actionview 7.0.3.1 → 7.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 618f7c799c845d78785f364b28e843e39f0f85d723119744e17eb604ee715020
4
- data.tar.gz: 0fa721ff131bbaeedc3e3d5147812ad6978327fec8b19c09ce6f56085dbd6e1c
3
+ metadata.gz: 9066694b3679ed86d9e2cbd1ce632e2319794fe24940bab92ec01b81d18e85de
4
+ data.tar.gz: e084e640d84b94de53a0d17b733bea452d45af6dd8f413b71a1dcbdcd3413423
5
5
  SHA512:
6
- metadata.gz: 29014bf89dcb9c07112cf96b7ec6c2ead159767865d2105badc530789d0ec5325f1ca30925e197828f312011ad7ba5d93f61a0377602c7d25460f421aca85bc4
7
- data.tar.gz: ed33e38b8ce72793a859f25f89c3efafc12d76f7fe00b11c32247e847d015be80941d7aa61e51509f7e5d055dc2121fd2ea59691663210af567ed1a30d5aedd8
6
+ metadata.gz: ec58c95da3048137a77cc78b13a230dd2ac562147c382e4d1bf89387dc503f29f8b523e33cd2815a9919264a73d9db6302e74ee4921908fb293b8599e008ebe9
7
+ data.tar.gz: '080c2f40c6b9062207d7710082f7cd30c32c19249b4943a7b51de3c274fe002ccf60fb6a24620c351c1ccd3db1d69cc48dcacb9e8bb67ace7362ade4eed704be'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,26 @@
1
+ ## Rails 7.0.4 (September 09, 2022) ##
2
+
3
+ * Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
4
+ `object_name` arguments. For example:
5
+
6
+ ```erb
7
+ <%= fields do |f| %>
8
+ <%= f.field_name :body %>
9
+ <% end %>
10
+ ```
11
+
12
+ *Sean Doyle*
13
+
14
+ * Strings returned from `strip_tags` are correctly tagged `html_safe?`
15
+
16
+ Because these strings contain no HTML elements and the basic entities are escaped, they are safe
17
+ to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
18
+ entities when being concatenated to a SafeBuffer during rendering.
19
+
20
+ Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
21
+
22
+ *Mike Dalessio*
23
+
1
24
  ## Rails 7.0.3.1 (July 12, 2022) ##
2
25
 
3
26
  * No changes.
@@ -9,8 +9,8 @@ module ActionView
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 0
12
- TINY = 3
13
- PRE = "1"
12
+ TINY = 4
13
+ PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -888,7 +888,7 @@ module ActionView
888
888
  def month_names
889
889
  @month_names ||= begin
890
890
  month_names = @options[:use_month_names] || translated_month_names
891
- month_names.unshift(nil) if month_names.size < 13
891
+ month_names = [nil, *month_names] if month_names.size < 13
892
892
  month_names
893
893
  end
894
894
  end
@@ -1438,10 +1438,12 @@ module ActionView
1438
1438
  # formatted by trying to call +strftime+ with "%H:%M" on the object's value.
1439
1439
  # It is also possible to override this by passing the "value" option.
1440
1440
  #
1441
- # === Options
1442
- # * Accepts same options as time_field_tag
1441
+ # ==== Options
1442
+ #
1443
+ # Supports the same options as FormTagHelper#time_field_tag.
1444
+ #
1445
+ # ==== Examples
1443
1446
  #
1444
- # === Example
1445
1447
  # time_field("task", "started_at")
1446
1448
  # # => <input id="task_started_at" name="task[started_at]" type="time" />
1447
1449
  #
@@ -1553,7 +1555,8 @@ module ActionView
1553
1555
  # Returns an input tag of type "number".
1554
1556
  #
1555
1557
  # ==== Options
1556
- # * Accepts same options as number_field_tag
1558
+ #
1559
+ # Supports the same options as FormTagHelper#number_field_tag.
1557
1560
  def number_field(object_name, method, options = {})
1558
1561
  Tags::NumberField.new(object_name, method, self, options).render
1559
1562
  end
@@ -1561,7 +1564,8 @@ module ActionView
1561
1564
  # Returns an input tag of type "range".
1562
1565
  #
1563
1566
  # ==== Options
1564
- # * Accepts same options as range_field_tag
1567
+ #
1568
+ # Supports the same options as FormTagHelper#range_field_tag.
1565
1569
  def range_field(object_name, method, options = {})
1566
1570
  Tags::RangeField.new(object_name, method, self, options).render
1567
1571
  end
@@ -131,7 +131,7 @@ module ActionView
131
131
 
