actionview 7.0.3.1 → 7.0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 618f7c799c845d78785f364b28e843e39f0f85d723119744e17eb604ee715020
-  data.tar.gz: 0fa721ff131bbaeedc3e3d5147812ad6978327fec8b19c09ce6f56085dbd6e1c
+  metadata.gz: 38a00cdee9051217e32ba54c879f068a00394e7da0e776947302d7d854b5c532
+  data.tar.gz: cf3061e644b9cc533c57008dc3c7a7c0808ed697b98a38642b9fd418371b0e3b
 SHA512:
-  metadata.gz: 29014bf89dcb9c07112cf96b7ec6c2ead159767865d2105badc530789d0ec5325f1ca30925e197828f312011ad7ba5d93f61a0377602c7d25460f421aca85bc4
-  data.tar.gz: ed33e38b8ce72793a859f25f89c3efafc12d76f7fe00b11c32247e847d015be80941d7aa61e51509f7e5d055dc2121fd2ea59691663210af567ed1a30d5aedd8
+  metadata.gz: 575caeb15a77e353d10b27adbb78616faead346a68ce8729364bf0c2310aa3969cd74e1240126df015eaffa0252c0541039c6efeb989af22481f0e0362306667
+  data.tar.gz: 809d4ce39a33b0ddf53177a23164b1aaf752797ac43a6f7617ef2888532a6469aadd276e9ec06d11bb33c308b0b50e541bb9c4799c56d92a8641458814e127d9

data/CHANGELOG.md

@@ -1,3 +1,31 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   No changes.
+
+
+## Rails 7.0.4 (September 09, 2022) ##
+
+*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
+    `object_name` arguments. For example:
+
+    ```erb
+    <%= fields do |f| %>
+      <%= f.field_name :body %>
+    <% end %>
+    ```
+
+    *Sean Doyle*
+
+*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
+
+    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
+    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
+    entities when being concatenated to a SafeBuffer during rendering.
+
+    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
+
+    *Mike Dalessio*
+
 ## Rails 7.0.3.1 (July 12, 2022) ##
 
 *   No changes.

data/lib/action_view/gem_version.rb

@@ -9,7 +9,7 @@ module ActionView
   module VERSION
     MAJOR = 7
     MINOR = 0
-    TINY  = 3
+    TINY  = 4
     PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/action_view/helpers/date_helper.rb

@@ -888,7 +888,7 @@ module ActionView
         def month_names
           @month_names ||= begin
             month_names = @options[:use_month_names] || translated_month_names
-            month_names.unshift(nil) if month_names.size < 13
+            month_names = [nil, *month_names] if month_names.size < 13
             month_names
           end
         end

data/lib/action_view/helpers/form_helper.rb

@@ -1438,10 +1438,12 @@ module ActionView
       # formatted by trying to call +strftime+ with "%H:%M" on the object's value.
       # It is also possible to override this by passing the "value" option.
       #
-      # === Options
-      # * Accepts same options as time_field_tag
+      # ==== Options
+      #
+      # Supports the same options as FormTagHelper#time_field_tag.
+      #
+      # ==== Examples
       #
-      # === Example
       #   time_field("task", "started_at")
       #   # => <input id="task_started_at" name="task[started_at]" type="time" />
       #
@@ -1553,7 +1555,8 @@ module ActionView
       # Returns an input tag of type "number".
       #
       # ==== Options
-      # * Accepts same options as number_field_tag
+      #
+      # Supports the same options as FormTagHelper#number_field_tag.
       def number_field(object_name, method, options = {})
         Tags::NumberField.new(object_name, method, self, options).render
       end
@@ -1561,7 +1564,8 @@ module ActionView
       # Returns an input tag of type "range".
       #
       # ==== Options
-      # * Accepts same options as range_field_tag
+      #
+      # Supports the same options as FormTagHelper#range_field_tag.
       def range_field(object_name, method, options = {})
         Tags::RangeField.new(object_name, method, self, options).render
       end

