actionview 7.0.3.1 → 7.0.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -0
- data/lib/action_view/gem_version.rb +2 -2
- data/lib/action_view/helpers/date_helper.rb +1 -1
- data/lib/action_view/helpers/form_helper.rb +9 -5
- data/lib/action_view/helpers/form_tag_helper.rb +42 -18
- data/lib/action_view/helpers/sanitize_helper.rb +1 -1
- data/lib/action_view/helpers/translation_helper.rb +3 -3
- data/lib/action_view/routing_url_for.rb +3 -0
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9066694b3679ed86d9e2cbd1ce632e2319794fe24940bab92ec01b81d18e85de
|
4
|
+
data.tar.gz: e084e640d84b94de53a0d17b733bea452d45af6dd8f413b71a1dcbdcd3413423
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ec58c95da3048137a77cc78b13a230dd2ac562147c382e4d1bf89387dc503f29f8b523e33cd2815a9919264a73d9db6302e74ee4921908fb293b8599e008ebe9
|
7
|
+
data.tar.gz: '080c2f40c6b9062207d7710082f7cd30c32c19249b4943a7b51de3c274fe002ccf60fb6a24620c351c1ccd3db1d69cc48dcacb9e8bb67ace7362ade4eed704be'
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,26 @@
|
|
1
|
+
## Rails 7.0.4 (September 09, 2022) ##
|
2
|
+
|
3
|
+
* Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
|
4
|
+
`object_name` arguments. For example:
|
5
|
+
|
6
|
+
```erb
|
7
|
+
<%= fields do |f| %>
|
8
|
+
<%= f.field_name :body %>
|
9
|
+
<% end %>
|
10
|
+
```
|
11
|
+
|
12
|
+
*Sean Doyle*
|
13
|
+
|
14
|
+
* Strings returned from `strip_tags` are correctly tagged `html_safe?`
|
15
|
+
|
16
|
+
Because these strings contain no HTML elements and the basic entities are escaped, they are safe
|
17
|
+
to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
|
18
|
+
entities when being concatenated to a SafeBuffer during rendering.
|
19
|
+
|
20
|
+
Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
|
21
|
+
|
22
|
+
*Mike Dalessio*
|
23
|
+
|
1
24
|
## Rails 7.0.3.1 (July 12, 2022) ##
|
2
25
|
|
3
26
|
* No changes.
|
@@ -888,7 +888,7 @@ module ActionView
|
|
888
888
|
def month_names
|
889
889
|
@month_names ||= begin
|
890
890
|
month_names = @options[:use_month_names] || translated_month_names
|
891
|
-
month_names
|
891
|
+
month_names = [nil, *month_names] if month_names.size < 13
|
892
892
|
month_names
|
893
893
|
end
|
894
894
|
end
|
@@ -1438,10 +1438,12 @@ module ActionView
|
|
1438
1438
|
# formatted by trying to call +strftime+ with "%H:%M" on the object's value.
|
1439
1439
|
# It is also possible to override this by passing the "value" option.
|
1440
1440
|
#
|
1441
|
-
#
|
1442
|
-
#
|
1441
|
+
# ==== Options
|
1442
|
+
#
|
1443
|
+
# Supports the same options as FormTagHelper#time_field_tag.
|
1444
|
+
#
|
1445
|
+
# ==== Examples
|
1443
1446
|
#
|
1444
|
-
# === Example
|
1445
1447
|
# time_field("task", "started_at")
|
1446
1448
|
# # => <input id="task_started_at" name="task[started_at]" type="time" />
|
1447
1449
|
#
|
@@ -1553,7 +1555,8 @@ module ActionView
|
|
1553
1555
|
# Returns an input tag of type "number".
|
1554
1556
|
#
|
1555
1557
|
# ==== Options
|
1556
|
-
#
|
1558
|
+
#
|
1559
|
+
# Supports the same options as FormTagHelper#number_field_tag.
|
1557
1560
|
def number_field(object_name, method, options = {})
|
1558
1561
|
Tags::NumberField.new(object_name, method, self, options).render
|
1559
1562
|
end
|
@@ -1561,7 +1564,8 @@ module ActionView
|
|
1561
1564
|
# Returns an input tag of type "range".
|
1562
1565
|
#
|
1563
1566
|
# ==== Options
|
1564
|
-
#
|
1567
|
+
#
|
1568
|
+
# Supports the same options as FormTagHelper#range_field_tag.
|
1565
1569
|
def range_field(object_name, method, options = {})
|
1566
1570
|
Tags::RangeField.new(object_name, method, self, options).render
|
1567
1571
|
end
|
@@ -131,7 +131,7 @@ module ActionView
|
|
131
131
|
|
132
132
|
# a little duplication to construct fewer strings
|
133
133
|
case
|
134
|
-
when object_name.
