:
|
328
|
+
```ruby
|
329
|
+
{
|
330
|
+
identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
|
331
|
+
layout: "layouts/application",
|
332
|
+
locals: {foo: "bar"}
|
333
|
+
}
|
334
|
+
```
|
297
335
|
|
298
|
-
*
|
336
|
+
*Aaron Gough*
|
299
337
|
|
300
|
-
|
338
|
+
* Strip `break_sequence` at the end of `word_wrap`.
|
301
339
|
|
302
|
-
|
340
|
+
This fixes a bug where `word_wrap` didn't properly strip off break sequences that had printable characters.
|
303
341
|
|
304
|
-
|
342
|
+
For example, compare the outputs of this template:
|
305
343
|
|
306
|
-
|
344
|
+
```erb
|
345
|
+
# <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>
|
346
|
+
```
|
307
347
|
|
308
|
-
|
348
|
+
Before:
|
309
349
|
|
310
|
-
|
350
|
+
```
|
351
|
+
# 11
|
352
|
+
# 22
|
353
|
+
#
|
354
|
+
# 33
|
355
|
+
# 44
|
356
|
+
#
|
357
|
+
```
|
311
358
|
|
312
|
-
|
359
|
+
After:
|
313
360
|
|
314
|
-
|
361
|
+
```
|
362
|
+
# 11
|
363
|
+
# 22
|
364
|
+
# 33
|
365
|
+
# 44
|
366
|
+
```
|
315
367
|
|
316
|
-
*
|
368
|
+
*Max Chernyak*
|
317
369
|
|
318
|
-
*
|
370
|
+
* Allow templates to set strict `locals`.
|
319
371
|
|
320
|
-
|
372
|
+
By default, templates will accept any `locals` as keyword arguments. To define what `locals` a template accepts, add a `locals` magic comment:
|
321
373
|
|
322
|
-
|
374
|
+
```erb
|
375
|
+
<%# locals: (message:) -%>
|
376
|
+
<%= message %>
|
377
|
+
```
|
323
378
|
|
324
|
-
|
379
|
+
Default values can also be provided:
|
325
380
|
|
326
|
-
|
327
|
-
|
381
|
+
```erb
|
382
|
+
<%# locals: (message: "Hello, world!") -%>
|
383
|
+
<%= message %>
|
384
|
+
```
|
328
385
|
|
329
|
-
|
330
|
-
<span title="<%= resolved_key %>"><%= translation %></span>
|
331
|
-
<% end %>
|
386
|
+
Or `locals` can be disabled entirely:
|
332
387
|
|
333
|
-
|
388
|
+
```erb
|
389
|
+
<%# locals: () %>
|
390
|
+
```
|
334
391
|
|
335
|
-
*
|
336
|
-
fragments are contained in a block passed to the render helper. Remove the
|
337
|
-
virtual_path keyword arguments found in CacheHelper as they no longer possess
|
338
|
-
any function following 1581cab.
|
392
|
+
*Joel Hawksley*
|
339
393
|
|
340
|
-
|
394
|
+
* Add `include_seconds` option for `datetime_local_field`
|
341
395
|
|
342
|
-
|
396
|
+
This allows to omit seconds part in the input field, by passing `include_seconds: false`
|
343
397
|
|
344
|
-
*
|
345
|
-
`config.i18n.raise_on_missing_translations`.
|
398
|
+
*Wojciech Wnętrzak*
|
346
399
|
|
347
|
-
|
348
|
-
|
400
|
+
* Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
|
401
|
+
`object_name` arguments. For example:
|
349
402
|
|
350
|
-
|
403
|
+
```erb
|
404
|
+
<%= fields do |f| %>
|
405
|
+
<%= f.field_name :body %>
|
406
|
+
<% end %>
|
407
|
+
```
|
351
408
|
|
352
|
-
*
|
353
|
-
and include (when necessary) the layout's virtual path in notification payloads for collection and partial renders.
|
409
|
+
*Sean Doyle*
|
354
410
|
|
355
|
-
|
411
|
+
* Strings returned from `strip_tags` are correctly tagged `html_safe?`
|
356
412
|
|
357
|
-
|
413
|
+
Because these strings contain no HTML elements and the basic entities are escaped, they are safe
|
414
|
+
to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
|
415
|
+
entities when being concatenated to a SafeBuffer during rendering.