data/lib/action_view/helpers/form_tag_helper.rb

@@ -131,7 +131,7 @@ module ActionView
 
         # a little duplication to construct fewer strings
         case
-        when object_name.empty?
+        when object_name.blank?
           "#{method_name}#{names}#{multiple ? "[]" : ""}"
         when index
           "#{object_name}[#{index}][#{method_name}]#{names}#{multiple ? "[]" : ""}"
@@ -657,9 +657,11 @@ module ActionView
       # Creates a text field of type "color".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   color_field_tag 'name'
       #   # => <input id="name" name="name" type="color" />
       #
@@ -678,9 +680,11 @@ module ActionView
       # Creates a text field of type "search".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   search_field_tag 'name'
       #   # => <input id="name" name="name" type="search" />
       #
@@ -699,9 +703,11 @@ module ActionView
       # Creates a text field of type "tel".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   telephone_field_tag 'name'
       #   # => <input id="name" name="name" type="tel" />
       #
@@ -721,9 +727,11 @@ module ActionView
       # Creates a text field of type "date".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   date_field_tag 'name'
       #   # => <input id="name" name="name" type="date" />
       #
@@ -741,23 +749,27 @@ module ActionView
 
       # Creates a text field of type "time".
       #
-      # === Options
+      # ==== Options
+      #
+      # Supports the same options as #text_field_tag. Additionally, supports:
+      #
       # * <tt>:min</tt> - The minimum acceptable value.
       # * <tt>:max</tt> - The maximum acceptable value.
       # * <tt>:step</tt> - The acceptable value granularity.
       # * <tt>:include_seconds</tt> - Include seconds and ms in the output timestamp format (true by default).
-      # * Otherwise accepts the same options as text_field_tag.
       def time_field_tag(name, value = nil, options = {})
         text_field_tag(name, value, options.merge(type: :time))
       end
 
       # Creates a text field of type "datetime-local".
       #
-      # === Options
+      # ==== Options
+      #
+      # Supports the same options as #text_field_tag. Additionally, supports:
+      #
       # * <tt>:min</tt> - The minimum acceptable value.
       # * <tt>:max</tt> - The maximum acceptable value.
       # * <tt>:step</tt> - The acceptable value granularity.
-      # * Otherwise accepts the same options as text_field_tag.
       def datetime_field_tag(name, value = nil, options = {})
         text_field_tag(name, value, options.merge(type: "datetime-local"))
       end
@@ -766,22 +778,26 @@ module ActionView
 
       # Creates a text field of type "month".
       #
-      # === Options
+      # ==== Options
+      #
+      # Supports the same options as #text_field_tag. Additionally, supports:
+      #
       # * <tt>:min</tt> - The minimum acceptable value.
       # * <tt>:max</tt> - The maximum acceptable value.
       # * <tt>:step</tt> - The acceptable value granularity.
-      # * Otherwise accepts the same options as text_field_tag.
       def month_field_tag(name, value = nil, options = {})
         text_field_tag(name, value, options.merge(type: :month))
       end
 