|
134
|
+
when object_name.blank?
|
135
135
|
"#{method_name}#{names}#{multiple ? "[]" : ""}"
|
136
136
|
when index
|
137
137
|
"#{object_name}[#{index}][#{method_name}]#{names}#{multiple ? "[]" : ""}"
|
@@ -657,9 +657,11 @@ module ActionView
|
|
657
657
|
# Creates a text field of type "color".
|
658
658
|
#
|
659
659
|
# ==== Options
|
660
|
-
#
|
660
|
+
#
|
661
|
+
# Supports the same options as #text_field_tag.
|
661
662
|
#
|
662
663
|
# ==== Examples
|
664
|
+
#
|
663
665
|
# color_field_tag 'name'
|
664
666
|
# # => <input id="name" name="name" type="color" />
|
665
667
|
#
|
@@ -678,9 +680,11 @@ module ActionView
|
|
678
680
|
# Creates a text field of type "search".
|
679
681
|
#
|
680
682
|
# ==== Options
|
681
|
-
#
|
683
|
+
#
|
684
|
+
# Supports the same options as #text_field_tag.
|
682
685
|
#
|
683
686
|
# ==== Examples
|
687
|
+
#
|
684
688
|
# search_field_tag 'name'
|
685
689
|
# # => <input id="name" name="name" type="search" />
|
686
690
|
#
|
@@ -699,9 +703,11 @@ module ActionView
|
|
699
703
|
# Creates a text field of type "tel".
|
700
704
|
#
|
701
705
|
# ==== Options
|
702
|
-
#
|
706
|
+
#
|
707
|
+
# Supports the same options as #text_field_tag.
|
703
708
|
#
|
704
709
|
# ==== Examples
|
710
|
+
#
|
705
711
|
# telephone_field_tag 'name'
|
706
712
|
# # => <input id="name" name="name" type="tel" />
|
707
713
|
#
|
@@ -721,9 +727,11 @@ module ActionView
|
|
721
727
|
# Creates a text field of type "date".
|
722
728
|
#
|
723
729
|
# ==== Options
|
724
|
-
#
|
730
|
+
#
|
731
|
+
# Supports the same options as #text_field_tag.
|
725
732
|
#
|
726
733
|
# ==== Examples
|
734
|
+
#
|
727
735
|
# date_field_tag 'name'
|
728
736
|
# # => <input id="name" name="name" type="date" />
|
729
737
|
#
|
@@ -741,23 +749,27 @@ module ActionView
|
|
741
749
|
|
742
750
|
# Creates a text field of type "time".
|
743
751
|
#
|
744
|
-
#
|
752
|
+
# ==== Options
|
753
|
+
#
|
754
|
+
# Supports the same options as #text_field_tag. Additionally, supports:
|
755
|
+
#
|
745
756
|
# * <tt>:min</tt> - The minimum acceptable value.
|
746
757
|
# * <tt>:max</tt> - The maximum acceptable value.
|
747
758
|
# * <tt>:step</tt> - The acceptable value granularity.
|
748
759
|
# * <tt>:include_seconds</tt> - Include seconds and ms in the output timestamp format (true by default).
|
749
|
-
# * Otherwise accepts the same options as text_field_tag.
|
750
760
|
def time_field_tag(name, value = nil, options = {})
|
751
761
|
text_field_tag(name, value, options.merge(type: :time))
|
752
762
|
end
|
753
763
|
|
754
764
|
# Creates a text field of type "datetime-local".
|
755
765
|
#
|
756
|
-
#
|
766
|
+
# ==== Options
|
767
|
+
#
|
768
|
+
# Supports the same options as #text_field_tag. Additionally, supports:
|
769
|
+
#
|
757
770
|
# * <tt>:min</tt> - The minimum acceptable value.
|
758
771
|
# * <tt>:max</tt> - The maximum acceptable value.
|
759
772
|
# * <tt>:step</tt> - The acceptable value granularity.
|
760
|
-
# * Otherwise accepts the same options as text_field_tag.
|
761
773
|
def datetime_field_tag(name, value = nil, options = {})
|
762
774
|
text_field_tag(name, value, options.merge(type: "datetime-local"))
