actionview 7.1.6 → 7.2.3

data/lib/action_view/base.rb

@@ -80,6 +80,23 @@ module ActionView # :nodoc:
   # This is useful in cases where you aren't sure if the local variable has been assigned. Alternatively, you could also use
   # <tt>defined? headline</tt> to first check if the variable has been assigned before using it.
   #
+  # By default, templates will accept any <tt>locals</tt> as keyword arguments. To restrict what <tt>locals</tt> a template accepts, add a <tt>locals:</tt> magic comment:
+  #
+  #   <%# locals: (headline:) %>
+  #
+  #   Headline: <%= headline %>
+  #
+  # In cases where the local variables are optional, declare the keyword argument with a default value:
+  #
+  #   <%# locals: (headline: nil) %>
+  #
+  #   <% unless headline.nil? %>
+  #   Headline: <%= headline %>
+  #   <% end %>
+  #
+  # Read more about strict locals in {Action View Overview}[https://guides.rubyonrails.org/action_view_overview.html#strict-locals]
+  # in the guides.
+  #
   # === Template caching
   #
   # By default, \Rails will compile each template to a method in order to render it. When you alter a template,
@@ -248,16 +265,14 @@ module ActionView # :nodoc:
 
       if has_strict_locals
         begin
-          public_send(method, buffer, **locals, &block)
+          public_send(method, locals, buffer, **locals, &block)
         rescue ArgumentError => argument_error
-          raise(
-            ArgumentError,
-            argument_error.
-              message.
-                gsub("unknown keyword:", "unknown local:").
-                gsub("missing keyword:", "missing local:").
-                gsub("no keywords accepted", "no locals accepted")
-          )
+          public_send_line = __LINE__ - 2
+          frame = argument_error.backtrace_locations[1]
+          if frame.path == __FILE__ && frame.lineno == public_send_line
+            raise StrictLocalsError.new(argument_error, @current_template)
+          end
+          raise
         end
       else
         public_send(method, locals, buffer, &block)

data/lib/action_view/cache_expiry.rb

@@ -10,16 +10,17 @@ module ActionView
         @watcher = nil
         @previous_change = false
 
-        rebuild_watcher
-
         ActionView::PathRegistry.file_system_resolver_hooks << method(:rebuild_watcher)
       end
 
       def updated?
+        build_watcher unless @watcher
         @previous_change || @watcher.updated?
       end
 
       def execute
+        return unless @watcher
+
         watcher = nil
         @mutex.synchronize do
           @previous_change = false
@@ -33,7 +34,7 @@ module ActionView
           ActionView::LookupContext::DetailsKey.clear
         end
 
-        def rebuild_watcher
+        def build_watcher
           @mutex.synchronize do
             old_watcher = @watcher
 
@@ -51,6 +52,11 @@ module ActionView
           end
         end
 
+        def rebuild_watcher
+          return unless @watcher
+          build_watcher
+        end
+
         def dirs_to_watch
           all_view_paths.uniq.sort
         end

data/lib/action_view/dependency_tracker/{ripper_tracker.rb → ruby_tracker.rb}

@@ -2,7 +2,7 @@
 
 module ActionView
   class DependencyTracker # :nodoc:
-    class RipperTracker # :nodoc:
+    class RubyTracker # :nodoc:
       EXPLICIT_DEPENDENCY = /# Template Dependency: (\S+)/
 
       def self.call(name, template, view_paths = nil)
@@ -17,8 +17,9 @@ module ActionView
         true
       end
 
-      def initialize(name, template, view_paths = nil)
+      def initialize(name, template, view_paths = nil, parser_class: RenderParser::Default)
         @name, @template, @view_paths = name, template, view_paths
+        @parser_class = parser_class
       end
 
       private
@@ -29,7 +30,7 @@ module ActionView
 
           compiled_source = template.handler.call(template, template.source)
 
-          RenderParser.new(@name, compiled_source).render_calls.filter_map do |render_call|
+          @parser_class.new(@name, compiled_source).render_calls.filter_map do |render_call|
             next if render_call.end_with?("/_")
             render_call.gsub(%r|/_|, "/")
           end

data/lib/action_view/dependency_tracker.rb

@@ -9,7 +9,7 @@ module ActionView
     extend ActiveSupport::Autoload
 
     autoload :ERBTracker
-    autoload :RipperTracker
+    autoload :RubyTracker
 
     @trackers = Concurrent::Map.new
 

data/lib/action_view/digestor.rb

@@ -107,8 +107,12 @@ module ActionView
         end.join("-")
       end
 
-      def to_dep_map
-        children.any? ? { name => children.map(&:to_dep_map) } : name
+      def to_dep_map(seen = Set.new.compare_by_identity)
+        if seen.add?(self)
+          children.any? ? { name => children.map { |c| c.to_dep_map(seen) } } : name
+        else # the tree has a cycle
+          name
+        end
       end
     end
 

