actionview 7.0.8.1 → 7.2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edd44fd0fda77cbf7800354655dc3c985e55979b180a35a161f40a82c56bebfb
-  data.tar.gz: 5af263ab3bb410273b10936ee078a361a5b71f92f7616d3934f6ec3287123ee9
+  metadata.gz: 129f00c083e1a4443010be161169e51eea090543c6618289968ed2cdb1c65c76
+  data.tar.gz: 568d88d12f7fc363958af2f8bf45308199dc0c221a05fafb9415a96b3eaddc8a
 SHA512:
-  metadata.gz: 45ceca59dcc1e0a91ea3916e0b8cef4b7f94bcd72e3ca89cf667a5df627635ee79fd0001b7c95d92589592adc274ee59f2456d676525ed03b7bf64b569db0f8b
-  data.tar.gz: e16e31bb3dfb7399916dc4baa35959d6c619bae4bec93bb7284dbf7c1eb7fb30c6d0e602786b2a12eb994ce5c91a77e6ebd7fe4184827502bc7c451513624a99
+  metadata.gz: de08bd40788b58e9ba6be2169a5ebbc39c6b4f1122d1564b64cf0a6af066f855d4a1ad2d1721ab849fde78ee87c496c61579afd59d1a3062dba6135b6652bee4
+  data.tar.gz: cf2f5461be068f0d96d287bbdabe2daf9b3d76a4e80c9db31041d9242f77986b1d5d6774d6db95f5f2b068cbce2161b13335891bfd86d271994d49321bc88733

data/CHANGELOG.md

@@ -1,498 +1,133 @@
-## Rails 7.0.8.1 (February 21, 2024) ##
+## Rails 7.2.2.1 (December 10, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8 (September 09, 2023) ##
-
-*   Fix `form_for` missing the hidden `_method` input for models with a
-    namespaced route.
-
-    *Hartley McGuire*
-
-*   Fix `render collection: @records, cache: true` inside `jbuilder` templates
-
-    The previous fix that shipped in `7.0.7` assumed template fragments are always strings,
-    this isn't true with `jbuilder`.
-
-    *Jean Boussier*
-
-## Rails 7.0.7.2 (August 22, 2023) ##
+## Rails 7.2.2 (October 30, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.7.1 (August 22, 2023) ##
+## Rails 7.2.1.2 (October 23, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.7 (August 09, 2023) ##
-
-*   Fix `render collection: @records, cache: true` to cache fragments as bare strings
-
-    Previously it would incorrectly cache them as Action View buffers.
-
-    *Jean Boussier*
-
-*   Don't double-encode nested `field_id` and `field_name` index values
-
-    Pass `index: @options` as a default keyword argument to `field_id` and
-    `field_name` view helper methods.
-
-    *Sean Doyle*
-
-
-## Rails 7.0.6 (June 29, 2023) ##
+## Rails 7.2.1.1 (October 15, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.5.1 (June 26, 2023) ##
+## Rails 7.2.1 (August 22, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.5 (May 24, 2023) ##
+## Rails 7.2.0 (August 09, 2024) ##
 
-*   `FormBuilder#id` finds id set by `form_for` and `form_with`.
+*   Fix templates with strict locals to also include `local_assigns`.
 
-    *Matt Polito*
+    Previously templates defining strict locals wouldn't receive the `local_assigns`
+    hash.
 
