actionview 7.0.8.7 → 7.2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 260f78eab34efacb71842d6c4b079988737610f836d2d97c9efa1a401b72d9ba
-  data.tar.gz: 69af103e73747bf09f3b34e8811acd4a50c8706576a3cd0068fedc37a35b3204
+  metadata.gz: 129f00c083e1a4443010be161169e51eea090543c6618289968ed2cdb1c65c76
+  data.tar.gz: 568d88d12f7fc363958af2f8bf45308199dc0c221a05fafb9415a96b3eaddc8a
 SHA512:
-  metadata.gz: 3b49294ecae83e2bb2ec8c959a689ba8b4ac20dc6cc9d5dbd6866ac67fa57fee77602f622e50ce37998c331358f3b6e502ff0d42c3dc8c0daed7c45bb52df4d8
-  data.tar.gz: b82a45236cf14c07945c758f4bb9023fc98930d6be157001f93ba6bed4cf446763c05a1a354daef1f4a0098ec4b59402b6933186b5a8f09f57a1baea28c69b13
+  metadata.gz: de08bd40788b58e9ba6be2169a5ebbc39c6b4f1122d1564b64cf0a6af066f855d4a1ad2d1721ab849fde78ee87c496c61579afd59d1a3062dba6135b6652bee4
+  data.tar.gz: cf2f5461be068f0d96d287bbdabe2daf9b3d76a4e80c9db31041d9242f77986b1d5d6774d6db95f5f2b068cbce2161b13335891bfd86d271994d49321bc88733

data/CHANGELOG.md

@@ -1,528 +1,133 @@
-## Rails 7.0.8.7 (December 10, 2024) ##
+## Rails 7.2.2.1 (December 10, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.6 (October 23, 2024) ##
+## Rails 7.2.2 (October 30, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.5 (October 15, 2024) ##
+## Rails 7.2.1.2 (October 23, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.4 (June 04, 2024) ##
+## Rails 7.2.1.1 (October 15, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.3 (May 17, 2024) ##
+## Rails 7.2.1 (August 22, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.0.8.2 (May 16, 2024) ##
+## Rails 7.2.0 (August 09, 2024) ##
 
-*   No changes.
-
-
-## Rails 7.0.8.1 (February 21, 2024) ##
-
-*   No changes.
-
-
-## Rails 7.0.8 (September 09, 2023) ##
-
-*   Fix `form_for` missing the hidden `_method` input for models with a
-    namespaced route.
-
-    *Hartley McGuire*
-
-*   Fix `render collection: @records, cache: true` inside `jbuilder` templates
-
-    The previous fix that shipped in `7.0.7` assumed template fragments are always strings,
-    this isn't true with `jbuilder`.
-
-    *Jean Boussier*
-
-## Rails 7.0.7.2 (August 22, 2023) ##
-
-*   No changes.
+*   Fix templates with strict locals to also include `local_assigns`.
 
-
-## Rails 7.0.7.1 (August 22, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.7 (August 09, 2023) ##
-
-*   Fix `render collection: @records, cache: true` to cache fragments as bare strings
-
-    Previously it would incorrectly cache them as Action View buffers.
+    Previously templates defining strict locals wouldn't receive the `local_assigns`
+    hash.
 
     *Jean Boussier*
 
-*   Don't double-encode nested `field_id` and `field_name` index values
-
-    Pass `index: @options` as a default keyword argument to `field_id` and
-    `field_name` view helper methods.
+*   Add queries count to template rendering instrumentation.
 
