actionview 7.0.3.1 → 7.0.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionview might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 618f7c799c845d78785f364b28e843e39f0f85d723119744e17eb604ee715020
4
- data.tar.gz: 0fa721ff131bbaeedc3e3d5147812ad6978327fec8b19c09ce6f56085dbd6e1c
3
+ metadata.gz: 9066694b3679ed86d9e2cbd1ce632e2319794fe24940bab92ec01b81d18e85de
4
+ data.tar.gz: e084e640d84b94de53a0d17b733bea452d45af6dd8f413b71a1dcbdcd3413423
5
5
  SHA512:
6
- metadata.gz: 29014bf89dcb9c07112cf96b7ec6c2ead159767865d2105badc530789d0ec5325f1ca30925e197828f312011ad7ba5d93f61a0377602c7d25460f421aca85bc4
7
- data.tar.gz: ed33e38b8ce72793a859f25f89c3efafc12d76f7fe00b11c32247e847d015be80941d7aa61e51509f7e5d055dc2121fd2ea59691663210af567ed1a30d5aedd8
6
+ metadata.gz: ec58c95da3048137a77cc78b13a230dd2ac562147c382e4d1bf89387dc503f29f8b523e33cd2815a9919264a73d9db6302e74ee4921908fb293b8599e008ebe9
7
+ data.tar.gz: '080c2f40c6b9062207d7710082f7cd30c32c19249b4943a7b51de3c274fe002ccf60fb6a24620c351c1ccd3db1d69cc48dcacb9e8bb67ace7362ade4eed704be'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,26 @@
1
+ ## Rails 7.0.4 (September 09, 2022) ##
2
+
3
+ * Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
4
+ `object_name` arguments. For example:
5
+
6
+ ```erb
7
+ <%= fields do |f| %>
8
+ <%= f.field_name :body %>
9
+ <% end %>
10
+ ```
11
+
12
+ *Sean Doyle*
13
+
14
+ * Strings returned from `strip_tags` are correctly tagged `html_safe?`
15
+
16
+ Because these strings contain no HTML elements and the basic entities are escaped, they are safe
17
+ to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
18
+ entities when being concatenated to a SafeBuffer during rendering.
19
+
20
+ Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
21
+
22
+ *Mike Dalessio*
23
+
1
24
  ## Rails 7.0.3.1 (July 12, 2022) ##
2
25
 
3
26
  * No changes.
@@ -9,8 +9,8 @@ module ActionView
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 0
12
- TINY = 3
13
- PRE = "1"
12
+ TINY = 4
13
+ PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -888,7 +888,7 @@ module ActionView
888
888
  def month_names
889
889
  @month_names ||= begin
890
890
  month_names = @options[:use_month_names] || translated_month_names
891
- month_names.unshift(nil) if month_names.size < 13
891
+ month_names = [nil, *month_names] if month_names.size < 13
892
892
  month_names
893
893
  end
894
894
  end
@@ -1438,10 +1438,12 @@ module ActionView
1438
1438
  # formatted by trying to call +strftime+ with "%H:%M" on the object's value.
1439
1439
  # It is also possible to override this by passing the "value" option.
1440
1440
  #
1441
- # === Options
1442
- # * Accepts same options as time_field_tag
1441
+ # ==== Options
1442
+ #
1443
+ # Supports the same options as FormTagHelper#time_field_tag.
1444
+ #
1445
+ # ==== Examples
1443
1446
  #
1444
- # === Example
1445
1447
  # time_field("task", "started_at")
1446
1448
  # # => <input id="task_started_at" name="task[started_at]" type="time" />
1447
1449
  #
@@ -1553,7 +1555,8 @@ module ActionView
1553
1555
  # Returns an input tag of type "number".
1554
1556
  #
1555
1557
  # ==== Options
1556
- # * Accepts same options as number_field_tag
1558
+ #
1559
+ # Supports the same options as FormTagHelper#number_field_tag.
1557
1560
  def number_field(object_name, method, options = {})
1558
1561
  Tags::NumberField.new(object_name, method, self, options).render
1559
1562
  end
@@ -1561,7 +1564,8 @@ module ActionView
1561
1564
  # Returns an input tag of type "range".
1562
1565
  #
1563
1566
  # ==== Options
1564
- # * Accepts same options as range_field_tag
1567
+ #
1568
+ # Supports the same options as FormTagHelper#range_field_tag.
1565
1569
  def range_field(object_name, method, options = {})
1566
1570
  Tags::RangeField.new(object_name, method, self, options).render
1567
1571
  end
@@ -131,7 +131,7 @@ module ActionView
131
131
 