132
132
  # a little duplication to construct fewer strings
133
133
  case
134
- when object_name.empty?
134
+ when object_name.blank?
135
135
  "#{method_name}#{names}#{multiple ? "[]" : ""}"
136
136
  when index
137
137
  "#{object_name}[#{index}][#{method_name}]#{names}#{multiple ? "[]" : ""}"
@@ -657,9 +657,11 @@ module ActionView
657
657
  # Creates a text field of type "color".
658
658
  #
659
659
  # ==== Options
660
- # * Accepts the same options as text_field_tag.
660
+ #
661
+ # Supports the same options as #text_field_tag.
661
662
  #
662
663
  # ==== Examples
664
+ #
663
665
  # color_field_tag 'name'
664
666
  # # => <input id="name" name="name" type="color" />
665
667
  #
@@ -678,9 +680,11 @@ module ActionView
678
680
  # Creates a text field of type "search".
679
681
  #
680
682
  # ==== Options
681
- # * Accepts the same options as text_field_tag.
683
+ #
684
+ # Supports the same options as #text_field_tag.
682
685
  #
683
686
  # ==== Examples
687
+ #
684
688
  # search_field_tag 'name'
685
689
  # # => <input id="name" name="name" type="search" />
686
690
  #
@@ -699,9 +703,11 @@ module ActionView
699
703
  # Creates a text field of type "tel".
700
704
  #
701
705
  # ==== Options
702
- # * Accepts the same options as text_field_tag.
706
+ #
707
+ # Supports the same options as #text_field_tag.
703
708
  #
704
709
  # ==== Examples
710
+ #
705
711
  # telephone_field_tag 'name'
706
712
  # # => <input id="name" name="name" type="tel" />
707
713
  #
@@ -721,9 +727,11 @@ module ActionView
721
727
  # Creates a text field of type "date".
722
728
  #
723
729
  # ==== Options
724
- # * Accepts the same options as text_field_tag.
730
+ #
731
+ # Supports the same options as #text_field_tag.
725
732
  #
726
733
  # ==== Examples
734
+ #
727
735
  # date_field_tag 'name'
728
736
  # # => <input id="name" name="name" type="date" />
729
737
  #
@@ -741,23 +749,27 @@ module ActionView
741
749
 
742
750
  # Creates a text field of type "time".
743
751
  #
744
- # === Options
752
+ # ==== Options
753
+ #
754
+ # Supports the same options as #text_field_tag. Additionally, supports:
755
+ #
745
756
  # * <tt>:min</tt> - The minimum acceptable value.
746
757
  # * <tt>:max</tt> - The maximum acceptable value.
747
758
  # * <tt>:step</tt> - The acceptable value granularity.
748
759
  # * <tt>:include_seconds</tt> - Include seconds and ms in the output timestamp format (true by default).
749
- # * Otherwise accepts the same options as text_field_tag.
750
760
  def time_field_tag(name, value = nil, options = {})
751
761
  text_field_tag(name, value, options.merge(type: :time))
752
762
  end
753
763
 
754
764
  # Creates a text field of type "datetime-local".
755
765
  #
756
- # === Options
766
+ # ==== Options
767
+ #
768
+ # Supports the same options as #text_field_tag. Additionally, supports:
769
+ #
757
770
  # * <tt>:min</tt> - The minimum acceptable value.
758
771
  # * <tt>:max</tt> - The maximum acceptable value.
759
772
  # * <tt>:step</tt> - The acceptable value granularity.
760
- # * Otherwise accepts the same options as text_field_tag.
761
773
  def datetime_field_tag(name, value = nil, options = {})
762
774
  text_field_tag(name, value, options.merge(type: "datetime-local"))
763
775
  end
@@ -766,22 +778,26 @@ module ActionView
766
778
 
