RubyGems - actionview - Versions diffs - 7.1.5 → 7.2.0.beta1 - Mend

actionview 7.1.5 → 7.2.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +41 -451
data/lib/action_view/base.rb +19 -1
data/lib/action_view/cache_expiry.rb +9 -3
data/lib/action_view/dependency_tracker/{ripper_tracker.rb → ruby_tracker.rb} +4 -3
data/lib/action_view/dependency_tracker.rb +1 -1
data/lib/action_view/gem_version.rb +3 -3
data/lib/action_view/helpers/asset_tag_helper.rb +18 -6
data/lib/action_view/helpers/csrf_helper.rb +1 -1
data/lib/action_view/helpers/form_helper.rb +197 -192
data/lib/action_view/helpers/form_tag_helper.rb +76 -43
data/lib/action_view/helpers/output_safety_helper.rb +4 -4
data/lib/action_view/helpers/tag_helper.rb +208 -18
data/lib/action_view/helpers/url_helper.rb +6 -82
data/lib/action_view/layouts.rb +2 -4
data/lib/action_view/log_subscriber.rb +8 -4
data/lib/action_view/railtie.rb +0 -1
data/lib/action_view/render_parser/prism_render_parser.rb +127 -0
data/lib/action_view/{ripper_ast_parser.rb → render_parser/ripper_render_parser.rb} +152 -9
data/lib/action_view/render_parser.rb +21 -169
data/lib/action_view/renderer/abstract_renderer.rb +1 -1
data/lib/action_view/renderer/renderer.rb +32 -38
data/lib/action_view/rendering.rb +4 -4
data/lib/action_view/template/renderable.rb +7 -1
data/lib/action_view/template/resolver.rb +0 -2
data/lib/action_view/template.rb +18 -1
data/lib/action_view/test_case.rb +7 -9
data/lib/assets/compiled/rails-ujs.js +777 -0
metadata +20 -18

data/lib/action_view/helpers/asset_tag_helper.rb CHANGED Viewed

@@ -68,6 +68,8 @@ module ActionView
       #   attribute, which indicates to the browser that the script is meant to
       #   be executed after the document has been parsed. Additionally, prevents
       #   sending the Preload Links header.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the script. Defaults to +true+.
       #
       # Any other specified options will be treated as HTML attributes for the
       # +script+ tag.
@@ -166,6 +168,10 @@ module ActionView
       #   that path.
       # * <tt>:skip_pipeline</tt>  - This option is used to bypass the asset pipeline
       #   when it is set to true.
+      # * <tt>:nonce</tt>  - When set to true, adds an automatic nonce value if
+      #   you have Content Security Policy enabled.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the stylesheet. Defaults to +true+.
       #
       # ==== Examples
       #
@@ -190,6 +196,9 @@ module ActionView
       #   stylesheet_link_tag "random.styles", "/css/stylish"
       #   # => <link href="/assets/random.styles" rel="stylesheet" />
       #   #    <link href="/css/stylish.css" rel="stylesheet" />
+      #
+      #   stylesheet_link_tag "style", nonce: true
+      #   # => <link href="/assets/style.css" rel="stylesheet" nonce="..." />
       def stylesheet_link_tag(*sources)
         options = sources.extract_options!.stringify_keys
         path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
@@ -214,6 +223,9 @@ module ActionView
             "crossorigin" => crossorigin,
             "href" => href
           }.merge!(options)
+          if tag_options["nonce"] == true
+            tag_options["nonce"] = content_security_policy_nonce
+          end
           if apply_stylesheet_media_default && tag_options["media"].blank?
             tag_options["media"] = "screen"
@@ -351,13 +363,13 @@ module ActionView
         nopush = options.delete(:nopush) || false
         rel = mime_type == "module" ? "modulepreload" : "preload"
-        link_tag = tag.link(**{
+        link_tag = tag.link(
           rel: rel,
           href: href,
           as: as_type,
           type: mime_type,
-          crossorigin: crossorigin
-        }.merge!(options.symbolize_keys))
+          crossorigin: crossorigin,
+          **options.symbolize_keys)
         preload_link = "<#{href}>; rel=#{rel}; as=#{as_type}"
         preload_link += "; type=#{mime_type}" if mime_type
@@ -645,11 +657,11 @@ module ActionView
           return if response_present && response.sending?
           if respond_to?(:request) && request
-            request.send_early_hints("link" => preload_links.join(","))
+            request.send_early_hints("Link" => preload_links.join("\n"))
           end
           if response_present
-            header = +response.headers["link"].to_s
+            header = +response.headers["Link"].to_s
             preload_links.each do |link|
               break if header.bytesize + link.bytesize > max_header_size
@@ -660,7 +672,7 @@ module ActionView
               end
             end
-            response.headers["link"] = header
+            response.headers["Link"] = header
           end
         end
     end

data/lib/action_view/helpers/csrf_helper.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module ActionView
       # You don't need to use these tags for regular forms as they generate their own hidden fields.
       #
       # For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
-      # +X-CSRF-Token+ HTTP header. If you are using rails-ujs, this happens automatically.
+      # +X-CSRF-Token+ HTTP header.
       #
       def csrf_meta_tags
         if defined?(protect_against_forgery?) && protect_against_forgery?