       # Creates a text field of type "week".
       #
-      # === Options
+      # ==== Options
+      #
+      # Supports the same options as #text_field_tag. Additionally, supports:
+      #
       # * <tt>:min</tt> - The minimum acceptable value.
       # * <tt>:max</tt> - The maximum acceptable value.
       # * <tt>:step</tt> - The acceptable value granularity.
-      # * Otherwise accepts the same options as text_field_tag.
       def week_field_tag(name, value = nil, options = {})
         text_field_tag(name, value, options.merge(type: :week))
       end
@@ -789,9 +805,11 @@ module ActionView
       # Creates a text field of type "url".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   url_field_tag 'name'
       #   # => <input id="name" name="name" type="url" />
       #
@@ -810,9 +828,11 @@ module ActionView
       # Creates a text field of type "email".
       #
       # ==== Options
-      # * Accepts the same options as text_field_tag.
+      #
+      # Supports the same options as #text_field_tag.
       #
       # ==== Examples
+      #
       #   email_field_tag 'name'
       #   # => <input id="name" name="name" type="email" />
       #
@@ -831,15 +851,18 @@ module ActionView
       # Creates a number field.
       #
       # ==== Options
+      #
+      # Supports the same options as #text_field_tag. Additionally, supports:
+      #
       # * <tt>:min</tt> - The minimum acceptable value.
       # * <tt>:max</tt> - The maximum acceptable value.
       # * <tt>:in</tt> - A range specifying the <tt>:min</tt> and
       #   <tt>:max</tt> values.
       # * <tt>:within</tt> - Same as <tt>:in</tt>.
       # * <tt>:step</tt> - The acceptable value granularity.
-      # * Otherwise accepts the same options as text_field_tag.
       #
       # ==== Examples
+      #
       #   number_field_tag 'quantity'
       #   # => <input id="quantity" name="quantity" type="number" />
       #
@@ -881,12 +904,13 @@ module ActionView
       # Creates a range form element.
       #
       # ==== Options
-      # * Accepts the same options as number_field_tag.
+      #
+      # Supports the same options as #number_field_tag.
       def range_field_tag(name, value = nil, options = {})
         number_field_tag(name, value, options.merge(type: :range))
       end
 
-      # Creates the hidden UTF8 enforcer tag. Override this method in a helper
+      # Creates the hidden UTF-8 enforcer tag. Override this method in a helper
       # to customize the tag.
       def utf8_enforcer_tag
         # Use raw HTML to ensure the value is written as an HTML entity; it

data/lib/action_view/helpers/sanitize_helper.rb

@@ -101,7 +101,7 @@ module ActionView
       #   strip_tags("> A quote from Smith & Wesson")
       #   # => > A quote from Smith & Wesson
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html)
+        self.class.full_sanitizer.sanitize(html)&.html_safe
       end
 
       # Strips all link tags from +html+ leaving just the link text.

data/lib/action_view/helpers/translation_helper.rb

@@ -90,7 +90,7 @@ module ActionView
 
           translated = ActiveSupport::HtmlSafeTranslation.translate(key, **options, default: default)
 
-          break translated unless translated.equal?(MISSING_TRANSLATION)
+          break translated unless translated == MISSING_TRANSLATION
 
           if alternatives.present? && !alternatives.first.is_a?(Symbol)
             break alternatives.first && I18n.translate(**options, default: alternatives)
@@ -111,7 +111,7 @@ module ActionView
 
       # Delegates to <tt>I18n.localize</tt> with no additional functionality.
       #
-      # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
+      # See https://www.rubydoc.info/gems/i18n/I18n/Backend/Base:localize
       # for more information.
       def localize(object, **options)
         I18n.localize(object, **options)
@@ -119,7 +119,7 @@ module ActionView
       alias :l :localize
 
       private
-        MISSING_TRANSLATION = Object.new
+        MISSING_TRANSLATION = -(2**60)
         private_constant :MISSING_TRANSLATION
 
         NO_DEFAULT = [].freeze

data/lib/action_view/routing_url_for.rb

@@ -47,6 +47,9 @@ module ActionView
     #   <%= url_for(action: 'jump', anchor: 'tax&ship') %>
     #   # => /testing/jump/#tax&ship
     #
+    #   <%= url_for(Workshop) %>
+    #   # => /workshops
+    #
     #   <%= url_for(Workshop.new) %>
     #   # relies on Workshop answering a persisted? call (and in this case returning false)
     #   # => /workshops

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 7.0.3.1
+  version: 7.0.4.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-12 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.3.1
+        version: 7.0.4.1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -246,10 +246,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.3.1/actionview/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.3.1/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.4.1/actionview/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.4.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.3.1/actionview
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.4.1/actionview
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -267,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.3.3
+rubygems_version: 3.4.3
 signing_key:
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).