-*   Allow all available locales for template lookups.
-
-    *Ben Dilley*
+    *Jean Boussier*
 
-*   Choices of `select` can optionally contain html attributes as the last element
-    of the child arrays when using grouped/nested collections
+*   Add queries count to template rendering instrumentation.
 
-    ```erb
-    <%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
-    # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
     ```
+    # Before
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms | Allocations: 112788)
 
-    *Chris Gunther*
-
-
-## Rails 7.0.4.3 (March 13, 2023) ##
-
-*   Ignore certain data-* attributes in rails-ujs when element is contenteditable
-
-    [CVE-2023-23913]
-
-
-## Rails 7.0.4.2 (January 24, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4.1 (January 17, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4 (September 09, 2022) ##
-
-*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
-    `object_name` arguments. For example:
-
-    ```erb
-    <%= fields do |f| %>
-      <%= f.field_name :body %>
-    <% end %>
+    # After
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms (2 queries, 1 cached) | Allocations: 112788)
     ```
 
-    *Sean Doyle*
-
-*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
-
-    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
-    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
-    entities when being concatenated to a SafeBuffer during rendering.
-
-    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
-
-    *Mike Dalessio*
-
-## Rails 7.0.3.1 (July 12, 2022) ##
-
-*   No changes.
-
+    *fatkodima*
 
-## Rails 7.0.3 (May 09, 2022) ##
-
-*   Ensure models passed to `form_for` attempt to call `to_model`.
+*   Raise `ArgumentError` if `:renderable` object does not respond to `#render_in`.
 
     *Sean Doyle*
 
-## Rails 7.0.2.4 (April 26, 2022) ##
-
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
-
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
-
-    *Álvaro Martín Fraguas*
-
-## Rails 7.0.2.3 (March 08, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2.2 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2.1 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2 (February 08, 2022) ##
-
-*   Ensure `preload_link_tag` preloads JavaScript modules correctly.
-
-    *Máximo Mussini*
-
-*   Fix `stylesheet_link_tag` and similar helpers are being used to work in objects with
-    a `response` method.
-
-    *dark-panda*
-
-
-## Rails 7.0.1 (January 06, 2022) ##
+*   Add the `nonce: true` option for `stylesheet_link_tag` helper to support automatic nonce generation for Content Security Policy.
 
-*   Fix `button_to` to work with a hash parameter as URL.
+    Works the same way as `javascript_include_tag nonce: true` does.
 
-    *MingyuanQin*
+    *Akhil G Krishnan*, *AJ Esler*
 
-*   Fix `link_to` with a model passed as an argument twice.
-
-    *Alex Ghiculescu*
-
-
-## Rails 7.0.0 (December 15, 2021) ##
-
-*   Support `include_hidden:` option in calls to
-    `ActionView::Helper::FormBuilder#file_field` with `multiple: true` to
-    support submitting an empty collection of files.
-
-    ```ruby
-    form.file_field :attachments, multiple: true
-    # => <input type="hidden" autocomplete="off" name="post[attachments][]" value="">
-         <input type="file" multiple="multiple" id="post_attachments" name="post[attachments][]">
-
-    form.file_field :attachments, multiple: true, include_hidden: false
-    # => <input type="file" multiple="multiple" id="post_attachments" name="post[attachments][]">
-    ```
+*   Parse `ActionView::TestCase#rendered` HTML content as `Nokogiri::XML::DocumentFragment` instead of `Nokogiri::XML::Document`.
 
     *Sean Doyle*
 
-*   Fix `number_with_precision(raise: true)` always raising even on valid numbers.
-
-    *Pedro Moreira*
-
-
-## Rails 7.0.0.rc3 (December 14, 2021) ##
+*   Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
 
-*   No changes.
-
-
-## Rails 7.0.0.rc2 (December 14, 2021) ##
-
-*   No changes.
-
-## Rails 7.0.0.rc1 (December 06, 2021) ##
-
-*   Support `fields model: [@nested, @model]` the same way as `form_with model:
-    [@nested, @model]`.
+    Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`
 
