actionview 7.1.2 → 8.0.2

data/lib/action_view/dependency_tracker/erb_tracker.rb

@@ -74,7 +74,7 @@ module ActionView
       end
 
       def dependencies
-        render_dependencies + explicit_dependencies
+        WildcardResolver.new(@view_paths, render_dependencies + explicit_dependencies).resolve
       end
 
       attr_reader :name, :template
@@ -90,15 +90,15 @@ module ActionView
         end
 
         def render_dependencies
-          render_dependencies = []
+          dependencies = []
           render_calls = source.split(/\brender\b/).drop(1)
 
           render_calls.each do |arguments|
-            add_dependencies(render_dependencies, arguments, LAYOUT_DEPENDENCY)
-            add_dependencies(render_dependencies, arguments, RENDER_ARGUMENTS)
+            add_dependencies(dependencies, arguments, LAYOUT_DEPENDENCY)
+            add_dependencies(dependencies, arguments, RENDER_ARGUMENTS)
           end
 
-          render_dependencies.uniq
+          dependencies
         end
 
         def add_dependencies(render_dependencies, arguments, pattern)
@@ -116,12 +116,37 @@ module ActionView
         end
 
         def add_static_dependency(dependencies, dependency, quote_type)
-          if quote_type == '"'
-            # Ignore if there is interpolation
-            return if dependency.include?('#{')
-          end
+          if quote_type == '"' && dependency.include?('#{')
+            scanner = StringScanner.new(dependency)
+
+            wildcard_dependency = +""
+
+            while !scanner.eos?
+              if scanner.scan_until(/\#{/)
+                unmatched_brackets = 1
+                wildcard_dependency << scanner.pre_match
+
+                while unmatched_brackets > 0 && !scanner.eos?
+                  found = scanner.scan_until(/[{}]/)
+                  return unless found
+
+                  case scanner.matched
+                  when "{"
+                    unmatched_brackets += 1
+                  when "}"
+                    unmatched_brackets -= 1
+                  end
+                end
+
+                wildcard_dependency << "*"
+              else
+                wildcard_dependency << scanner.rest
+                scanner.terminate
+              end
+            end
 
-          if dependency
+            dependencies << wildcard_dependency
+          elsif dependency
             if dependency.include?("/")
               dependencies << dependency
             else
@@ -130,24 +155,8 @@ module ActionView
           end
         end
 
-        def resolve_directories(wildcard_dependencies)
-          return [] unless @view_paths
-          return [] if wildcard_dependencies.empty?
-
-          # Remove trailing "/*"
-          prefixes = wildcard_dependencies.map { |query| query[0..-3] }
-
-          @view_paths.flat_map(&:all_template_paths).uniq.filter_map { |path|
-            path.to_s if prefixes.include?(path.prefix)
-          }.sort
-        end
-
         def explicit_dependencies
-          dependencies = source.scan(EXPLICIT_DEPENDENCY).flatten.uniq
-
-          wildcards, explicits = dependencies.partition { |dependency| dependency.end_with?("/*") }
-
-          (explicits + resolve_directories(wildcards)).uniq
+          source.scan(EXPLICIT_DEPENDENCY).flatten.uniq
         end
     end
   end

data/lib/action_view/dependency_tracker/ruby_tracker.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module ActionView
+  class DependencyTracker # :nodoc:
+    class RubyTracker # :nodoc:
+      EXPLICIT_DEPENDENCY = /# Template Dependency: (\S+)/
+
+      def self.call(name, template, view_paths = nil)
+        new(name, template, view_paths).dependencies
+      end
+
+      def dependencies
+        WildcardResolver.new(view_paths, render_dependencies + explicit_dependencies).resolve
+      end
+
+      def self.supports_view_paths? # :nodoc:
+        true
+      end
+
+      def initialize(name, template, view_paths = nil, parser_class: RenderParser::Default)
+        @name, @template, @view_paths = name, template, view_paths
+        @parser_class = parser_class
+      end
+
+      private
+        attr_reader :template, :name, :view_paths
+
+        def render_dependencies
+          return [] unless template.source.include?("render")
+
+          compiled_source = template.handler.call(template, template.source)
+
+          @parser_class.new(@name, compiled_source).render_calls.filter_map do |render_call|
+            render_call.gsub(%r|/_|, "/")
+          end
+        end
+
+        def explicit_dependencies
+          template.source.scan(EXPLICIT_DEPENDENCY).flatten.uniq
+        end
+    end
+  end
+end