|
763
775
|
end
|
@@ -766,22 +778,26 @@ module ActionView
|
|
766
778
|
|
767
779
|
# Creates a text field of type "month".
|
768
780
|
#
|
769
|
-
#
|
781
|
+
# ==== Options
|
782
|
+
#
|
783
|
+
# Supports the same options as #text_field_tag. Additionally, supports:
|
784
|
+
#
|
770
785
|
# * <tt>:min</tt> - The minimum acceptable value.
|
771
786
|
# * <tt>:max</tt> - The maximum acceptable value.
|
772
787
|
# * <tt>:step</tt> - The acceptable value granularity.
|
773
|
-
# * Otherwise accepts the same options as text_field_tag.
|
774
788
|
def month_field_tag(name, value = nil, options = {})
|
775
789
|
text_field_tag(name, value, options.merge(type: :month))
|
776
790
|
end
|
777
791
|
|
778
792
|
# Creates a text field of type "week".
|
779
793
|
#
|
780
|
-
#
|
794
|
+
# ==== Options
|
795
|
+
#
|
796
|
+
# Supports the same options as #text_field_tag. Additionally, supports:
|
797
|
+
#
|
781
798
|
# * <tt>:min</tt> - The minimum acceptable value.
|
782
799
|
# * <tt>:max</tt> - The maximum acceptable value.
|
783
800
|
# * <tt>:step</tt> - The acceptable value granularity.
|
784
|
-
# * Otherwise accepts the same options as text_field_tag.
|
785
801
|
def week_field_tag(name, value = nil, options = {})
|
786
802
|
text_field_tag(name, value, options.merge(type: :week))
|
787
803
|
end
|
@@ -789,9 +805,11 @@ module ActionView
|
|
789
805
|
# Creates a text field of type "url".
|
790
806
|
#
|
791
807
|
# ==== Options
|
792
|
-
#
|
808
|
+
#
|
809
|
+
# Supports the same options as #text_field_tag.
|
793
810
|
#
|
794
811
|
# ==== Examples
|
812
|
+
#
|
795
813
|
# url_field_tag 'name'
|
796
814
|
# # => <input id="name" name="name" type="url" />
|
797
815
|
#
|
@@ -810,9 +828,11 @@ module ActionView
|
|
810
828
|
# Creates a text field of type "email".
|
811
829
|
#
|
812
830
|
# ==== Options
|
813
|
-
#
|
831
|
+
#
|
832
|
+
# Supports the same options as #text_field_tag.
|
814
833
|
#
|
815
834
|
# ==== Examples
|
835
|
+
#
|
816
836
|
# email_field_tag 'name'
|
817
837
|
# # => <input id="name" name="name" type="email" />
|
818
838
|
#
|
@@ -831,15 +851,18 @@ module ActionView
|
|
831
851
|
# Creates a number field.
|
832
852
|
#
|
833
853
|
# ==== Options
|
854
|
+
#
|
855
|
+
# Supports the same options as #text_field_tag. Additionally, supports:
|
856
|
+
#
|
834
857
|
# * <tt>:min</tt> - The minimum acceptable value.
|
835
858
|
# * <tt>:max</tt> - The maximum acceptable value.
|
836
859
|
# * <tt>:in</tt> - A range specifying the <tt>:min</tt> and
|
837
860
|
# <tt>:max</tt> values.
|
838
861
|
# * <tt>:within</tt> - Same as <tt>:in</tt>.
|
839
862
|
# * <tt>:step</tt> - The acceptable value granularity.
|
840
|
-
# * Otherwise accepts the same options as text_field_tag.
|
841
863
|
#
|
842
864
|
# ==== Examples
|
865
|
+
#
|
843
866
|
# number_field_tag 'quantity'
|
844
867
|
# # => <input id="quantity" name="quantity" type="number" />
|
845
868
|
#
|
@@ -881,12 +904,13 @@ module ActionView
|
|
881
904
|
# Creates a range form element.
|
882
905
|
#
|
883
906
|
# ==== Options
|
884
|
-
#
|
907
|
+
#
|
908
|
+
# Supports the same options as #number_field_tag.
|
885
909
|
def range_field_tag(name, value = nil, options = {})
|
886
910
|
number_field_tag(name, value, options.merge(type: :range))
