actionview 7.1.5.1 → 7.2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 81ab3c1fd87fbc6f3f4a09d1144364f7c86371f864de4f7b88a4a96964b91b2a
-  data.tar.gz: c09302122b22d24541386865a278ad1b72a988b08a9808375442470c674488ab
+  metadata.gz: 129f00c083e1a4443010be161169e51eea090543c6618289968ed2cdb1c65c76
+  data.tar.gz: 568d88d12f7fc363958af2f8bf45308199dc0c221a05fafb9415a96b3eaddc8a
 SHA512:
-  metadata.gz: df946293efa603d2e519d7acea52ea8565fac8b266aab767e2a5d655b4ed3235f5203f703fc7679323dab4137bc1087abaaeb26f77a5e4d0012a1ea9e03630d0
-  data.tar.gz: 01e8fd7e08c61c5463bbcafedd9813fcaa655b75b63406eefc6724fd78333ae2d0c943b7b651273d4edbd80b24efc82419976a38d103a62f6c4ae3cc37f2ce62
+  metadata.gz: de08bd40788b58e9ba6be2169a5ebbc39c6b4f1122d1564b64cf0a6af066f855d4a1ad2d1721ab849fde78ee87c496c61579afd59d1a3062dba6135b6652bee4
+  data.tar.gz: cf2f5461be068f0d96d287bbdabe2daf9b3d76a4e80c9db31041d9242f77986b1d5d6774d6db95f5f2b068cbce2161b13335891bfd86d271994d49321bc88733

data/CHANGELOG.md

@@ -1,88 +1,86 @@
-## Rails 7.1.5.1 (December 10, 2024) ##
+## Rails 7.2.2.1 (December 10, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.1.5 (October 30, 2024) ##
+## Rails 7.2.2 (October 30, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.1.4.2 (October 23, 2024) ##
+## Rails 7.2.1.2 (October 23, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.1.4.1 (October 15, 2024) ##
+## Rails 7.2.1.1 (October 15, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.1.4 (August 22, 2024) ##
-
-*   Action View Test Case `rendered` memoization.
-
-    *Sean Doyle*
-
-*   Restore the ability for templates to return any kind of object and not just strings
-
-    *Jean Boussier*
-
-*   Fix threading issue with strict locals.
-
-    *Robert Fletcher*
-
-
-## Rails 7.1.3.4 (June 04, 2024) ##
+## Rails 7.2.1 (August 22, 2024) ##
 
 *   No changes.
 
 
-## Rails 7.1.3.3 (May 16, 2024) ##
+## Rails 7.2.0 (August 09, 2024) ##
 
-*   No changes.
+*   Fix templates with strict locals to also include `local_assigns`.
 
+    Previously templates defining strict locals wouldn't receive the `local_assigns`
+    hash.
 
-## Rails 7.1.3.2 (February 21, 2024) ##
+    *Jean Boussier*
 
-*   No changes.
+*   Add queries count to template rendering instrumentation.
 
+    ```
+    # Before
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms | Allocations: 112788)
 
-## Rails 7.1.3.1 (February 21, 2024) ##
+    # After
+    Completed 200 OK in 3804ms (Views: 41.0ms | ActiveRecord: 33.5ms (2 queries, 1 cached) | Allocations: 112788)
+    ```
 
-*   No changes.
+    *fatkodima*
 
+*   Raise `ArgumentError` if `:renderable` object does not respond to `#render_in`.
 
-## Rails 7.1.3 (January 16, 2024) ##
+    *Sean Doyle*
+
+*   Add the `nonce: true` option for `stylesheet_link_tag` helper to support automatic nonce generation for Content Security Policy.
 
-*   Better handle SyntaxError in Action View.
+    Works the same way as `javascript_include_tag nonce: true` does.
 
-    *Mario Caropreso*
+    *Akhil G Krishnan*, *AJ Esler*
 
-*   Fix `word_wrap` with empty string.
+*   Parse `ActionView::TestCase#rendered` HTML content as `Nokogiri::XML::DocumentFragment` instead of `Nokogiri::XML::Document`.
 
-    *Jonathan Hefner*
+    *Sean Doyle*
 
 *   Rename `ActionView::TestCase::Behavior::Content` to `ActionView::TestCase::Behavior::RenderedViewContent`.
 
-    Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`.
+    Make `RenderedViewContent` inherit from `String`. Make private API with `:nodoc:`
 
     *Sean Doyle*
 
-*   Fix detection of required strict locals.
+*   Deprecate passing `nil` as value for the `model:` argument to the `form_with` method.
 