767
779
  # Creates a text field of type "month".
768
780
  #
769
- # === Options
781
+ # ==== Options
782
+ #
783
+ # Supports the same options as #text_field_tag. Additionally, supports:
784
+ #
770
785
  # * <tt>:min</tt> - The minimum acceptable value.
771
786
  # * <tt>:max</tt> - The maximum acceptable value.
772
787
  # * <tt>:step</tt> - The acceptable value granularity.
773
- # * Otherwise accepts the same options as text_field_tag.
774
788
  def month_field_tag(name, value = nil, options = {})
775
789
  text_field_tag(name, value, options.merge(type: :month))
776
790
  end
777
791
 
778
792
  # Creates a text field of type "week".
779
793
  #
780
- # === Options
794
+ # ==== Options
795
+ #
796
+ # Supports the same options as #text_field_tag. Additionally, supports:
797
+ #
781
798
  # * <tt>:min</tt> - The minimum acceptable value.
782
799
  # * <tt>:max</tt> - The maximum acceptable value.
783
800
  # * <tt>:step</tt> - The acceptable value granularity.
784
- # * Otherwise accepts the same options as text_field_tag.
785
801
  def week_field_tag(name, value = nil, options = {})
786
802
  text_field_tag(name, value, options.merge(type: :week))
787
803
  end
@@ -789,9 +805,11 @@ module ActionView
789
805
  # Creates a text field of type "url".
790
806
  #
791
807
  # ==== Options
792
- # * Accepts the same options as text_field_tag.
808
+ #
809
+ # Supports the same options as #text_field_tag.
793
810
  #
794
811
  # ==== Examples
812
+ #
795
813
  # url_field_tag 'name'
796
814
  # # => <input id="name" name="name" type="url" />
797
815
  #
@@ -810,9 +828,11 @@ module ActionView
810
828
  # Creates a text field of type "email".
811
829
  #
812
830
  # ==== Options
813
- # * Accepts the same options as text_field_tag.
831
+ #
832
+ # Supports the same options as #text_field_tag.
814
833
  #
815
834
  # ==== Examples
835
+ #
816
836
  # email_field_tag 'name'
817
837
  # # => <input id="name" name="name" type="email" />
818
838
  #
@@ -831,15 +851,18 @@ module ActionView
831
851
  # Creates a number field.
832
852
  #
833
853
  # ==== Options
854
+ #
855
+ # Supports the same options as #text_field_tag. Additionally, supports:
856
+ #
834
857
  # * <tt>:min</tt> - The minimum acceptable value.
835
858
  # * <tt>:max</tt> - The maximum acceptable value.
836
859
  # * <tt>:in</tt> - A range specifying the <tt>:min</tt> and
837
860
  # <tt>:max</tt> values.
838
861
  # * <tt>:within</tt> - Same as <tt>:in</tt>.
839
862
  # * <tt>:step</tt> - The acceptable value granularity.
840
- # * Otherwise accepts the same options as text_field_tag.
841
863
  #
842
864
  # ==== Examples
865
+ #
843
866
  # number_field_tag 'quantity'
844
867
  # # => <input id="quantity" name="quantity" type="number" />
845
868
  #
@@ -881,12 +904,13 @@ module ActionView
881
904
  # Creates a range form element.
882
905
  #
883
906
  # ==== Options
884
- # * Accepts the same options as number_field_tag.
907
+ #
908
+ # Supports the same options as #number_field_tag.
885
909
  def range_field_tag(name, value = nil, options = {})
886
910
  number_field_tag(name, value, options.merge(type: :range))
887
911
  end
888
912
 
