actionview 7.1.2 → 8.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2ec34555888d78ec7dd238a5845d5a0a6861aabf4b43b532b9001de74d7f69f8
-  data.tar.gz: fa36f1e81bea968392435051307a0ad371e856f8fa4760b6e341df5412a017e5
+  metadata.gz: cc81c16e4d502ce1736e2ff17c85dbb50ed6209d6ded187af4f846d05540f551
+  data.tar.gz: faa7c34dff4cfc391389c56b52afd0cbbbdbaf5ee7805ae3e1d1fd78940f1195
 SHA512:
-  metadata.gz: 229637c660fba19dcba6f8e15e83cf748b1e8ee0c123bc32d2b0417265df296254dfd3f9ef07d64b930f96c1e1b94a3ad9f9304a9c9e4ce734357208924019f7
-  data.tar.gz: 5ef080a91aa2611698efca00142c79aa3f005ab680cbe804c41636df0318f05ce432429a3420d06515be43f2d249e7d38d8b9e7496d64b58a9ba218451310808
+  metadata.gz: 1e9c0c527c580719aea26c3a8499d1b1b82e4da5074271403c0060d0d96b604e23fe953ae8ede37d901ba7830fd3700a82297be2d29d574845eb79b559277d0f
+  data.tar.gz: 24a3fc73c41d00476204519044e278f8c545db961ac02e88d810325f6cc7d831d410e203e1691767b1cca6672c0ab2d0c5b19179276c47a672b8489827d0545d

data/CHANGELOG.md

@@ -1,438 +1,107 @@
-## Rails 7.1.2 (November 10, 2023) ##
-
-*   Fix the `number_to_human_size` view helper to correctly work with negative numbers.
-
-    *Earlopain*
-
-*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them
-
-    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
-
-    Now they are only passed if the template will actually accept them.
-
-    *Yasha Krasnou*, *Jean Boussier*
-
-*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers
-
-    *Hartley McGuire*, *Ryunosuke Sato*
-
-*   Fix the `capture` view helper compatibility with HAML and Slim
-
-    When a blank string was captured in HAML or Slim (and possibly other template engines)
-    it would instead return the entire buffer.
-
-    *Jean Boussier*
-
-
-## Rails 7.1.1 (October 11, 2023) ##
-
-*   Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
-
-    This fix was already landed in >= 7.0.4.3, < 7.1.0.
-    [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
-
-    *Ryunosuke Sato*
-
-
-## Rails 7.1.0 (October 05, 2023) ##
+## Rails 8.0.2 (March 12, 2025) ##
 
 *   No changes.
 
 
-## Rails 7.1.0.rc2 (October 01, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.1.0.rc1 (September 27, 2023) ##
-
-*   Introduce `ActionView::TestCase.register_parser`
-
-    ```ruby
-    register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }
-
-    test "renders RSS" do
-      article = Article.create!(title: "Hello, world")
-
-      render formats: :rss, partial: article
-
-      assert_equal "Hello, world", rendered.rss.items.last.title
-    end
-    ```
-
-    By default, register parsers for `:html` and `:json`.
-
-    *Sean Doyle*
-
-
-## Rails 7.1.0.beta1 (September 13, 2023) ##
-
-*   Fix `simple_format` with blank `wrapper_tag` option returns plain html tag
-
-    By default `simple_format` method returns the text wrapped with `<p>`. But if we explicitly specify
-    the `wrapper_tag: nil` in the options, it returns the text wrapped with `<></>` tag.
-
-    Before:
-
-    ```ruby
-    simple_format("Hello World", {},  { wrapper_tag: nil })
-    # <>Hello World</>
-    ```
-
-    After:
+## Rails 8.0.2 (March 12, 2025) ##
 
-    ```ruby
-    simple_format("Hello World", {},  { wrapper_tag: nil })
-    # <p>Hello World</p>
-    ```
+*   Respect `html_options[:form]` when `collection_checkboxes` generates the
+    hidden `<input>`.
 