-    Further fix `render @collection` compatibility with strict locals
+    *Collin Jilbert*
 
-    *Jean Boussier*
+*   Alias `field_set_tag` helper to `fieldset_tag` to match `<fieldset>` element.
+
+    *Sean Doyle*
 
+*   Deprecate passing content to void elements when using `tag.br` type tag builders.
 
-## Rails 7.1.2 (November 10, 2023) ##
+    *Hartley McGuire*
 
 *   Fix the `number_to_human_size` view helper to correctly work with negative numbers.
 
     *Earlopain*
 
-*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them
+*   Automatically discard the implicit locals injected by collection rendering for template that can't accept them.
 
     When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
 
@@ -90,20 +88,17 @@
 
     *Yasha Krasnou*, *Jean Boussier*
 
-*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers
+*   Fix `@rails/ujs` calling `start()` an extra time when using bundlers.
 
     *Hartley McGuire*, *Ryunosuke Sato*
 
-*   Fix the `capture` view helper compatibility with HAML and Slim
+*   Fix the `capture` view helper compatibility with HAML and Slim.
 
     When a blank string was captured in HAML or Slim (and possibly other template engines)
     it would instead return the entire buffer.
 
     *Jean Boussier*
 
-
-## Rails 7.1.1 (October 11, 2023) ##
-
 *   Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
 
     This fix was already landed in >= 7.0.4.3, < 7.1.0.
@@ -111,406 +106,28 @@
 
     *Ryunosuke Sato*
 
+*   Added validation for HTML tag names in the `tag` and `content_tag` helper method.
 