     *Sean Doyle*
 
-*   Infer HTTP verb `[method]` from a model or Array with model as the first
-    argument to `button_to` when combined with a block:
+*   Deprecate passing `nil` as value for the `model:` argument to the `form_with` method.
 
-    ```ruby
-    button_to(Workshop.find(1)){ "Update" }
-    #=> <form method="post" action="/workshops/1" class="button_to">
-    #=>   <input type="hidden" name="_method" value="patch" autocomplete="off" />
-    #=>   <button type="submit">Update</button>
-    #=> </form>
-
-    button_to([ Workshop.find(1), Session.find(1) ]) { "Update" }
-    #=> <form method="post" action="/workshops/1/sessions/1" class="button_to">
-    #=>   <input type="hidden" name="_method" value="patch" autocomplete="off" />
-    #=>   <button type="submit">Update</button>
-    #=> </form>
-    ```
-
-    *Sean Doyle*
+    *Collin Jilbert*
 
-*   Support passing a Symbol as the first argument to `FormBuilder#button`:
-
-    ```ruby
-    form.button(:draft, value: true)
-    # => <button name="post[draft]" value="true" type="submit">Create post</button>
-
-    form.button(:draft, value: true) do
-      content_tag(:strong, "Save as draft")
-    end
-    # =>  <button name="post[draft]" value="true" type="submit">
-    #       <strong>Save as draft</strong>
-    #     </button>
-    ```
-
-    *Sean Doyle*
-
-*   Introduce the `field_name` view helper, along with the
-    `FormBuilder#field_name` counterpart:
-
-    ```ruby
-    form_for @post do |f|
-      f.field_tag :tag, name: f.field_name(:tag, multiple: true)
-      # => <input type="text" name="post[tag][]">
-    end
-    ```
-
-    *Sean Doyle*
-
-*   Execute the `ActionView::Base.field_error_proc` within the context of the
-    `ActionView::Base` instance:
-
-    ```ruby
-    config.action_view.field_error_proc = proc { |html| content_tag(:div, html, class: "field_with_errors") }
-    ```
-
-    *Sean Doyle*
-
-*   Add support for `button_to ..., authenticity_token: false`
-
-    ```ruby
-    button_to "Create", Post.new, authenticity_token: false
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button></form>
-
-    button_to "Create", Post.new, authenticity_token: true
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button><input type="hidden" name="form_token" value="abc123..." autocomplete="off" /></form>
-
-    button_to "Create", Post.new, authenticity_token: "secret"
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button><input type="hidden" name="form_token" value="secret" autocomplete="off" /></form>
-    ```
+*   Alias `field_set_tag` helper to `fieldset_tag` to match `<fieldset>` element.
 
     *Sean Doyle*
 
-*   Support rendering `<form>` elements _without_ `[action]` attributes by:
-
-    * `form_with url: false` or `form_with ..., html: { action: false }`
-    * `form_for ..., url: false` or `form_for ..., html: { action: false }`
-    * `form_tag false` or `form_tag ..., action: false`
-    * `button_to "...", false` or `button_to(false) { ... }`
-
-    *Sean Doyle*
-
-*   Add `:day_format` option to `date_select`
-
-        date_select("article", "written_on", day_format: ->(day) { day.ordinalize })
-        # generates day options like <option value="1">1st</option>\n<option value="2">2nd</option>...
-
-    *Shunichi Ikegami*
-
-*   Allow `link_to` helper to infer link name from `Model#to_s` when it
-    is used with a single argument:
-
-        link_to @profile
-        #=> <a href="/profiles/1">Eileen</a>
-
-    This assumes the model class implements a `to_s` method like this:
-
-        class Profile < ApplicationRecord
-          # ...
-          def to_s
-            name
-          end
-        end
-
-    Previously you had to supply a second argument even if the `Profile`
-    model implemented a `#to_s` method that called the `name` method.
-
-        link_to @profile, @profile.name
-        #=> <a href="/profiles/1">Eileen</a>
-
-    *Olivier Lacan*
-
-*   Support svg unpaired tags for `tag` helper.
-
-        tag.svg { tag.use('href' => "#cool-icon") }
-        # => <svg><use href="#cool-icon"></svg>
-
-    *Oleksii Vasyliev*
-
-
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
-
-*   No changes.
-
-
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
+*   Deprecate passing content to void elements when using `tag.br` type tag builders.
 