889
- # Creates the hidden UTF8 enforcer tag. Override this method in a helper
913
+ # Creates the hidden UTF-8 enforcer tag. Override this method in a helper
890
914
  # to customize the tag.
891
915
  def utf8_enforcer_tag
892
916
  # Use raw HTML to ensure the value is written as an HTML entity; it
@@ -101,7 +101,7 @@ module ActionView
101
101
  # strip_tags("> A quote from Smith & Wesson")
102
102
  # # => &gt; A quote from Smith &amp; Wesson
103
103
  def strip_tags(html)
104
- self.class.full_sanitizer.sanitize(html)
104
+ self.class.full_sanitizer.sanitize(html)&.html_safe
105
105
  end
106
106
 
107
107
  # Strips all link tags from +html+ leaving just the link text.
@@ -90,7 +90,7 @@ module ActionView
90
90
 
91
91
  translated = ActiveSupport::HtmlSafeTranslation.translate(key, **options, default: default)
92
92
 
93
- break translated unless translated.equal?(MISSING_TRANSLATION)
93
+ break translated unless translated == MISSING_TRANSLATION
94
94
 
95
95
  if alternatives.present? && !alternatives.first.is_a?(Symbol)
96
96
  break alternatives.first && I18n.translate(**options, default: alternatives)
@@ -111,7 +111,7 @@ module ActionView
111
111
 
112
112
  # Delegates to <tt>I18n.localize</tt> with no additional functionality.
113
113
  #
114
- # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
114
+ # See https://www.rubydoc.info/gems/i18n/I18n/Backend/Base:localize
115
115
  # for more information.
116
116
  def localize(object, **options)
117
117
  I18n.localize(object, **options)
@@ -119,7 +119,7 @@ module ActionView
119
119
  alias :l :localize
120
120
 
121
121
  private
122
- MISSING_TRANSLATION = Object.new
122
+ MISSING_TRANSLATION = -(2**60)
123
123
  private_constant :MISSING_TRANSLATION
124
124
 
125
125
  NO_DEFAULT = [].freeze
@@ -47,6 +47,9 @@ module ActionView
47
47
  # <%= url_for(action: 'jump', anchor: 'tax&ship') %>
48
48
  # # => /testing/jump/#tax&ship
49
49
  #
50
+ # <%= url_for(Workshop) %>
51
+ # # => /workshops
52
+ #
50
53
  # <%= url_for(Workshop.new) %>
51
54
  # # relies on Workshop answering a persisted? call (and in this case returning false)
52
55
  # # => /workshops
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.3.1
4
+ version: 7.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-12 00:00:00.000000000 Z
11
+ date: 2022-09-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.0.3.1
19
+ version: 7.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.0.3.1
26
+ version: 7.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
92
92
  requirements:
93
93
  - - '='
94
94
  - !ruby/object:Gem::Version
95
- version: 7.0.3.1
95
+ version: 7.0.4
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 7.0.3.1
102
+ version: 7.0.4
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: activemodel
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 7.0.3.1
109
+ version: 7.0.4
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 7.0.3.1
116
+ version: 7.0.4
117
117
  description: Simple, battle-tested conventions and helpers for building web pages.
118
118
  email: david@loudthinking.com
119
119
  executables: []
@@ -246,10 +246,10 @@ licenses:
246
246
  - MIT
247
247
  metadata:
248
248
  bug_tracker_uri: https://github.com/rails/rails/issues
249
- changelog_uri: https://github.com/rails/rails/blob/v7.0.3.1/actionview/CHANGELOG.md
250
- documentation_uri: https://api.rubyonrails.org/v7.0.3.1/
249
+ changelog_uri: https://github.com/rails/rails/blob/v7.0.4/actionview/CHANGELOG.md
250
+ documentation_uri: https://api.rubyonrails.org/v7.0.4/
251
251
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
252
- source_code_uri: https://github.com/rails/rails/tree/v7.0.3.1/actionview
252
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.4/actionview
253
253
  rubygems_mfa_required: 'true'
254
254
  post_install_message:
255
255
  rdoc_options: []