132
132
  # a little duplication to construct fewer strings
133
133
  case
134
- when object_name.empty?
134
+ when object_name.blank?
135
135
  "#{method_name}#{names}#{multiple ? "[]" : ""}"
136
136
  when index
137
137
  "#{object_name}[#{index}][#{method_name}]#{names}#{multiple ? "[]" : ""}"
@@ -657,9 +657,11 @@ module ActionView
657
657
  # Creates a text field of type "color".
658
658
  #
659
659
  # ==== Options
660
- # * Accepts the same options as text_field_tag.
660
+ #
661
+ # Supports the same options as #text_field_tag.
661
662
  #
662
663
  # ==== Examples
664
+ #
663
665
  # color_field_tag 'name'
664
666
  # # => <input id="name" name="name" type="color" />
665
667
  #
@@ -678,9 +680,11 @@ module ActionView
678
680
  # Creates a text field of type "search".
679
681
  #
680
682
  # ==== Options
681
- # * Accepts the same options as text_field_tag.
683
+ #
684
+ # Supports the same options as #text_field_tag.
682
685
  #
683
686
  # ==== Examples
687
+ #
684
688
  # search_field_tag 'name'
685
689
  # # => <input id="name" name="name" type="search" />
686
690
  #
@@ -699,9 +703,11 @@ module ActionView
699
703
  # Creates a text field of type "tel".
700
704
  #
701
705
  # ==== Options
702
- # * Accepts the same options as text_field_tag.
706
+ #
707
+ # Supports the same options as #text_field_tag.
703
708
  #
704
709
  # ==== Examples
710
+ #
705
711
  # telephone_field_tag 'name'
706
712
  # # => <input id="name" name="name" type="tel" />
707
713
  #
@@ -721,9 +727,11 @@ module ActionView
721
727
  # Creates a text field of type "date".
722
728
  #
723
729
  # ==== Options
724
- # * Accepts the same options as text_field_tag.
730
+ #
731
+ # Supports the same options as #text_field_tag.
725
732
  #
726
733
  # ==== Examples
734
+ #
727
735
  # date_field_tag 'name'
728
736
  # # => <input id="name" name="name" type="date" />
729
737
  #
@@ -741,23 +749,27 @@ module ActionView
741
749
 
742
750
  # Creates a text field of type "time".
743
751
  #
744
- # === Options
752
+ # ==== Options
753
+ #
754
+ # Supports the same options as #text_field_tag. Additionally, supports:
755
+ #
745
756
  # * <tt>:min</tt> - The minimum acceptable value.
746
757
  # * <tt>:max</tt> - The maximum acceptable value.
747
758
  # * <tt>:step</tt> - The acceptable value granularity.
748
759
  # * <tt>:include_seconds</tt> - Include seconds and ms in the output timestamp format (true by default).
749
- # * Otherwise accepts the same options as text_field_tag.
750
760
  def time_field_tag(name, value = nil, options = {})
751
761
  text_field_tag(name, value, options.merge(type: :time))
752
762
  end
753
763
 
754
764
  # Creates a text field of type "datetime-local".
755
765
  #
756
- # === Options
766
+ # ==== Options
767
+ #
768
+ # Supports the same options as #text_field_tag. Additionally, supports:
769
+ #
757
770
  # * <tt>:min</tt> - The minimum acceptable value.
758
771
  # * <tt>:max</tt> - The maximum acceptable value.
759
772
  # * <tt>:step</tt> - The acceptable value granularity.
760
- # * Otherwise accepts the same options as text_field_tag.
761
773
  def datetime_field_tag(name, value = nil, options = {})
762
774
  text_field_tag(name, value, options.merge(type: "datetime-local"))
763
775
  end
@@ -766,22 +778,26 @@ module ActionView
766
778
 