-*   Improves the performance of ActionView::Helpers::NumberHelper formatters by avoiding the use of
-    exceptions as flow control.
-
-    *Mike Dalessio*
-
-*   `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG.
-
-    *Nate Berkopec*
-
-*   Add `weekday_options_for_select` and `weekday_select` helper methods. Also adds `weekday_select` to `FormBuilder`.
-
-    *Drew Bragg*, *Dana Kashubeck*, *Kasper Timm Hansen*
-
-*   Add `caching?` helper that returns whether the current code path is being cached and `uncacheable!` to denote helper methods that can't participate in fragment caching.
-
-    *Ben Toews*, *John Hawthorn*, *Kasper Timm Hansen*, *Joel Hawksley*
-
-*   Add `include_seconds` option for `time_field`.
+    *Hartley McGuire*
 
-        <%= form.time_field :foo, include_seconds: false %>
-        # => <input value="16:22" type="time" />
+*   Fix the `number_to_human_size` view helper to correctly work with negative numbers.
 
-    Default includes seconds:
+    *Earlopain*
 
-        <%= form.time_field :foo %>
-        # => <input value="16:22:01.440" type="time" />
+*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them.
 
-    This allows you to take advantage of [different rendering options](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/time#time_value_format) in some browsers.
+    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
 
-    *Alex Ghiculescu*
+    Now they are only passed if the template will actually accept them.
 
-*   Improve error messages when template file does not exist at absolute filepath.
+    *Yasha Krasnou*, *Jean Boussier*
 
-    *Ted Whang*
+*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers.
 
-*   Add `:country_code` option to `sms_to` for consistency with `phone_to`.
+    *Hartley McGuire*, *Ryunosuke Sato*
 
-    *Jonathan Hefner*
+*   Fix the `capture` view helper compatibility with HAML and Slim.
 
-*   OpenSSL constants are now used for Digest computations.
+    When a blank string was captured in HAML or Slim (and possibly other template engines)
+    it would instead return the entire buffer.
 
-    *Dirkjan Bussink*
+    *Jean Boussier*
 
-*   The `translate` helper now passes `default` values that aren't
-    translation keys through `I18n.translate` for interpolation.
+*   Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
 
-    *Jonathan Hefner*
+    This fix was already landed in >= 7.0.4.3, < 7.1.0.
+    [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
 
-*   Adds option `extname` to `stylesheet_link_tag` to skip default
-    `.css` extension appended to the stylesheet path.
+    *Ryunosuke Sato*
 
-    Before:
+*   Added validation for HTML tag names in the `tag` and `content_tag` helper method.
 
-    ```ruby
-    stylesheet_link_tag "style.less"
-    # <link href="/stylesheets/style.less.scss" rel="stylesheet">
-    ```
+    The `tag` and `content_tag` method now checks that the provided tag name adheres to the HTML
+    specification. If an invalid HTML tag name is provided, the method raises an `ArgumentError`
+    with an appropriate error message.
 
-    After:
+    Examples:
 