-## Rails 7.1.0 (October 05, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.1.0.rc2 (October 01, 2023) ##
-
-*   No changes.
-
-
-## Rails 7.1.0.rc1 (September 27, 2023) ##
-
-*   Introduce `ActionView::TestCase.register_parser`
-
-    ```ruby
-    register_parser :rss, -> rendered { RSS::Parser.parse(rendered) }
-
-    test "renders RSS" do
-      article = Article.create!(title: "Hello, world")
-
-      render formats: :rss, partial: article
-
-      assert_equal "Hello, world", rendered.rss.items.last.title
-    end
-    ```
-
-    By default, register parsers for `:html` and `:json`.
-
-    *Sean Doyle*
-
-
-## Rails 7.1.0.beta1 (September 13, 2023) ##
-
-*   Fix `simple_format` with blank `wrapper_tag` option returns plain html tag
-
-    By default `simple_format` method returns the text wrapped with `<p>`. But if we explicitly specify
-    the `wrapper_tag: nil` in the options, it returns the text wrapped with `<></>` tag.
-
-    Before:
-
-    ```ruby
-    simple_format("Hello World", {},  { wrapper_tag: nil })
-    # <>Hello World</>
-    ```
-
-    After:
-
-    ```ruby
-    simple_format("Hello World", {},  { wrapper_tag: nil })
-    # <p>Hello World</p>
-    ```
-
-    *Akhil G Krishnan*, *Junichi Ito*
-
-*   Don't double-encode nested `field_id` and `field_name` index values
-
-    Pass `index: @options` as a default keyword argument to `field_id` and
-    `field_name` view helper methods.
-
-    *Sean Doyle*
-
-*   Allow opting in/out of `Link preload` headers when calling `stylesheet_link_tag` or `javascript_include_tag`
-
-    ```ruby
-    # will exclude header, even if setting is enabled:
-    javascript_include_tag("http://example.com/all.js", preload_links_header: false)
-
-    # will include header, even if setting is disabled:
-    stylesheet_link_tag("http://example.com/all.js", preload_links_header: true)
-    ```
-
-    *Alex Ghiculescu*
-
-*   Stop generating `Link preload` headers once it has reached 1KB.
-
-    Some proxies have trouble handling large headers, but more importantly preload links
-    have diminishing returns so it's preferable not to go overboard with them.
-
-    If tighter control is needed, it's recommended to disable automatic generation of preloads
-    and to generate them manually from the controller or from a middleware.
-
-    *Jean Boussier*
-
-*   `simple_format` helper now handles a `:sanitize_options` - any extra options you want appending to the sanitize.
-
-    Before:
-    ```ruby
-      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>")
-      # => "<p><a href=\"http://example.com\">Continue</a></p>"
-    ```
-
-    After:
-    ```ruby
-      simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>", {}, { sanitize_options: { attributes: %w[target href] } })
-      # => "<p><a target=\"_blank\" href=\"http://example.com\">Continue</a></p>"
-    ```
-
-    *Andrei Andriichuk*
-
-*   Add support for HTML5 standards-compliant sanitizers, and default to `Rails::HTML5::Sanitizer`
-    in the Rails 7.1 configuration if it is supported.
-
-    Action View's HTML sanitizers can be configured by setting
-    `config.action_view.sanitizer_vendor`. Supported values are `Rails::HTML4::Sanitizer` or
-    `Rails::HTML5::Sanitizer`.
-
-    The Rails 7.1 configuration will set this to `Rails::HTML5::Sanitizer` when it is supported, and
-    fall back to `Rails::HTML4::Sanitizer`. Previous configurations default to
-    `Rails::HTML4::Sanitizer`.
-
-    *Mike Dalessio*
-
-*   `config.dom_testing_default_html_version` controls the HTML parser used by
-    `ActionView::TestCase#document_root_element`, which creates the DOM used by the assertions in
-    Rails::Dom::Testing.
-
-    The Rails 7.1 default configuration opts into the HTML5 parser when it is supported, to better
-    represent what the DOM would be in a browser user agent. Previously this test helper always used
-    Nokogiri's HTML4 parser.
-
-    *Mike Dalessio*
-
-*   Add support for the HTML picture tag. It supports passing a String, an Array or a Block.
-    Supports passing properties directly to the img tag via the `:image` key.
-    Since the picture tag requires an img tag, the last element you provide will be used for the img tag.
-    For complete control over the picture tag, a block can be passed, which will populate the contents of the tag accordingly.
-
-    Can be used like this for a single source:
-    ```erb
-    <%= picture_tag("picture.webp") %>
-    ```
-    which will generate the following:
-    ```html
-    <picture>
-        <img src="/images/picture.webp" />
-    </picture>
-    ```
-
-    For multiple sources:
-    ```erb
-    <%= picture_tag("picture.webp", "picture.png", :class => "mt-2", :image => { alt: "Image", class: "responsive-img" }) %>
-    ```
-    will generate:
-    ```html
-    <picture class="mt-2">
-        <source srcset="/images/picture.webp" />
-        <source srcset="/images/picture.png" />
-        <img alt="Image" class="responsive-img" src="/images/picture.png" />
-    </picture>
-    ```
-
-    Full control via a block:
-    ```erb
-    <%= picture_tag(:class => "my-class") do %>
-        <%= tag(:source, :srcset => image_path("picture.webp")) %>
-        <%= tag(:source, :srcset => image_path("picture.png")) %>
-        <%= image_tag("picture.png", :alt => "Image") %>
-    <% end %>
-    ```
-    will generate:
-    ```html
-    <picture class="my-class">
-        <source srcset="/images/picture.webp" />
-        <source srcset="/images/picture.png" />
-        <img alt="Image" src="/images/picture.png" />
-    </picture>
-    ```
-
-    *Juan Pablo Balarini*
-
-*   Remove deprecated support to passing instance variables as locals to partials.
+    The `tag` and `content_tag` method now checks that the provided tag name adheres to the HTML
+    specification. If an invalid HTML tag name is provided, the method raises an `ArgumentError`
+    with an appropriate error message.
 
-    *Rafael Mendonça França*
+    Examples:
 