-    *Sean Doyle*
-
-
-## Rails 7.0.6 (June 29, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.5.1 (June 26, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.5 (May 24, 2023) ##
-
-*   `FormBuilder#id` finds id set by `form_for` and `form_with`.
-
-    *Matt Polito*
-
-*   Allow all available locales for template lookups.
-
-    *Ben Dilley*
-
-*   Choices of `select` can optionally contain html attributes as the last element
-    of the child arrays when using grouped/nested collections
-
-    ```erb
-    <%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
-    # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
     ```
+    # Before
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms | Allocations: 112788)
 
-    *Chris Gunther*
-
-
-## Rails 7.0.4.3 (March 13, 2023) ##
-
-*   Ignore certain data-* attributes in rails-ujs when element is contenteditable
-
-    [CVE-2023-23913]
-
-
-## Rails 7.0.4.2 (January 24, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4.1 (January 17, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.0.4 (September 09, 2022) ##
-
-*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
-    `object_name` arguments. For example:
-
-    ```erb
-    <%= fields do |f| %>
-      <%= f.field_name :body %>
-    <% end %>
+    # After
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms (2 queries, 1 cached) | Allocations: 112788)
     ```
 
-    *Sean Doyle*
-
-*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
-
-    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
-    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
-    entities when being concatenated to a SafeBuffer during rendering.
+    *fatkodima*
 
-    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
-
-    *Mike Dalessio*
-
-## Rails 7.0.3.1 (July 12, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.3 (May 09, 2022) ##
-
-*   Ensure models passed to `form_for` attempt to call `to_model`.
+*   Raise `ArgumentError` if `:renderable` object does not respond to `#render_in`.
 
     *Sean Doyle*
 
-## Rails 7.0.2.4 (April 26, 2022) ##
-
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
-
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
-
-    *Álvaro Martín Fraguas*
-
-## Rails 7.0.2.3 (March 08, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2.2 (February 11, 2022) ##
+*   Add the `nonce: true` option for `stylesheet_link_tag` helper to support automatic nonce generation for Content Security Policy.
 
-*   No changes.
-
-
-## Rails 7.0.2.1 (February 11, 2022) ##
-
-*   No changes.
-
-
-## Rails 7.0.2 (February 08, 2022) ##
-
-*   Ensure `preload_link_tag` preloads JavaScript modules correctly.
-
-    *Máximo Mussini*
-
-*   Fix `stylesheet_link_tag` and similar helpers are being used to work in objects with
-    a `response` method.
-
-    *dark-panda*
-
-
-## Rails 7.0.1 (January 06, 2022) ##
+    Works the same way as `javascript_include_tag nonce: true` does.
 
-*   Fix `button_to` to work with a hash parameter as URL.
+    *Akhil G Krishnan*, *AJ Esler*
 
-    *MingyuanQin*
-
-*   Fix `link_to` with a model passed as an argument twice.
-
-    *Alex Ghiculescu*
-
-
-## Rails 7.0.0 (December 15, 2021) ##
-
-*   Support `include_hidden:` option in calls to
-    `ActionView::Helper::FormBuilder#file_field` with `multiple: true` to
-    support submitting an empty collection of files.
-
-    ```ruby
-    form.file_field :attachments, multiple: true
-    # => <input type="hidden" autocomplete="off" name="post[attachments][]" value="">
-         <input type="file" multiple="multiple" id="post_attachments" name="post[attachments][]">
-
-    form.file_field :attachments, multiple: true, include_hidden: false
-    # => <input type="file" multiple="multiple" id="post_attachments" name="post[attachments][]">
-    ```
+*   Parse `ActionView::TestCase#rendered` HTML content as `Nokogiri::XML::DocumentFragment` instead of `Nokogiri::XML::Document`.
 
     *Sean Doyle*
 
-*   Fix `number_with_precision(raise: true)` always raising even on valid numbers.
+*   Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
 