767
779
  # Creates a text field of type "month".
768
780
  #
769
- # === Options
781
+ # ==== Options
782
+ #
783
+ # Supports the same options as #text_field_tag. Additionally, supports:
784
+ #
770
785
  # * <tt>:min</tt> - The minimum acceptable value.
771
786
  # * <tt>:max</tt> - The maximum acceptable value.
772
787
  # * <tt>:step</tt> - The acceptable value granularity.
773
- # * Otherwise accepts the same options as text_field_tag.
774
788
  def month_field_tag(name, value = nil, options = {})
775
789
  text_field_tag(name, value, options.merge(type: :month))
776
790
  end
777
791
 
778
792
  # Creates a text field of type "week".
779
793
  #
780
- # === Options
794
+ # ==== Options
795
+ #
796
+ # Supports the same options as #text_field_tag. Additionally, supports:
797
+ #
781
798
  # * <tt>:min</tt> - The minimum acceptable value.
782
799
  # * <tt>:max</tt> - The maximum acceptable value.
783
800
  # * <tt>:step</tt> - The acceptable value granularity.
784
- # * Otherwise accepts the same options as text_field_tag.
785
801
  def week_field_tag(name, value = nil, options = {})
786
802
  text_field_tag(name, value, options.merge(type: :week))
787
803
  end
@@ -789,9 +805,11 @@ module ActionView
789
805
  # Creates a text field of type "url".
790
806
  #
791
807
  # ==== Options
792
- # * Accepts the same options as text_field_tag.
808
+ #
809
+ # Supports the same options as #text_field_tag.
793
810
  #
794
811
  # ==== Examples
812
+ #
795
813
  # url_field_tag 'name'
796
814
  # # => <input id="name" name="name" type="url" />
797
815
  #
@@ -810,9 +828,11 @@ module ActionView
810
828
  # Creates a text field of type "email".
811
829
  #
812
830
  # ==== Options
813
- # * Accepts the same options as text_field_tag.
831
+ #
832
+ # Supports the same options as #text_field_tag.
814
833
  #
815
834
  # ==== Examples
835
+ #
816
836
  # email_field_tag 'name'
817
837
  # # => <input id="name" name="name" type="email" />
818
838
  #
@@ -831,15 +851,18 @@ module ActionView
831
851
  # Creates a number field.
832
852
  #
833
853
  # ==== Options
854
+ #
855
+ # Supports the same options as #text_field_tag. Additionally, supports:
856
+ #
834
857
  # * <tt>:min</tt> - The minimum acceptable value.
835
858
  # * <tt>:max</tt> - The maximum acceptable value.
836
859
  # * <tt>:in</tt> - A range specifying the <tt>:min</tt> and
837
860
  # <tt>:max</tt> values.
838
861
  # * <tt>:within</tt> - Same as <tt>:in</tt>.
839
862
  # * <tt>:step</tt> - The acceptable value granularity.
840
- # * Otherwise accepts the same options as text_field_tag.
841
863
  #
842
864
  # ==== Examples
865
+ #
843
866
  # number_field_tag 'quantity'
844
867
  # # => <input id="quantity" name="quantity" type="number" />
845
868
  #
@@ -881,12 +904,13 @@ module ActionView
881
904
  # Creates a range form element.
882
905
  #
883
906
  # ==== Options
884
- # * Accepts the same options as number_field_tag.
907
+ #
908
+ # Supports the same options as #number_field_tag.
885
909
  def range_field_tag(name, value = nil, options = {})
886
910
  number_field_tag(name, value, options.merge(type: :range))
887
911
  end
888
912
 