     ```ruby
-    stylesheet_link_tag "style.less", extname: false, skip_pipeline: true, rel: "stylesheet/less"
-    # <link href="/stylesheets/style.less" rel="stylesheet/less">
-    ```
-
-    *Abhay Nikam*
-
-*   Deprecate `render` locals to be assigned to instance variables.
-
-    *Petrik de Heus*
-
-*   Remove legacy default `media=screen` from `stylesheet_link_tag`.
-
-    *André Luis Leal Cardoso Junior*
-
-*   Change `ActionView::Helpers::FormBuilder#button` to transform `formmethod`
-    attributes into `_method="$VERB"` Form Data to enable varied same-form actions:
-
-        <%= form_with model: post, method: :put do %>
-          <%= form.button "Update" %>
-          <%= form.button "Delete", formmethod: :delete %>
-        <% end %>
-        <%# => <form action="posts/1">
-            =>   <input type="hidden" name="_method" value="put">
-            =>   <button type="submit">Update</button>
-            =>   <button type="submit" formmethod="post" name="_method" value="delete">Delete</button>
-            => </form>
-        %>
-
-    *Sean Doyle*
+    # Raises ArgumentError: Invalid HTML5 tag name: 12p
+    content_tag("12p") # Starting with a number
 
-*   Change `ActionView::Helpers::UrlHelper#button_to` to *always* render a
-    `<button>` element, regardless of whether or not the content is passed as
-    the first argument or as a block.
+    # Raises ArgumentError: Invalid HTML5 tag name: ""
+    content_tag("") # Empty tag name
 
-        <%= button_to "Delete", post_path(@post), method: :delete %>
-        # => <form action="/posts/1"><input type="hidden" name="_method" value="delete"><button type="submit">Delete</button></form>
+    # Raises ArgumentError: Invalid HTML5 tag name: div/
+    tag("div/") # Contains a solidus
 
-        <%= button_to post_path(@post), method: :delete do %>
-          Delete
-        <% end %>
-        # => <form action="/posts/1"><input type="hidden" name="_method" value="delete"><button type="submit">Delete</button></form>
-
-    *Sean Doyle*, *Dusan Orlovic*
-
-*   Add `config.action_view.preload_links_header` to allow disabling of
-    the `Link` header being added by default when using `stylesheet_link_tag`
-    and `javascript_include_tag`.
-
-    *Andrew White*
-
-*   The `translate` helper now resolves `default` values when a `nil` key is
-    specified, instead of always returning `nil`.
-
-    *Jonathan Hefner*
-
-*   Add `config.action_view.image_loading` to configure the default value of
-    the `image_tag` `:loading` option.
-
-    By setting `config.action_view.image_loading = "lazy"`, an application can opt in to
-    lazy loading images sitewide, without changing view code.
-
-    *Jonathan Hefner*
-
-*   `ActionView::Helpers::FormBuilder#id` returns the value
-    of the `<form>` element's `id` attribute. With a `method` argument, returns
-    the `id` attribute for a form field with that name.
-
-        <%= form_for @post do |f| %>
-          <%# ... %>
-
-          <% content_for :sticky_footer do %>
-            <%= form.button(form: f.id) %>
-          <% end %>
-        <% end %>
-
-    *Sean Doyle*
-
-*   `ActionView::Helpers::FormBuilder#field_id` returns the value generated by
-    the FormBuilder for the given attribute name.
-
-        <%= form_for @post do |f| %>
-          <%= f.label :title %>
-          <%= f.text_field :title, aria: { describedby: f.field_id(:title, :error) } %>
-          <%= tag.span("is blank", id: f.field_id(:title, :error) %>
-        <% end %>
-
-    *Sean Doyle*
-
-*   Add `tag.attributes` to transform a Hash into HTML Attributes, ready to be
-    interpolated into ERB.
-
-        <input <%= tag.attributes(type: :text, aria: { label: "Search" }) %> >
-        # => <input type="text" aria-label="Search">
-
-    *Sean Doyle*
+    # Raises ArgumentError: Invalid HTML5 tag name: "image file"
+    tag("image file") # Contains a space
+    ```
 
+    *Akhil G Krishnan*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionview/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2022 David Heinemeier Hansson
+Copyright (c) David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -5,7 +5,7 @@ view helpers that assist when building HTML forms, Atom feeds and more.
 Template formats that Action View handles are ERB (embedded Ruby, typically
 used to inline short Ruby snippets inside HTML), and XML Builder.
 
-You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
+You can read more about Action View in the {Action View Overview}[https://guides.rubyonrails.org/action_view_overview.html] guide.
 
 == Download and installation