-    *Pedro Moreira*
-
-
-## Rails 7.0.0.rc3 (December 14, 2021) ##
-
-*   No changes.
-
-
-## Rails 7.0.0.rc2 (December 14, 2021) ##
-
-*   No changes.
-
-## Rails 7.0.0.rc1 (December 06, 2021) ##
-
-*   Support `fields model: [@nested, @model]` the same way as `form_with model:
-    [@nested, @model]`.
-
-    *Sean Doyle*
-
-*   Infer HTTP verb `[method]` from a model or Array with model as the first
-    argument to `button_to` when combined with a block:
-
-    ```ruby
-    button_to(Workshop.find(1)){ "Update" }
-    #=> <form method="post" action="/workshops/1" class="button_to">
-    #=>   <input type="hidden" name="_method" value="patch" autocomplete="off" />
-    #=>   <button type="submit">Update</button>
-    #=> </form>
-
-    button_to([ Workshop.find(1), Session.find(1) ]) { "Update" }
-    #=> <form method="post" action="/workshops/1/sessions/1" class="button_to">
-    #=>   <input type="hidden" name="_method" value="patch" autocomplete="off" />
-    #=>   <button type="submit">Update</button>
-    #=> </form>
-    ```
-
-    *Sean Doyle*
-
-*   Support passing a Symbol as the first argument to `FormBuilder#button`:
-
-    ```ruby
-    form.button(:draft, value: true)
-    # => <button name="post[draft]" value="true" type="submit">Create post</button>
-
-    form.button(:draft, value: true) do
-      content_tag(:strong, "Save as draft")
-    end
-    # =>  <button name="post[draft]" value="true" type="submit">
-    #       <strong>Save as draft</strong>
-    #     </button>
-    ```
-
-    *Sean Doyle*
-
-*   Introduce the `field_name` view helper, along with the
-    `FormBuilder#field_name` counterpart:
-
-    ```ruby
-    form_for @post do |f|
-      f.field_tag :tag, name: f.field_name(:tag, multiple: true)
-      # => <input type="text" name="post[tag][]">
-    end
-    ```
+    Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`
 
     *Sean Doyle*
 
-*   Execute the `ActionView::Base.field_error_proc` within the context of the
-    `ActionView::Base` instance:
+*   Deprecate passing `nil` as value for the `model:` argument to the `form_with` method.
 
-    ```ruby
-    config.action_view.field_error_proc = proc { |html| content_tag(:div, html, class: "field_with_errors") }
-    ```
-
-    *Sean Doyle*
-
-*   Add support for `button_to ..., authenticity_token: false`
-
-    ```ruby
-    button_to "Create", Post.new, authenticity_token: false
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button></form>
-
-    button_to "Create", Post.new, authenticity_token: true
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button><input type="hidden" name="form_token" value="abc123..." autocomplete="off" /></form>
-
-    button_to "Create", Post.new, authenticity_token: "secret"
-    # => <form class="button_to" method="post" action="/posts"><button type="submit">Create</button><input type="hidden" name="form_token" value="secret" autocomplete="off" /></form>
-    ```
-
-    *Sean Doyle*
-
-*   Support rendering `<form>` elements _without_ `[action]` attributes by:
+    *Collin Jilbert*
 
-    * `form_with url: false` or `form_with ..., html: { action: false }`
-    * `form_for ..., url: false` or `form_for ..., html: { action: false }`
-    * `form_tag false` or `form_tag ..., action: false`
-    * `button_to "...", false` or `button_to(false) { ... }`
+*   Alias `field_set_tag` helper to `fieldset_tag` to match `<fieldset>` element.
 
     *Sean Doyle*
 
-*   Add `:day_format` option to `date_select`
-
-        date_select("article", "written_on", day_format: ->(day) { day.ordinalize })
-        # generates day options like <option value="1">1st</option>\n<option value="2">2nd</option>...
-
-    *Shunichi Ikegami*
-
-*   Allow `link_to` helper to infer link name from `Model#to_s` when it
-    is used with a single argument:
-
-        link_to @profile
-        #=> <a href="/profiles/1">Eileen</a>
-
-    This assumes the model class implements a `to_s` method like this:
-
-        class Profile < ApplicationRecord
-          # ...
-          def to_s
-            name
-          end
-        end
-
-    Previously you had to supply a second argument even if the `Profile`
-    model implemented a `#to_s` method that called the `name` method.
-
-        link_to @profile, @profile.name
-        #=> <a href="/profiles/1">Eileen</a>
-
-    *Olivier Lacan*
-
-*   Support svg unpaired tags for `tag` helper.
-
-        tag.svg { tag.use('href' => "#cool-icon") }
-        # => <svg><use href="#cool-icon"></svg>
-
-    *Oleksii Vasyliev*
+*   Deprecate passing content to void elements when using `tag.br` type tag builders.
 