-    *Akhil G Krishnan*, *Junichi Ito*
+    *Riccardo Odone*
 
-*   Don't double-encode nested `field_id` and `field_name` index values
+*   Layouts have access to local variables passed to `render`.
 
-    Pass `index: @options` as a default keyword argument to `field_id` and
-    `field_name` view helper methods.
+    This fixes #31680 which was a regression in Rails 5.1.
 
-    *Sean Doyle*
+    *Mike Dalessio*
 
-*   Allow opting in/out of `Link preload` headers when calling `stylesheet_link_tag` or `javascript_include_tag`
+*   Argument errors related to strict locals in templates now raise an
+    `ActionView::StrictLocalsError`, and all other argument errors are reraised as-is.
 
-    ```ruby
-    # will exclude header, even if setting is enabled:
-    javascript_include_tag("http://example.com/all.js", preload_links_header: false)
+    Previously, any `ArgumentError` raised during template rendering was swallowed during strict
+    local error handling, so that an `ArgumentError` unrelated to strict locals (e.g., a helper
+    method invoked with incorrect arguments) would be replaced by a similar `ArgumentError` with an
+    unrelated backtrace, making it difficult to debug templates.
 
-    # will include header, even if setting is disabled:
-    stylesheet_link_tag("http://example.com/all.js", preload_links_header: true)
-    ```
+    Now, any `ArgumentError` unrelated to strict locals is reraised, preserving the original
+    backtrace for developers.
 
-    *Alex Ghiculescu*
+    Also note that `ActionView::StrictLocalsError` is a subclass of `ArgumentError`, so any existing
+    code that rescues `ArgumentError` will continue to work.
 
-*   Stop generating `Link preload` headers once it has reached 1KB.
+    Fixes #52227.
 
-    Some proxies have trouble handling large headers, but more importantly preload links
-    have diminishing returns so it's preferable not to go overboard with them.
+    *Mike Dalessio*
 
-    If tighter control is needed, it's recommended to disable automatic generation of preloads
-    and to generate them manually from the controller or from a middleware.
+*   Fix stack overflow error in dependency tracker when dealing with circular dependencies
 
     *Jean Boussier*
 
-*   `simple_format` helper now handles a `:sanitize_options` - any extra options you want appending to the sanitize.
+## Rails 8.0.1 (December 13, 2024) ##
 
-    Before:
-    ```ruby
-      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>")
-      # => "<p><a href=\"http://example.com\">Continue</a></p>"
-    ```
+*   Fix a crash in ERB template error highlighting when the error occurs on a
+    line in the compiled template that is past the end of the source template.
 
-    After:
-    ```ruby
-      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>", {}, { sanitize_options: { attributes: %w[target href] } })
-      # => "<p><a target=\"_blank\" href=\"http://example.com\">Continue</a></p>"
-    ```
+    *Martin Emde*
 
-    *Andrei Andriichuk*
+*   Improve reliability of ERB template error highlighting.
+    Fix infinite loops and crashes in highlighting and
+    improve tolerance for alternate ERB handlers.
 
-*   Add support for HTML5 standards-compliant sanitizers, and default to `Rails::HTML5::Sanitizer`
-    in the Rails 7.1 configuration if it is supported.
+    *Martin Emde*
 
-    Action View's HTML sanitizers can be configured by setting
-    `config.action_view.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
-    `Rails::HTML5::Sanitizer`.
 
-    The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
-    fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
-    `Rails::HTML4::Sanitizer`.
+## Rails 8.0.0.1 (December 10, 2024) ##
 
-    *Mike Dalessio*
+*   No changes.
 
-*   `config.dom_testing_default_html_version` controls the HTML parser used by
-    `ActionView::TestCase#document_root_element`, which creates the DOM used by the assertions in
-    Rails::Dom::Testing.
 