data/lib/action_view/gem_version.rb

@@ -8,8 +8,8 @@ module ActionView
 
   module VERSION
     MAJOR = 7
-    MINOR = 1
-    TINY  = 6
+    MINOR = 2
+    TINY  = 3
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -68,6 +68,8 @@ module ActionView
       #   attribute, which indicates to the browser that the script is meant to
       #   be executed after the document has been parsed. Additionally, prevents
       #   sending the Preload Links header.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the script. Defaults to +true+.
       #
       # Any other specified options will be treated as HTML attributes for the
       # +script+ tag.
@@ -113,11 +115,11 @@ module ActionView
         path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
         preload_links = []
         use_preload_links_header = options["preload_links_header"].nil? ? preload_links_header : options.delete("preload_links_header")
-        nopush = options["nopush"].nil? ? true : options.delete("nopush")
+        nopush = options["nopush"].nil? || options.delete("nopush")
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
         integrity = options["integrity"]
-        rel = options["type"] == "module" ? "modulepreload" : "preload"
+        rel = options["type"] == "module" || options["type"] == :module ? "modulepreload" : "preload"
 
         sources_tags = sources.uniq.map { |source|
           href = path_to_javascript(source, path_options)
@@ -166,6 +168,10 @@ module ActionView
       #   that path.
       # * <tt>:skip_pipeline</tt>  - This option is used to bypass the asset pipeline
       #   when it is set to true.
+      # * <tt>:nonce</tt>  - When set to true, adds an automatic nonce value if
+      #   you have Content Security Policy enabled.
+      # * <tt>:nopush</tt>  - Specify if the use of server push is not desired
+      #   for the stylesheet. Defaults to +true+.
       #
       # ==== Examples
       #
@@ -190,6 +196,9 @@ module ActionView
       #   stylesheet_link_tag "random.styles", "/css/stylish"
       #   # => <link href="/assets/random.styles" rel="stylesheet" />
       #   #    <link href="/css/stylish.css" rel="stylesheet" />
+      #
+      #   stylesheet_link_tag "style", nonce: true
+      #   # => <link href="/assets/style.css" rel="stylesheet" nonce="..." />
       def stylesheet_link_tag(*sources)
         options = sources.extract_options!.stringify_keys
         path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys
@@ -197,7 +206,7 @@ module ActionView
         preload_links = []
         crossorigin = options.delete("crossorigin")
         crossorigin = "anonymous" if crossorigin == true
-        nopush = options["nopush"].nil? ? true : options.delete("nopush")
+        nopush = options["nopush"].nil? || options.delete("nopush")
         integrity = options["integrity"]
 
         sources_tags = sources.uniq.map { |source|
@@ -214,6 +223,9 @@ module ActionView
             "crossorigin" => crossorigin,
             "href" => href
           }.merge!(options)
+          if tag_options["nonce"] == true
+            tag_options["nonce"] = content_security_policy_nonce
+          end
 
           if apply_stylesheet_media_default && tag_options["media"].blank?
             tag_options["media"] = "screen"
@@ -349,15 +361,15 @@ module ActionView
         crossorigin = "anonymous" if crossorigin == true || (crossorigin.blank? && as_type == "font")
         integrity = options[:integrity]
         nopush = options.delete(:nopush) || false
-        rel = mime_type == "module" ? "modulepreload" : "preload"
+        rel = mime_type == "module" || mime_type == :module ? "modulepreload" : "preload"
 
-        link_tag = tag.link(**{
+        link_tag = tag.link(
           rel: rel,
           href: href,
           as: as_type,
           type: mime_type,
-          crossorigin: crossorigin
-        }.merge!(options.symbolize_keys))
+          crossorigin: crossorigin,
+          **options.symbolize_keys)
 
         preload_link = "<#{href}>; rel=#{rel}; as=#{as_type}"
         preload_link += "; type=#{mime_type}" if mime_type

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -172,7 +172,7 @@ module ActionView
 
         # Creates an entry tag for a specific record and prefills the id using class and id.
         #
-        # Options:
+        # ==== Options
         #
         # * <tt>:published</tt>: Time first published. Defaults to the created_at attribute on the record if one such exists.
         # * <tt>:updated</tt>: Time of update. Defaults to the updated_at attribute on the record if one such exists.

data/lib/action_view/helpers/cache_helper.rb

@@ -189,7 +189,7 @@ module ActionView
         CachingRegistry.caching?
       end
 
-      # Raises +UncacheableFragmentError+ when called from within a +cache+ block.
+      # Raises UncacheableFragmentError when called from within a +cache+ block.
       #
       # Useful to denote helper methods that can't participate in fragment caching:
       #
@@ -198,7 +198,7 @@ module ActionView
       #     "#{project.name} - #{Time.now}"
       #   end
       #
-      #   # Which will then raise if used within a +cache+ block:
+      #   # Which will then raise if used within a `cache` block:
       #   <% cache project do %>
       #     <%= project_name_with_time(project) %>
       #   <% end %>

data/lib/action_view/helpers/csrf_helper.rb

@@ -17,7 +17,7 @@ module ActionView
       # You don't need to use these tags for regular forms as they generate their own hidden fields.
       #
       # For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
-      # +X-CSRF-Token+ HTTP header. If you are using rails-ujs, this happens automatically.
+      # +X-CSRF-Token+ HTTP header.
       #
       def csrf_meta_tags
         if defined?(protect_against_forgery?) && protect_against_forgery?