-*   Remove deprecated constant `ActionView::Path`.
-
-    *Rafael Mendonça França*
-
-*   Guard `token_list` calls from escaping HTML too often
-
-    *Sean Doyle*
-
-*   `select` can now be called with a single hash containing options and some HTML options
-
-    Previously this would not work as expected:
-
-    ```erb
-    <%= select :post, :author, authors, required: true %>
-    ```
-
-    Instead you needed to do this:
-
-    ```erb
-    <%= select :post, :author, authors, {}, required: true %>
-    ```
-
-    Now, either form is accepted, for the following HTML attributes: `required`, `multiple`, `size`.
-
-    *Alex Ghiculescu*
-
-*   Datetime form helpers (`time_field`, `date_field`, `datetime_field`, `week_field`, `month_field`) now accept an instance of Time/Date/DateTime as `:value` option.
-
-    Before:
-    ```erb
-    <%= form.datetime_field :written_at, value: Time.current.strftime("%Y-%m-%dT%T") %>
-    ```
-
-    After:
-    ```erb
-    <%= form.datetime_field :written_at, value: Time.current %>
-    ```
-
-    *Andrey Samsonov*
-
-*   Choices of `select` can optionally contain html attributes as the last element
-    of the child arrays when using grouped/nested collections
-
-    ```erb
-    <%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %>
-    # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
-    ```
-
-    *Chris Gunther*
-
-*   `check_box_tag` and `radio_button_tag` now accept `checked` as a keyword argument
-
-    This is to make the API more consistent with the `FormHelper` variants. You can now
-    provide `checked` as a positional or keyword argument:
-
-    ```erb
-    = check_box_tag "admin", "1", false
-    = check_box_tag "admin", "1", checked: false
-
-    = radio_button_tag 'favorite_color', 'maroon', false
-    = radio_button_tag 'favorite_color', 'maroon', checked: false
-    ```
-
-    *Alex Ghiculescu*
-
-*   Allow passing a class to `dom_id`.
-    You no longer need to call `new` when passing a class to `dom_id`.
-    This makes `dom_id` behave like `dom_class` in this regard.
-    Apart from saving a few keystrokes, it prevents Ruby from needing
-    to instantiate a whole new object just to generate a string.
-
-    Before:
-    ```ruby
-    dom_id(Post) # => NoMethodError: undefined method `to_key' for Post:Class
-    ```
-
-    After:
-    ```ruby
-    dom_id(Post) # => "new_post"
-    ```
-
-    *Goulven Champenois*
-
-*   Report `:locals` as part of the data returned by ActionView render instrumentation.
-
-    Before:
-    ```ruby
-    {
-    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
-    layout: "layouts/application"
-    }
-    ```
-
-    After:
     ```ruby
-    {
-    identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
-    layout: "layouts/application",
-    locals: {foo: "bar"}
-    }
-    ```
+    # Raises ArgumentError: Invalid HTML5 tag name: 12p
+    content_tag("12p") # Starting with a number
 
-    *Aaron Gough*
+    # Raises ArgumentError: Invalid HTML5 tag name: ""
+    content_tag("") # Empty tag name
 
-*   Strip `break_sequence` at the end of `word_wrap`.
+    # Raises ArgumentError: Invalid HTML5 tag name: div/
+    tag("div/") # Contains a solidus
 
-    This fixes a bug where `word_wrap` didn't properly strip off break sequences that had printable characters.
-
-    For example, compare the outputs of this template:
-
-    ```erb
-    # <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>
-    ```
-
-    Before:
-
-    ```
-    # 11
-    # 22
-    #
-    # 33
-    # 44
-    #
+    # Raises ArgumentError: Invalid HTML5 tag name: "image file"
+    tag("image file") # Contains a space
     ```
 
-    After:
-
-    ```
-    # 11
-    # 22
-    # 33
-    # 44
-    ```
-
-    *Max Chernyak*
-
-*   Allow templates to set strict `locals`.
-
-    By default, templates will accept any `locals` as keyword arguments. To define what `locals` a template accepts, add a `locals` magic comment:
-
-    ```erb
-    <%# locals: (message:) -%>
-    <%= message %>
-    ```
-
-    Default values can also be provided:
-
-    ```erb
-    <%# locals: (message: "Hello, world!") -%>
-    <%= message %>
-    ```
-
-    Or `locals` can be disabled entirely:
-
-    ```erb
-    <%# locals: () %>
-    ```
-
-    *Joel Hawksley*
-
-*   Add `include_seconds` option for `datetime_local_field`
-
-    This allows to omit seconds part in the input field, by passing `include_seconds: false`
-
-    *Wojciech Wnętrzak*
-
-*   Guard against `ActionView::Helpers::FormTagHelper#field_name` calls with nil
-    `object_name` arguments. For example:
-
-    ```erb
-    <%= fields do |f| %>
-      <%= f.field_name :body %>
-    <% end %>
-    ```
-
-    *Sean Doyle*
-
-*   Strings returned from `strip_tags` are correctly tagged `html_safe?`
-
-    Because these strings contain no HTML elements and the basic entities are escaped, they are safe
-    to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
-    entities when being concatenated to a SafeBuffer during rendering.
-
-    Fixes [rails/rails-html-sanitizer#124](https://github.com/rails/rails-html-sanitizer/issues/124)
-
-    *Mike Dalessio*
-
-*   Move `convert_to_model` call from `form_for` into `form_with`
-
-    Now that `form_for` is implemented in terms of `form_with`, remove the
-    `convert_to_model` call from `form_for`.
-
-    *Sean Doyle*
-
-*   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
-
-    Escape dangerous characters in names of tags and names of attributes in the
-    tag helpers, following the XML specification. Rename the option
-    `:escape_attributes` to `:escape`, to simplify by applying the option to the
-    whole tag.
-
-    *Álvaro Martín Fraguas*
-
-*   Extend audio_tag and video_tag to accept Active Storage attachments.
-
-    Now it's possible to write
-
-    ```ruby
-    audio_tag(user.audio_file)
-    video_tag(user.video_file)
-    ```
-
-    Instead of
-
-    ```ruby
-    audio_tag(polymorphic_path(user.audio_file))
-    video_tag(polymorphic_path(user.video_file))
-    ```
-
-    `image_tag` already supported that, so this follows the same pattern.
-
-    *Matheus Richard*
-
-*   Ensure models passed to `form_for` attempt to call `to_model`.
-
-    *Sean Doyle*
+    *Akhil G Krishnan*
 