-    The Rails 7.1 default configuration opts into the HTML5 parser when it is supported, to better
-    represent what the DOM would be in a browser user agent. Previously this test helper always used
-    Nokogiri's HTML4 parser.
+## Rails 8.0.0 (November 07, 2024) ##
 
-    *Mike Dalessio*
+*   No changes.
 
-*   Add support for the HTML picture tag. It supports passing a String, an Array or a Block.
-    Supports passing properties directly to the img tag via the `:image` key.
-    Since the picture tag requires an img tag, the last element you provide will be used for the img tag.
-    For complete control over the picture tag, a block can be passed, which will populate the contents of the tag accordingly.
 
-    Can be used like this for a single source:
-    ```erb
-    <%= picture_tag("picture.webp") %>
-    ```
-    which will generate the following:
-    ```html
-    <picture>
-        <img src="/images/picture.webp" />
-    </picture>
-    ```
+## Rails 8.0.0.rc2 (October 30, 2024) ##
 
-    For multiple sources:
-    ```erb
-    <%= picture_tag("picture.webp", "picture.png", :class => "mt-2", :image => { alt: "Image", class: "responsive-img" }) %>
-    ```
-    will generate:
-    ```html
-    <picture class="mt-2">
-        <source srcset="/images/picture.webp" />
-        <source srcset="/images/picture.png" />
-        <img alt="Image" class="responsive-img" src="/images/picture.png" />
-    </picture>
-    ```
+*   No changes.
 
-    Full control via a block:
-    ```erb
-    <%= picture_tag(:class => "my-class") do %>
-        <%= tag(:source, :srcset => image_path("picture.webp")) %>
-        <%= tag(:source, :srcset => image_path("picture.png")) %>
-        <%= image_tag("picture.png", :alt => "Image") %>
-    <% end %>
-    ```
-    will generate:
-    ```html
-    <picture class="my-class">
-        <source srcset="/images/picture.webp" />
-        <source srcset="/images/picture.png" />
-        <img alt="Image" src="/images/picture.png" />
-    </picture>
-    ```
 
-    *Juan Pablo Balarini*
+## Rails 8.0.0.rc1 (October 19, 2024) ##
 
-*   Remove deprecated support to passing instance variables as locals to partials.
+*   Remove deprecated support to passing a content to void tag elements on the `tag` builder.
 
     *Rafael Mendonça França*
 
-*   Remove deprecated constant `ActionView::Path`.
+*   Remove deprecated support to passing `nil` to the `model:` argument of `form_with`.
 
     *Rafael Mendonça França*
 
-*   Guard `token_list` calls from escaping HTML too often
-
-    *Sean Doyle*
-
-*   `select` can now be called with a single hash containing options and some HTML options
 
-    Previously this would not work as expected:
+## Rails 8.0.0.beta1 (September 26, 2024) ##
 
-    ```erb
-    <%= select :post, :author, authors, required: true %>
-    ```
-
-    Instead you needed to do this:
+*   Enable DependencyTracker to evaluate renders with trailing interpolation.
 
     ```erb
-    <%= select :post, :author, authors, {}, required: true %>
+    <%= render "maintenance_tasks/runs/info/#{run.status}" %>
     ```
 
-    Now, either form is accepted, for the following HTML attributes: `required`, `multiple`, `size`.
+    Previously, the DependencyTracker would ignore this render, but now it will
+    mark all partials in the "maintenance_tasks/runs/info" folder as
+    dependencies.
 