data/lib/action_view/dependency_tracker/wildcard_resolver.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module ActionView
+  class DependencyTracker # :nodoc:
+    class WildcardResolver # :nodoc:
+      def initialize(view_paths, dependencies)
+        @view_paths = view_paths
+
+        @wildcard_dependencies, @explicit_dependencies =
+          dependencies.partition { |dependency| dependency.end_with?("/*") }
+      end
+
+      def resolve
+        return explicit_dependencies.uniq if !view_paths || wildcard_dependencies.empty?
+
+        (explicit_dependencies + resolved_wildcard_dependencies).uniq
+      end
+
+      private
+        attr_reader :explicit_dependencies, :wildcard_dependencies, :view_paths
+
+        def resolved_wildcard_dependencies
+          # Remove trailing "/*"
+          prefixes = wildcard_dependencies.map { |query| query[0..-3] }
+
+          view_paths.flat_map(&:all_template_paths).uniq.filter_map { |path|
+            path.to_s if prefixes.include?(path.prefix)
+          }.sort
+        end
+    end
+  end
+end

data/lib/action_view/dependency_tracker.rb

@@ -9,7 +9,8 @@ module ActionView
     extend ActiveSupport::Autoload
 
     autoload :ERBTracker
-    autoload :RipperTracker
+    autoload :RubyTracker
+    autoload :WildcardResolver
 
     @trackers = Concurrent::Map.new
 

data/lib/action_view/digestor.rb

@@ -107,8 +107,12 @@ module ActionView
         end.join("-")
       end
 
-      def to_dep_map
-        children.any? ? { name => children.map(&:to_dep_map) } : name
+      def to_dep_map(seen = Set.new.compare_by_identity)
+        if seen.add?(self)
+          children.any? ? { name => children.map { |c| c.to_dep_map(seen) } } : name
+        else # the tree has a cycle
+          name
+        end
       end
     end
 

data/lib/action_view/gem_version.rb

@@ -7,8 +7,8 @@ module ActionView
   end
 
   module VERSION
-    MAJOR = 7
-    MINOR = 1
+    MAJOR = 8
+    MINOR = 0
     TINY  = 2
     PRE   = nil
 

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -68,6 +68,8 @@ module ActionView
       #   attribute, which indicates to the browser that the script is meant to
       #   be executed after the document has been parsed. Additionally, prevents
       #   sending the Preload Links header.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the script. Defaults to +true+.
       #
       # Any other specified options will be treated as HTML attributes for the
       # +script+ tag.
@@ -166,6 +168,10 @@ module ActionView
       #   that path.
       # * <tt>:skip_pipeline</tt>  - This option is used to bypass the asset pipeline
       #   when it is set to true.
+      # * <tt>:nonce</tt>  - When set to true, adds an automatic nonce value if
+      #   you have Content Security Policy enabled.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the stylesheet. Defaults to +true+.
       #
       # ==== Examples
       #
@@ -190,6 +196,9 @@ module ActionView
       #   stylesheet_link_tag "random.styles", "/css/stylish"
       #   # => <link href="/assets/random.styles" rel="stylesheet" />
       #   #    <link href="/css/stylish.css" rel="stylesheet" />
+      #
+      #   stylesheet_link_tag "style", nonce: true
+      #   # => <link href="/assets/style.css" rel="stylesheet" nonce="..." />
       def stylesheet_link_tag(*sources)
         options = sources.extract_options!.stringify_keys
         path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
@@ -214,6 +223,9 @@ module ActionView
             "crossorigin" => crossorigin,
             "href" => href
           }.merge!(options)
+          if tag_options["nonce"] == true
+            tag_options["nonce"] = content_security_policy_nonce
+          end
 
           if apply_stylesheet_media_default && tag_options["media"].blank?
             tag_options["media"] = "screen"
@@ -351,13 +363,13 @@ module ActionView
         nopush = options.delete(:nopush) || false
         rel = mime_type == "module" ? "modulepreload" : "preload"
 
-        link_tag = tag.link(**{
+        link_tag = tag.link(
           rel: rel,
           href: href,
           as: as_type,
           type: mime_type,
-          crossorigin: crossorigin
-        }.merge!(options.symbolize_keys))
+          crossorigin: crossorigin,
+          **options.symbolize_keys)
 
         preload_link = "<#{href}>; rel=#{rel}; as=#{as_type}"
         preload_link += "; type=#{mime_type}" if mime_type
@@ -645,11 +657,11 @@ module ActionView
           return if response_present && response.sending?
 