|
358
416
|
|
359
|
-
|
417
|
+
Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
|
360
418
|
|
361
|
-
*
|
362
|
-
passed `default: nil` without a translation matching `I18n#translate`.
|
419
|
+
*Mike Dalessio*
|
363
420
|
|
364
|
-
|
421
|
+
* Move `convert_to_model` call from `form_for` into `form_with`
|
365
422
|
|
366
|
-
|
367
|
-
|
423
|
+
Now that `form_for` is implemented in terms of `form_with`, remove the
|
424
|
+
`convert_to_model` call from `form_for`.
|
368
425
|
|
369
|
-
*
|
426
|
+
*Sean Doyle*
|
370
427
|
|
371
|
-
*
|
428
|
+
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
|
372
429
|
|
373
|
-
|
430
|
+
Escape dangerous characters in names of tags and names of attributes in the
|
431
|
+
tag helpers, following the XML specification. Rename the option
|
432
|
+
`:escape_attributes` to `:escape`, to simplify by applying the option to the
|
433
|
+
whole tag.
|
374
434
|
|
375
|
-
|
435
|
+
*Álvaro Martín Fraguas*
|
376
436
|
|
377
|
-
|
437
|
+
* Extend audio_tag and video_tag to accept Active Storage attachments.
|
378
438
|
|
379
|
-
|
439
|
+
Now it's possible to write
|
380
440
|
|
381
441
|
```ruby
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
# Before
|
386
|
-
select("post", "category", none: nil, programming: 1, economics: 2)
|
387
|
-
# =>
|
388
|
-
# <select name="post[category]" id="post_category">
|
389
|
-
# <option value="">none</option>
|
390
|
-
# <option value="1">programming</option>
|
391
|
-
# <option value="2">economics</option>
|
392
|
-
# </select>
|
393
|
-
|
394
|
-
# After
|
395
|
-
select("post", "category", none: nil, programming: 1, economics: 2)
|
396
|
-
# =>
|
397
|
-
# <select name="post[category]" id="post_category">
|
398
|
-
# <option selected="selected" value="">none</option>
|
399
|
-
# <option value="1">programming</option>
|
400
|
-
# <option value="2">economics</option>
|
401
|
-
# </select>
|
442
|
+
audio_tag(user.audio_file)
|
443
|
+
video_tag(user.video_file)
|
402
444
|
```
|
403
445
|
|
404
|
-
|
405
|
-
|
406
|
-
* Log lines for partial renders and started template renders are now
|
407
|
-
emitted at the `DEBUG` level instead of `INFO`.
|
408
|
-
|
409
|
-
Completed template renders are still logged at the `INFO` level.
|
410
|
-
|
411
|
-
*DHH*
|
412
|
-
|
413
|
-
* ActionView::Helpers::SanitizeHelper: support rails-html-sanitizer 1.1.0.
|
414
|
-
|
415
|
-
*Juanito Fatas*
|
446
|
+
Instead of
|
416
447
|
|
417
|
-
|
418
|
-
|
419
|
-
|
420
|
-
|
421
|
-
* annotated_source_code returns an empty array so TemplateErrors without a
|
422
|
-
template in the backtrace are surfaced properly by DebugExceptions.
|
423
|
-
|
424
|
-
*Guilherme Mansur*, *Kasper Timm Hansen*
|
425
|
-
|
426
|
-
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
|
427
|
-
|
428
|
-
*Guilherme Mansur*, *Gannon McGibbon*
|
429
|
-
|
430
|
-
* `RenderingHelper` supports rendering objects that `respond_to?` `:render_in`.
|
448
|
+
```ruby
|
449
|
+
audio_tag(polymorphic_path(user.audio_file))
|
450
|
+
video_tag(polymorphic_path(user.video_file))
|
451
|
+
```
|
431
452
|
|
432
|
-
|
453
|
+
`image_tag` already supported that, so this follows the same pattern.
|
433
454
|
|
434
|
-
*
|
455
|
+
*Matheus Richard*
|
435
456
|
|
436
|
-
|
457
|
+
* Ensure models passed to `form_for` attempt to call `to_model`.
|
437
458
|
|
459
|
+
*Sean Doyle*
|
438
460
|
|
439
|
-
Please check [
|
461
|
+
Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md) for previous changes.
|