-    *Alex Ghiculescu*
+    *Hartley McGuire*
 
-*   Datetime form helpers (`time_field`, `date_field`, `datetime_field`, `week_field`, `month_field`) now accept an instance of Time/Date/DateTime as `:value` option.
-
-    Before:
-    ```erb
-    <%= form.datetime_field :written_at, value: Time.current.strftime("%Y-%m-%dT%T") %>
-    ```
-
-    After:
-    ```erb
-    <%= form.datetime_field :written_at, value: Time.current %>
-    ```
-
-    *Andrey Samsonov*
-
-*   Choices of `select` can optionally contain html attributes as the last element
-    of the child arrays when using grouped/nested collections
-
-    ```erb
-    <%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
-    # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
-    ```
+*   Rename `text_area` methods into `textarea`
 
-    *Chris Gunther*
-
-*   `check_box_tag` and `radio_button_tag` now accept `checked` as a keyword argument
-
-    This is to make the API more consistent with the `FormHelper` variants. You can now
-    provide `checked` as a positional or keyword argument:
-
-    ```erb
-    = check_box_tag "admin", "1", false
-    = check_box_tag "admin", "1", checked: false
-
-    = radio_button_tag 'favorite_color', 'maroon', false
-    = radio_button_tag 'favorite_color', 'maroon', checked: false
-    ```
-
-    *Alex Ghiculescu*
-
-*   Allow passing a class to `dom_id`.
-    You no longer need to call `new` when passing a class to `dom_id`.
-    This makes `dom_id` behave like `dom_class` in this regard.
-    Apart from saving a few keystrokes, it prevents Ruby from needing
-    to instantiate a whole new object just to generate a string.
-
-    Before:
-    ```ruby
-    dom_id(Post) # => NoMethodError: undefined method `to_key' for Post:Class
-    ```
-
-    After:
-    ```ruby
-    dom_id(Post) # => "new_post"
-    ```
-
-    *Goulven Champenois*
-
-*   Report `:locals` as part of the data returned by ActionView render instrumentation.
-
-    Before:
-    ```ruby
-    {
-    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
-    layout: "layouts/application"
-    }
-    ```
-
-    After:
-    ```ruby
-    {
-    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
-    layout: "layouts/application",
-    locals: {foo: "bar"}
-    }
-    ```
-
-    *Aaron Gough*
-
-*   Strip `break_sequence` at the end of `word_wrap`.
-
-    This fixes a bug where `word_wrap` didn't properly strip off break sequences that had printable characters.
-
-    For example, compare the outputs of this template:
-
-    ```erb
-    # <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>
-    ```
-
-    Before:
-
-    ```
-    # 11
-    # 22
-    #
-    # 33
-    # 44
-    #
-    ```
-
-    After:
-
-    ```
-    # 11
-    # 22
-    # 33
-    # 44
-    ```
-
-    *Max Chernyak*
-
-*   Allow templates to set strict `locals`.
-
-    By default, templates will accept any `locals` as keyword arguments. To define what `locals` a template accepts, add a `locals` magic comment:
-
-    ```erb
-    <%# locals: (message:) -%>
-    <%= message %>
-    ```
-
-    Default values can also be provided:
-
-    ```erb
-    <%# locals: (message: "Hello, world!") -%>
-    <%= message %>
-    ```
-
-    Or `locals` can be disabled entirely:
-
-    ```erb
-    <%# locals: () %>
-    ```
-
-    *Joel Hawksley*
-
-*   Add `include_seconds` option for `datetime_local_field`
-
-    This allows to omit seconds part in the input field, by passing `include_seconds: false`
-
-    *Wojciech Wnętrzak*
-
-*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
-    `object_name` arguments. For example:
-
-    ```erb
-    <%= fields do |f| %>
-      <%= f.field_name :body %>
-    <% end %>
-    ```
-
-    *Sean Doyle*
-
-*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
-
-    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
-    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
-    entities when being concatenated to a SafeBuffer during rendering.
-
-    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
-
-    *Mike Dalessio*
-
-*   Move `convert_to_model` call from `form_for` into `form_with`
-
-    Now that `form_for` is implemented in terms of `form_with`, remove the
-    `convert_to_model` call from `form_for`.
+    Old names are still available as aliases.
 
     *Sean Doyle*
 
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
-
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
-
-    *Álvaro Martín Fraguas*
+*   Rename `check_box*` methods into `checkbox*`.
 
-*   Extend audio_tag and video_tag to accept Active Storage attachments.
+    Old names are still available as aliases.
 
