actionview 7.1.5.1 → 7.2.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +41 -456
- data/lib/action_view/base.rb +19 -1
- data/lib/action_view/cache_expiry.rb +9 -3
- data/lib/action_view/dependency_tracker/{ripper_tracker.rb → ruby_tracker.rb} +4 -3
- data/lib/action_view/dependency_tracker.rb +1 -1
- data/lib/action_view/gem_version.rb +3 -3
- data/lib/action_view/helpers/asset_tag_helper.rb +18 -6
- data/lib/action_view/helpers/csrf_helper.rb +1 -1
- data/lib/action_view/helpers/form_helper.rb +197 -192
- data/lib/action_view/helpers/form_tag_helper.rb +76 -43
- data/lib/action_view/helpers/output_safety_helper.rb +4 -4
- data/lib/action_view/helpers/tag_helper.rb +208 -18
- data/lib/action_view/helpers/url_helper.rb +6 -82
- data/lib/action_view/layouts.rb +2 -4
- data/lib/action_view/log_subscriber.rb +8 -4
- data/lib/action_view/railtie.rb +0 -1
- data/lib/action_view/render_parser/prism_render_parser.rb +127 -0
- data/lib/action_view/{ripper_ast_parser.rb → render_parser/ripper_render_parser.rb} +152 -9
- data/lib/action_view/render_parser.rb +21 -169
- data/lib/action_view/renderer/abstract_renderer.rb +1 -1
- data/lib/action_view/renderer/renderer.rb +32 -38
- data/lib/action_view/rendering.rb +4 -4
- data/lib/action_view/template/renderable.rb +7 -1
- data/lib/action_view/template/resolver.rb +0 -2
- data/lib/action_view/template.rb +18 -1
- data/lib/action_view/test_case.rb +7 -9
- data/lib/assets/compiled/rails-ujs.js +777 -0
- metadata +20 -18
@@ -68,6 +68,8 @@ module ActionView
|
|
68
68
|
# attribute, which indicates to the browser that the script is meant to
|
69
69
|
# be executed after the document has been parsed. Additionally, prevents
|
70
70
|
# sending the Preload Links header.
|
71
|
+
# * <tt>:nopush</tt> - Specify if the use of server push is not desired
|
72
|
+
# for the script. Defaults to +true+.
|
71
73
|
#
|
72
74
|
# Any other specified options will be treated as HTML attributes for the
|
73
75
|
# +script+ tag.
|
@@ -166,6 +168,10 @@ module ActionView
|
|
166
168
|
# that path.
|
167
169
|
# * <tt>:skip_pipeline</tt> - This option is used to bypass the asset pipeline
|
168
170
|
# when it is set to true.
|
171
|
+
# * <tt>:nonce</tt> - When set to true, adds an automatic nonce value if
|
172
|
+
# you have Content Security Policy enabled.
|
173
|
+
# * <tt>:nopush</tt> - Specify if the use of server push is not desired
|
174
|
+
# for the stylesheet. Defaults to +true+.
|
169
175
|
#
|
170
176
|
# ==== Examples
|
171
177
|
#
|
@@ -190,6 +196,9 @@ module ActionView
|
|
190
196
|
# stylesheet_link_tag "random.styles", "/css/stylish"
|
191
197
|
# # => <link href="/assets/random.styles" rel="stylesheet" />
|
192
198
|
# # <link href="/css/stylish.css" rel="stylesheet" />
|
199
|
+
#
|
200
|
+
# stylesheet_link_tag "style", nonce: true
|
201
|
+
# # => <link href="/assets/style.css" rel="stylesheet" nonce="..." />
|
193
202
|
def stylesheet_link_tag(*sources)
|
194
203
|
options = sources.extract_options!.stringify_keys
|
195
204
|
path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
|
@@ -214,6 +223,9 @@ module ActionView
|
|
214
223
|
"crossorigin" => crossorigin,
|
215
224
|
"href" => href
|
216
225
|
}.merge!(options)
|
226
|
+
if tag_options["nonce"] == true
|
227
|
+
tag_options["nonce"] = content_security_policy_nonce
|
228
|
+
end
|
217
229
|
|
218
230
|
if apply_stylesheet_media_default && tag_options["media"].blank?
|
219
231
|
tag_options["media"] = "screen"
|
@@ -351,13 +363,13 @@ module ActionView
|
|
351
363
|
nopush = options.delete(:nopush) || false
|
352
364
|
rel = mime_type == "module" ? "modulepreload" : "preload"
|
353
365
|
|
354
|
-
link_tag = tag.link(
|
366
|
+
link_tag = tag.link(
|
355
367
|
rel: rel,
|
356
368
|
href: href,
|
357
369
|
as: as_type,
|
358
370
|
type: mime_type,
|
359
|
-
crossorigin: crossorigin
|
360
|
-
|
371
|
+
crossorigin: crossorigin,
|
372
|
+
**options.symbolize_keys)
|
361
373
|
|
362
374
|
preload_link = "<#{href}>; rel=#{rel}; as=#{as_type}"
|
363
375
|
preload_link += "; type=#{mime_type}" if mime_type
|
@@ -645,11 +657,11 @@ module ActionView
|
|
645
657
|
return if response_present && response.sending?
|
646
658
|
|
647
659
|
if respond_to?(:request) && request
|
648
|
-
request.send_early_hints("
|
660
|
+
request.send_early_hints("Link" => preload_links.join("\n"))
|
649
661
|
end
|
650
662
|
|
651
663
|
if response_present
|
652
|
-
header = +response.headers["
|
664
|
+
header = +response.headers["Link"].to_s
|
653
665
|
preload_links.each do |link|
|
654
666
|
break if header.bytesize + link.bytesize > max_header_size
|
655
667
|
|
@@ -660,7 +672,7 @@ module ActionView
|
|
660
672
|
end
|
661
673
|
end
|
662
674
|
|
663
|
-
response.headers["
|
675
|
+
response.headers["Link"] = header
|
664
676
|
end
|
665
677
|
end
|
666
678
|
end
|
@@ -17,7 +17,7 @@ module ActionView
|
|
17
17
|
# You don't need to use these tags for regular forms as they generate their own hidden fields.
|
18
18
|
#
|
19
19
|
# For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
|
20
|
-
# +X-CSRF-Token+ HTTP header.
|
20
|
+
# +X-CSRF-Token+ HTTP header.
|
21
21
|
#
|
22
22
|
def csrf_meta_tags
|
23
23
|
if defined?(protect_against_forgery?) && protect_against_forgery?
|