+    *Hartley McGuire*
 
-## Rails 7.0.0.alpha2 (September 15, 2021) ##
-
-*   No changes.
-
-
-## Rails 7.0.0.alpha1 (September 15, 2021) ##
-
-*   Improves the performance of ActionView::Helpers::NumberHelper formatters by avoiding the use of
-    exceptions as flow control.
-
-    *Mike Dalessio*
-
-*   `preload_link_tag` properly inserts `as` attributes for files with `image` MIME types, such as JPG or SVG.
-
-    *Nate Berkopec*
-
-*   Add `weekday_options_for_select` and `weekday_select` helper methods. Also adds `weekday_select` to `FormBuilder`.
-
-    *Drew Bragg*, *Dana Kashubeck*, *Kasper Timm Hansen*
-
-*   Add `caching?` helper that returns whether the current code path is being cached and `uncacheable!` to denote helper methods that can't participate in fragment caching.
-
-    *Ben Toews*, *John Hawthorn*, *Kasper Timm Hansen*, *Joel Hawksley*
-
-*   Add `include_seconds` option for `time_field`.
-
-        <%= form.time_field :foo, include_seconds: false %>
-        # => <input value="16:22" type="time" />
+*   Fix the `number_to_human_size` view helper to correctly work with negative numbers.
 
-    Default includes seconds:
+    *Earlopain*
 
-        <%= form.time_field :foo %>
-        # => <input value="16:22:01.440" type="time" />
+*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them.
 
-    This allows you to take advantage of [different rendering options](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/time#time_value_format) in some browsers.
+    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
 
-    *Alex Ghiculescu*
+    Now they are only passed if the template will actually accept them.
 
-*   Improve error messages when template file does not exist at absolute filepath.
+    *Yasha Krasnou*, *Jean Boussier*
 
-    *Ted Whang*
+*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers.
 
-*   Add `:country_code` option to `sms_to` for consistency with `phone_to`.
+    *Hartley McGuire*, *Ryunosuke Sato*
 
-    *Jonathan Hefner*
+*   Fix the `capture` view helper compatibility with HAML and Slim.
 
-*   OpenSSL constants are now used for Digest computations.
+    When a blank string was captured in HAML or Slim (and possibly other template engines)
+    it would instead return the entire buffer.
 
-    *Dirkjan Bussink*
+    *Jean Boussier*
 
-*   The `translate` helper now passes `default` values that aren't
-    translation keys through `I18n.translate` for interpolation.
+*   Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
 
-    *Jonathan Hefner*
+    This fix was already landed in >= 7.0.4.3, < 7.1.0.
+    [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
 
-*   Adds option `extname` to `stylesheet_link_tag` to skip default
-    `.css` extension appended to the stylesheet path.
+    *Ryunosuke Sato*
 
-    Before:
+*   Added validation for HTML tag names in the `tag` and `content_tag` helper method.
 
-    ```ruby
-    stylesheet_link_tag "style.less"
-    # <link href="/stylesheets/style.less.scss" rel="stylesheet">
-    ```
+    The `tag` and `content_tag` method now checks that the provided tag name adheres to the HTML
+    specification. If an invalid HTML tag name is provided, the method raises an `ArgumentError`
+    with an appropriate error message.
 
-    After:
+    Examples:
 