-    Now it's possible to write
-
-    ```ruby
-    audio_tag(user.audio_file)
-    video_tag(user.video_file)
-    ```
-
-    Instead of
-
-    ```ruby
-    audio_tag(polymorphic_path(user.audio_file))
-    video_tag(polymorphic_path(user.video_file))
-    ```
-
-    `image_tag` already supported that, so this follows the same pattern.
-
-    *Matheus Richard*
-
-*   Ensure models passed to `form_for` attempt to call `to_model`.
-
-    *Sean Doyle*
+    *Jean Boussier*
 
-Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/actionview/CHANGELOG.md) for previous changes.

data/lib/action_view/base.rb

@@ -80,6 +80,23 @@ module ActionView # :nodoc:
   # This is useful in cases where you aren't sure if the local variable has been assigned. Alternatively, you could also use
   # <tt>defined? headline</tt> to first check if the variable has been assigned before using it.
   #
+  # By default, templates will accept any <tt>locals</tt> as keyword arguments. To restrict what <tt>locals</tt> a template accepts, add a <tt>locals:</tt> magic comment:
+  #
+  #   <%# locals: (headline:) %>
+  #
+  #   Headline: <%= headline %>
+  #
+  # In cases where the local variables are optional, declare the keyword argument with a default value:
+  #
+  #   <%# locals: (headline: nil) %>
+  #
+  #   <% unless headline.nil? %>
+  #   Headline: <%= headline %>
+  #   <% end %>
+  #
+  # Read more about strict locals in {Action View Overview}[https://guides.rubyonrails.org/action_view_overview.html#strict-locals]
+  # in the guides.
+  #
   # === Template caching
   #
   # By default, \Rails will compile each template to a method in order to render it. When you alter a template,
@@ -136,8 +153,7 @@ module ActionView # :nodoc:
   #     end
   #   end
   #
-  # For more information on Builder please consult the {source
-  # code}[https://github.com/jimweirich/builder].
+  # For more information on Builder please consult the {source code}[https://github.com/rails/builder].
   class Base
     include Helpers, ::ERB::Util, Context
 
@@ -249,16 +265,14 @@ module ActionView # :nodoc:
 
       if has_strict_locals
         begin
-          public_send(method, buffer, **locals, &block)
+          public_send(method, locals, buffer, **locals, &block)
         rescue ArgumentError => argument_error
-          raise(
-            ArgumentError,
-            argument_error.
-              message.
-                gsub("unknown keyword:", "unknown local:").
-                gsub("missing keyword:", "missing local:").
-                gsub("no keywords accepted", "no locals accepted")
-          )
+          public_send_line = __LINE__ - 2
+          frame = argument_error.backtrace_locations[1]
+          if frame.path == __FILE__ && frame.lineno == public_send_line
+            raise StrictLocalsError.new(argument_error, @current_template)
+          end
+          raise
         end
       else
         public_send(method, locals, buffer, &block)

data/lib/action_view/cache_expiry.rb

@@ -10,16 +10,17 @@ module ActionView
         @watcher = nil
         @previous_change = false
 
-        rebuild_watcher
-
         ActionView::PathRegistry.file_system_resolver_hooks << method(:rebuild_watcher)
       end
 
       def updated?
+        build_watcher unless @watcher
         @previous_change || @watcher.updated?
       end
 
       def execute
+        return unless @watcher
+
         watcher = nil
         @mutex.synchronize do
           @previous_change = false
@@ -33,7 +34,7 @@ module ActionView
           ActionView::LookupContext::DetailsKey.clear
         end
 
-        def rebuild_watcher
+        def build_watcher
           @mutex.synchronize do
             old_watcher = @watcher
 
@@ -51,6 +52,11 @@ module ActionView
           end
         end
 
+        def rebuild_watcher
+          return unless @watcher
+          build_watcher
+        end
+
         def dirs_to_watch
           all_view_paths.uniq.sort
         end