           if respond_to?(:request) && request
-            request.send_early_hints("Link" => preload_links.join("\n"))
+            request.send_early_hints("link" => preload_links.join(","))
           end
 
           if response_present
-            header = +response.headers["Link"].to_s
+            header = +response.headers["link"].to_s
             preload_links.each do |link|
               break if header.bytesize + link.bytesize > max_header_size
 
@@ -660,7 +672,7 @@ module ActionView
               end
             end
 
-            response.headers["Link"] = header
+            response.headers["link"] = header
           end
         end
     end

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "set"
-
 module ActionView
   module Helpers # :nodoc:
     # = Action View Atom Feed \Helpers

data/lib/action_view/helpers/cache_helper.rb

@@ -76,11 +76,11 @@ module ActionView
       #   render 'comments/comments'
       #   render('comments/comments')
       #
-      #   render "header" translates to render("comments/header")
+      #   render "header"        # translates to render("comments/header")
       #
-      #   render(@topic)         translates to render("topics/topic")
-      #   render(topics)         translates to render("topics/topic")
-      #   render(message.topics) translates to render("topics/topic")
+      #   render(@topic)         # translates to render("topics/topic")
+      #   render(topics)         # translates to render("topics/topic")
+      #   render(message.topics) # translates to render("topics/topic")
       #
       # It's not possible to derive all render calls like that, though.
       # Here are a few examples of things that can't be derived:
@@ -93,6 +93,14 @@ module ActionView
       #   render partial: 'attachments/attachment', collection: group_of_attachments
       #   render partial: 'documents/document', collection: @project.documents.where(published: true).order('created_at')
       #
+      # One last type of dependency can be determined implicitly:
+      #
+      #   render "maintenance_tasks/runs/info/#{run.status}"
+      #
+      # Because the value passed to render ends in interpolation, Action View
+      # will mark all partials within the "maintenance_tasks/runs/info" folder as
+      # dependencies.
+      #
       # === Explicit dependencies
       #
       # Sometimes you'll have template dependencies that can't be derived at all. This is typically
@@ -189,7 +197,7 @@ module ActionView
         CachingRegistry.caching?
       end
 
-      # Raises +UncacheableFragmentError+ when called from within a +cache+ block.
+      # Raises UncacheableFragmentError when called from within a +cache+ block.
       #
       # Useful to denote helper methods that can't participate in fragment caching:
       #
@@ -198,7 +206,7 @@ module ActionView
       #     "#{project.name} - #{Time.now}"
       #   end
       #
-      #   # Which will then raise if used within a +cache+ block:
+      #   # Which will then raise if used within a `cache` block:
       #   <% cache project do %>
       #     <%= project_name_with_time(project) %>
       #   <% end %>

data/lib/action_view/helpers/csrf_helper.rb

@@ -17,7 +17,7 @@ module ActionView
       # You don't need to use these tags for regular forms as they generate their own hidden fields.
       #
       # For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
-      # +X-CSRF-Token+ HTTP header. If you are using rails-ujs, this happens automatically.
+      # +X-CSRF-Token+ HTTP header.
       #
       def csrf_meta_tags
         if defined?(protect_against_forgery?) && protect_against_forgery?

data/lib/action_view/helpers/date_helper.rb

@@ -1228,7 +1228,7 @@ module ActionView
     class FormBuilder
       # Wraps ActionView::Helpers::DateHelper#date_select for form builders:
       #
-      #   <%= form_for @person do |f| %>
+      #   <%= form_with model: @person do |f| %>
       #     <%= f.date_select :birth_date %>
       #     <%= f.submit %>
       #   <% end %>
@@ -1240,7 +1240,7 @@ module ActionView
 
       # Wraps ActionView::Helpers::DateHelper#time_select for form builders:
       #
-      #   <%= form_for @race do |f| %>
+      #   <%= form_with model: @race do |f| %>
       #     <%= f.time_select :average_lap %>
       #     <%= f.submit %>
       #   <% end %>
@@ -1252,7 +1252,7 @@ module ActionView
 
       # Wraps ActionView::Helpers::DateHelper#datetime_select for form builders:
       #
-      #   <%= form_for @person do |f| %>
+      #   <%= form_with model: @person do |f| %>
       #     <%= f.datetime_select :last_request_at %>
       #     <%= f.submit %>
       #   <% end %>