889
- # Creates the hidden UTF8 enforcer tag. Override this method in a helper
913
+ # Creates the hidden UTF-8 enforcer tag. Override this method in a helper
890
914
  # to customize the tag.
891
915
  def utf8_enforcer_tag
892
916
  # Use raw HTML to ensure the value is written as an HTML entity; it
@@ -101,7 +101,7 @@ module ActionView
101
101
  # strip_tags("> A quote from Smith & Wesson")
102
102
  # # => &gt; A quote from Smith &amp; Wesson
103
103
  def strip_tags(html)
104
- self.class.full_sanitizer.sanitize(html)
104
+ self.class.full_sanitizer.sanitize(html)&.html_safe
105
105
  end
106
106
 
107
107
  # Strips all link tags from +html+ leaving just the link text.
@@ -90,7 +90,7 @@ module ActionView
90
90
 
91
91
  translated = ActiveSupport::HtmlSafeTranslation.translate(key, **options, default: default)
92
92
 
93
- break translated unless translated.equal?(MISSING_TRANSLATION)
93
+ break translated unless translated == MISSING_TRANSLATION
94
94
 
95
95
  if alternatives.present? && !alternatives.first.is_a?(Symbol)
96
96
  break alternatives.first && I18n.translate(**options, default: alternatives)
@@ -111,7 +111,7 @@ module ActionView
111
111
 
112
112
  # Delegates to <tt>I18n.localize</tt> with no additional functionality.
113
113
  #
114
- # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
114
+ # See https://www.rubydoc.info/gems/i18n/I18n/Backend/Base:localize
115
115
  # for more information.
116
116
  def localize(object, **options)
117
117
  I18n.localize(object, **options)
@@ -119,7 +119,7 @@ module ActionView
119
119
  alias :l :localize
120
120
 
121
121
  private
122
- MISSING_TRANSLATION = Object.new
122
+ MISSING_TRANSLATION = -(2**60)
123
123
  private_constant :MISSING_TRANSLATION
124
124
 
125
125
  NO_DEFAULT = [].freeze
@@ -47,6 +47,9 @@ module ActionView
47
47
  # <%= url_for(action: 'jump', anchor: 'tax&ship') %>
48
48
  # # => /testing/jump/#tax&ship
49
49
  #
50
+ # <%= url_for(Workshop) %>
51
+ # # => /workshops
52
+ #
50
53
  # <%= url_for(Workshop.new) %>
51
54
  # # relies on Workshop answering a persisted? call (and in this case returning false)
52
55
  # # => /workshops
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.3.1
4
+ version: 7.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-12 00:00:00.000000000 Z
11
+ date: 2022-09-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.0.3.1
19
+ version: 7.0.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.0.3.1
26
+ version: 7.0.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
92
92
  requirements:
93
93
  - - '='
94
94
  - !ruby/object:Gem::Version
95
- version: 7.0.3.1
95
+ version: 7.0.4
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 7.0.3.1
102
+ version: 7.0.4
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: activemodel
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 7.0.3.1
109
+ version: 7.0.4
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 7.0.3.1
116
+ version: 7.0.4
117
117
  description: Simple, battle-tested conventions and helpers for building web pages.
118
118
  email: david@loudthinking.com
119
119
  executables: []
@@ -246,10 +246,10 @@ licenses:
246
246
  - MIT
247
247
  metadata:
248
248
  bug_tracker_uri: https://github.com/rails/rails/issues
249
- changelog_uri: https://github.com/rails/rails/blob/v7.0.3.1/actionview/CHANGELOG.md
250
- documentation_uri: https://api.rubyonrails.org/v7.0.3.1/
249
+ changelog_uri: https://github.com/rails/rails/blob/v7.0.4/actionview/CHANGELOG.md
250
+ documentation_uri: https://api.rubyonrails.org/v7.0.4/
251
251
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
252
- source_code_uri: https://github.com/rails/rails/tree/v7.0.3.1/actionview
252
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.4/actionview
253
253
  rubygems_mfa_required: 'true'
254
254
  post_install_message:
255
255
  rdoc_options: []