|
887
911
|
end
|
888
912
|
|
889
|
-
# Creates the hidden
|
913
|
+
# Creates the hidden UTF-8 enforcer tag. Override this method in a helper
|
890
914
|
# to customize the tag.
|
891
915
|
def utf8_enforcer_tag
|
892
916
|
# Use raw HTML to ensure the value is written as an HTML entity; it
|
@@ -101,7 +101,7 @@ module ActionView
|
|
101
101
|
# strip_tags("> A quote from Smith & Wesson")
|
102
102
|
# # => > A quote from Smith & Wesson
|
103
103
|
def strip_tags(html)
|
104
|
-
self.class.full_sanitizer.sanitize(html)
|
104
|
+
self.class.full_sanitizer.sanitize(html)&.html_safe
|
105
105
|
end
|
106
106
|
|
107
107
|
# Strips all link tags from +html+ leaving just the link text.
|
@@ -90,7 +90,7 @@ module ActionView
|
|
90
90
|
|
91
91
|
translated = ActiveSupport::HtmlSafeTranslation.translate(key, **options, default: default)
|
92
92
|
|
93
|
-
break translated unless translated
|
93
|
+
break translated unless translated == MISSING_TRANSLATION
|
94
94
|
|
95
95
|
if alternatives.present? && !alternatives.first.is_a?(Symbol)
|
96
96
|
break alternatives.first && I18n.translate(**options, default: alternatives)
|
@@ -111,7 +111,7 @@ module ActionView
|
|
111
111
|
|
112
112
|
# Delegates to <tt>I18n.localize</tt> with no additional functionality.
|
113
113
|
#
|
114
|
-
# See https://www.rubydoc.info/
|
114
|
+
# See https://www.rubydoc.info/gems/i18n/I18n/Backend/Base:localize
|
115
115
|
# for more information.
|
116
116
|
def localize(object, **options)
|
117
117
|
I18n.localize(object, **options)
|
@@ -119,7 +119,7 @@ module ActionView
|
|
119
119
|
alias :l :localize
|
120
120
|
|
121
121
|
private
|
122
|
-
MISSING_TRANSLATION =
|
122
|
+
MISSING_TRANSLATION = -(2**60)
|
123
123
|
private_constant :MISSING_TRANSLATION
|
124
124
|
|
125
125
|
NO_DEFAULT = [].freeze
|
@@ -47,6 +47,9 @@ module ActionView
|
|
47
47
|
# <%= url_for(action: 'jump', anchor: 'tax&ship') %>
|
48
48
|
# # => /testing/jump/#tax&ship
|
49
49
|
#
|
50
|
+
# <%= url_for(Workshop) %>
|
51
|
+
# # => /workshops
|
52
|
+
#
|
50
53
|
# <%= url_for(Workshop.new) %>
|
51
54
|
# # relies on Workshop answering a persisted? call (and in this case returning false)
|
52
55
|
# # => /workshops
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionview
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.0.
|
4
|
+
version: 7.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.0.
|
19
|
+
version: 7.0.4
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.0.
|
26
|
+
version: 7.0.4
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: builder
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -92,28 +92,28 @@ dependencies:
|
|
92
92
|
requirements:
|
93
93
|
- - '='
|
94
94
|
- !ruby/object:Gem::Version
|
95
|
-
version: 7.0.
|
95
|
+
version: 7.0.4
|
96
96
|
type: :development
|
97
97
|
prerelease: false
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
99
99
|
requirements:
|
100
100
|
- - '='
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: 7.0.
|
102
|
+
version: 7.0.4
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: activemodel
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
106
106
|
requirements:
|
107
107
|
- - '='
|
108
108
|
- !ruby/object:Gem::Version
|
109
|
-
version: 7.0.
|
109
|
+
version: 7.0.4
|
110
110
|
type: :development
|
111
111
|
prerelease: false
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
113
113
|
requirements:
|
114
114
|
- - '='
|
115
115
|
- !ruby/object:Gem::Version
|
116
|
-
version: 7.0.
|
116
|
+
version: 7.0.4
|
117
117
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
118
118
|
email: david@loudthinking.com
|
119
119
|
executables: []
|
@@ -246,10 +246,10 @@ licenses:
|
|
246
246
|
- MIT
|
247
247
|
metadata:
|
248
248
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
249
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.0.
|
250
|
-
documentation_uri: https://api.rubyonrails.org/v7.0.
|
249
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.0.4/actionview/CHANGELOG.md
|
250
|
+
documentation_uri: https://api.rubyonrails.org/v7.0.4/
|
251
251
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
252
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.0.
|
252
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.0.4/actionview
|
253
253
|
rubygems_mfa_required: 'true'
|
254
254
|
post_install_message:
|
255
255
|
rdoc_options: []
|