-Please check [7-0-stable](https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md) for previous changes.
+Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionview/CHANGELOG.md) for previous changes.

data/lib/action_view/base.rb

@@ -80,6 +80,23 @@ module ActionView # :nodoc:
   # This is useful in cases where you aren't sure if the local variable has been assigned. Alternatively, you could also use
   # <tt>defined? headline</tt> to first check if the variable has been assigned before using it.
   #
+  # By default, templates will accept any <tt>locals</tt> as keyword arguments. To restrict what <tt>locals</tt> a template accepts, add a <tt>locals:</tt> magic comment:
+  #
+  #   <%# locals: (headline:) %>
+  #
+  #   Headline: <%= headline %>
+  #
+  # In cases where the local variables are optional, declare the keyword argument with a default value:
+  #
+  #   <%# locals: (headline: nil) %>
+  #
+  #   <% unless headline.nil? %>
+  #   Headline: <%= headline %>
+  #   <% end %>
+  #
+  # Read more about strict locals in {Action View Overview}[https://guides.rubyonrails.org/action_view_overview.html#strict-locals]
+  # in the guides.
+  #
   # === Template caching
   #
   # By default, \Rails will compile each template to a method in order to render it. When you alter a template,
@@ -248,7 +265,7 @@ module ActionView # :nodoc:
 
       if has_strict_locals
         begin
-          public_send(method, buffer, **locals, &block)
+          public_send(method, locals, buffer, **locals, &block)
         rescue ArgumentError => argument_error
           raise(
             ArgumentError,
@@ -256,7 +273,8 @@ module ActionView # :nodoc:
               message.
                 gsub("unknown keyword:", "unknown local:").
                 gsub("missing keyword:", "missing local:").
-                gsub("no keywords accepted", "no locals accepted")
+                gsub("no keywords accepted", "no locals accepted").
+                concat(" for #{@current_template.short_identifier}")
           )
         end
       else

data/lib/action_view/cache_expiry.rb

@@ -10,16 +10,17 @@ module ActionView
         @watcher = nil
         @previous_change = false
 
-        rebuild_watcher
-
         ActionView::PathRegistry.file_system_resolver_hooks << method(:rebuild_watcher)
       end
 
       def updated?
+        build_watcher unless @watcher
         @previous_change || @watcher.updated?
       end
 
       def execute
+        return unless @watcher
+
         watcher = nil
         @mutex.synchronize do
           @previous_change = false
@@ -33,7 +34,7 @@ module ActionView
           ActionView::LookupContext::DetailsKey.clear
         end
 
-        def rebuild_watcher
+        def build_watcher
           @mutex.synchronize do
             old_watcher = @watcher
 
@@ -51,6 +52,11 @@ module ActionView
           end
         end
 
+        def rebuild_watcher
+          return unless @watcher
+          build_watcher
+        end
+
         def dirs_to_watch
           all_view_paths.uniq.sort
         end

data/lib/action_view/dependency_tracker/{ripper_tracker.rb → ruby_tracker.rb}

@@ -2,7 +2,7 @@
 
 module ActionView
   class DependencyTracker # :nodoc:
-    class RipperTracker # :nodoc:
+    class RubyTracker # :nodoc:
       EXPLICIT_DEPENDENCY = /# Template Dependency: (\S+)/
 
       def self.call(name, template, view_paths = nil)
@@ -17,8 +17,9 @@ module ActionView
         true
       end
 
-      def initialize(name, template, view_paths = nil)
+      def initialize(name, template, view_paths = nil, parser_class: RenderParser::Default)
         @name, @template, @view_paths = name, template, view_paths
+        @parser_class = parser_class
       end
 
       private
@@ -29,7 +30,7 @@ module ActionView
 
           compiled_source = template.handler.call(template, template.source)
 
-          RenderParser.new(@name, compiled_source).render_calls.filter_map do |render_call|
+          @parser_class.new(@name, compiled_source).render_calls.filter_map do |render_call|
             next if render_call.end_with?("/_")
             render_call.gsub(%r|/_|, "/")
           end