     ```ruby
-    stylesheet_link_tag "style.less", extname: false, skip_pipeline: true, rel: "stylesheet/less"
-    # <link href="/stylesheets/style.less" rel="stylesheet/less">
-    ```
-
-    *Abhay Nikam*
-
-*   Deprecate `render` locals to be assigned to instance variables.
-
-    *Petrik de Heus*
-
-*   Remove legacy default `media=screen` from `stylesheet_link_tag`.
-
-    *André Luis Leal Cardoso Junior*
-
-*   Change `ActionView::Helpers::FormBuilder#button` to transform `formmethod`
-    attributes into `_method="$VERB"` Form Data to enable varied same-form actions:
+    # Raises ArgumentError: Invalid HTML5 tag name: 12p
+    content_tag("12p") # Starting with a number
 
-        <%= form_with model: post, method: :put do %>
-          <%= form.button "Update" %>
-          <%= form.button "Delete", formmethod: :delete %>
-        <% end %>
-        <%# => <form action="posts/1">
-            =>   <input type="hidden" name="_method" value="put">
-            =>   <button type="submit">Update</button>
-            =>   <button type="submit" formmethod="post" name="_method" value="delete">Delete</button>
-            => </form>
-        %>
+    # Raises ArgumentError: Invalid HTML5 tag name: ""
+    content_tag("") # Empty tag name
 
-    *Sean Doyle*
-
-*   Change `ActionView::Helpers::UrlHelper#button_to` to *always* render a
-    `<button>` element, regardless of whether or not the content is passed as
-    the first argument or as a block.
-
-        <%= button_to "Delete", post_path(@post), method: :delete %>
-        # => <form action="/posts/1"><input type="hidden" name="_method" value="delete"><button type="submit">Delete</button></form>
-
-        <%= button_to post_path(@post), method: :delete do %>
-          Delete
-        <% end %>
-        # => <form action="/posts/1"><input type="hidden" name="_method" value="delete"><button type="submit">Delete</button></form>
-
-    *Sean Doyle*, *Dusan Orlovic*
-
-*   Add `config.action_view.preload_links_header` to allow disabling of
-    the `Link` header being added by default when using `stylesheet_link_tag`
-    and `javascript_include_tag`.
-
-    *Andrew White*
-
-*   The `translate` helper now resolves `default` values when a `nil` key is
-    specified, instead of always returning `nil`.
-
-    *Jonathan Hefner*
-
-*   Add `config.action_view.image_loading` to configure the default value of
-    the `image_tag` `:loading` option.
-
-    By setting `config.action_view.image_loading = "lazy"`, an application can opt in to
-    lazy loading images sitewide, without changing view code.
-
-    *Jonathan Hefner*
-
-*   `ActionView::Helpers::FormBuilder#id` returns the value
-    of the `<form>` element's `id` attribute. With a `method` argument, returns
-    the `id` attribute for a form field with that name.
+    # Raises ArgumentError: Invalid HTML5 tag name: div/
+    tag("div/") # Contains a solidus
 
-        <%= form_for @post do |f| %>
-          <%# ... %>
-
-          <% content_for :sticky_footer do %>
-            <%= form.button(form: f.id) %>
-          <% end %>
-        <% end %>
-
-    *Sean Doyle*
-
-*   `ActionView::Helpers::FormBuilder#field_id` returns the value generated by
-    the FormBuilder for the given attribute name.
-
-        <%= form_for @post do |f| %>
-          <%= f.label :title %>
-          <%= f.text_field :title, aria: { describedby: f.field_id(:title, :error) } %>
-          <%= tag.span("is blank", id: f.field_id(:title, :error) %>
-        <% end %>
-
-    *Sean Doyle*
-
-*   Add `tag.attributes` to transform a Hash into HTML Attributes, ready to be
-    interpolated into ERB.
-
-        <input <%= tag.attributes(type: :text, aria: { label: "Search" }) %> >
-        # => <input type="text" aria-label="Search">
-
-    *Sean Doyle*
+    # Raises ArgumentError: Invalid HTML5 tag name: "image file"
+    tag("image file") # Contains a space
+    ```
 
+    *Akhil G Krishnan*
 
-Please check [6-1-stable](https://github.com/rails/rails/blob/6-1-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionview/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2022 David Heinemeier Hansson
+Copyright (c) David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -5,7 +5,7 @@ view helpers that assist when building HTML forms, Atom feeds and more.
 Template formats that Action View handles are ERB (embedded Ruby, typically
 used to inline short Ruby snippets inside HTML), and XML Builder.
 
-You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
+You can read more about Action View in the {Action View Overview}[https://guides.rubyonrails.org/action_view_overview.html] guide.
 
 == Download and installation