actionview 5.2.2.1 → 5.2.3.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1ddf7489cf1872707e15a168f18951255a69d8e8192c35f5815541c49625aaf
-  data.tar.gz: 46cad7c727247d6e343ef5f93e03102e79e67163acefe86a03bd80add0930b24
+  metadata.gz: 20b55c23000cc907e0aed85f5811bec79a4d7f818e37d070acdee9e070be6424
+  data.tar.gz: 70224fb23e260c9fd5187402ea18c6a5ea89cdb147413135be64e0e514985b13
 SHA512:
-  metadata.gz: 43280fe2541a02731231562229de63d98a4cb2fa96e53a6f84a62d7a4f730e765f57d1e7d3d290b49eb262cba91c0d05c46533e624b537d17a475610ea736811
-  data.tar.gz: c26308cd713ae918f94255617e0f4111ecd1ce7b9a9322caf7eb301144f4492e05c2adb2a31c12ce5568a7c6308bdff429ebf151e00e044147c8ee6a822c42be
+  metadata.gz: a1b2b7522e79efb0c107d5d7b79b11eea20b7c72567aa6ed39e24766b47f4efd681ac3dad0f056e43036e4e960faa7e007f158cad1c00a5bd355d18a6edb721f
+  data.tar.gz: 1c774076688b21de0faf5e4de096637c0e0b05af77432c84aa9ac7082a6d2152e2e2610dbe298b99b5a89704fa2a9ea9297e29304efcf80c9fbdaf2f80f657f5

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## Rails 5.2.3.rc1 (March 21, 2019) ##
+
+*   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
+    Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
+    For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
+
+    ```
+    <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
+    ```
+
+    Fixes #34541
+
+    *Wolfgang Hobmaier*
+
+
 ## Rails 5.2.2.1 (March 11, 2019) ##
 
 *   No changes.

data/lib/action_view/digestor.rb

@@ -70,13 +70,11 @@ module ActionView
       end
 
       private
-        def find_template(finder, *args)
+        def find_template(finder, name, prefixes, partial, keys)
           finder.disable_cache do
-            if format = finder.rendered_format
-              finder.find_all(*args, formats: [format]).first || finder.find_all(*args).first
-            else
-              finder.find_all(*args).first
-            end
+            format = finder.rendered_format
+            result = finder.find_all(name, prefixes, partial, keys, formats: [format]).first if format
+            result || finder.find_all(name, prefixes, partial, keys).first
           end
         end
     end

data/lib/action_view/gem_version.rb

@@ -9,8 +9,8 @@ module ActionView
   module VERSION
     MAJOR = 5
     MINOR = 2
-    TINY  = 2
-    PRE   = "1"
+    TINY  = 3
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/form_helper.rb

@@ -1971,7 +1971,7 @@ module ActionView
 
         convert_to_legacy_options(options)
 
-        fields_for(scope || model, model, **options, &block)
+        fields_for(scope || model, model, options, &block)
       end
 
       # Returns a label tag tailored for labelling an input field for a specified attribute (identified by +method+) on an object

data/lib/action_view/helpers/text_helper.rb

@@ -228,7 +228,7 @@ module ActionView
       #   pluralize(2, 'Person', locale: :de)
       #   # => 2 Personen
       def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale)
-        word = if (count == 1 || count =~ /^1(\.0+)?$/)
+        word = if (count == 1 || count.to_s =~ /^1(\.0+)?$/)
           singular
         else
           plural || singular.pluralize(locale)

data/lib/assets/compiled/rails-ujs.js

@@ -32,12 +32,17 @@ Released under the MIT license
 
   (function() {
     (function() {
-      var cspNonce;
+      var nonce;
 
-      cspNonce = Rails.cspNonce = function() {
-        var meta;
-        meta = document.querySelector('meta[name=csp-nonce]');
-        return meta && meta.content;
+      nonce = null;
+
+      Rails.loadCSPNonce = function() {
+        var ref;
+        return nonce = (ref = document.querySelector("meta[name=csp-nonce]")) != null ? ref.content : void 0;
+      };
+
+      Rails.cspNonce = function() {
+        return nonce != null ? nonce : Rails.loadCSPNonce();
       };
 
     }).call(this);
@@ -616,22 +621,24 @@ Released under the MIT license
         return setData(form, 'ujs:submit-button-formmethod', button.getAttribute('formmethod'));
       };
 
-      Rails.handleMetaClick = function(e) {
-        var data, link, metaClick, method;
+      Rails.preventInsignificantClick = function(e) {
+        var data, insignificantMetaClick, link, metaClick, method, primaryMouseKey;
         link = this;
         method = (link.getAttribute('data-method') || 'GET').toUpperCase();
         data = link.getAttribute('data-params');
         metaClick = e.metaKey || e.ctrlKey;
-        if (metaClick && method === 'GET' && !data) {
+        insignificantMetaClick = metaClick && method === 'GET' && !data;
+        primaryMouseKey = e.button === 0;
+        if (!primaryMouseKey || insignificantMetaClick) {
           return e.stopImmediatePropagation();
         }
       };
 
     }).call(this);
     (function() {
-      var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMetaClick, handleMethod, handleRemote, refreshCSRFTokens;
+      var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMethod, handleRemote, loadCSPNonce, preventInsignificantClick, refreshCSRFTokens;
 
-      fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMetaClick = Rails.handleMetaClick, handleMethod = Rails.handleMethod;
+      fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, loadCSPNonce = Rails.loadCSPNonce, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, preventInsignificantClick = Rails.preventInsignificantClick, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMethod = Rails.handleMethod;
 
       if ((typeof jQuery !== "undefined" && jQuery !== null) && (jQuery.ajax != null)) {
         if (jQuery.rails) {
@@ -665,12 +672,13 @@ Released under the MIT license
         delegate(document, Rails.linkDisableSelector, 'ajax:stopped', enableElement);
         delegate(document, Rails.buttonDisableSelector, 'ajax:complete', enableElement);
         delegate(document, Rails.buttonDisableSelector, 'ajax:stopped', enableElement);
+        delegate(document, Rails.linkClickSelector, 'click', preventInsignificantClick);
         delegate(document, Rails.linkClickSelector, 'click', handleDisabledElement);
         delegate(document, Rails.linkClickSelector, 'click', handleConfirm);
-        delegate(document, Rails.linkClickSelector, 'click', handleMetaClick);
         delegate(document, Rails.linkClickSelector, 'click', disableElement);
         delegate(document, Rails.linkClickSelector, 'click', handleRemote);
         delegate(document, Rails.linkClickSelector, 'click', handleMethod);
+        delegate(document, Rails.buttonClickSelector, 'click', preventInsignificantClick);
         delegate(document, Rails.buttonClickSelector, 'click', handleDisabledElement);
         delegate(document, Rails.buttonClickSelector, 'click', handleConfirm);
         delegate(document, Rails.buttonClickSelector, 'click', disableElement);
@@ -688,10 +696,12 @@ Released under the MIT license
         });
         delegate(document, Rails.formSubmitSelector, 'ajax:send', disableElement);
         delegate(document, Rails.formSubmitSelector, 'ajax:complete', enableElement);
+        delegate(document, Rails.formInputClickSelector, 'click', preventInsignificantClick);
         delegate(document, Rails.formInputClickSelector, 'click', handleDisabledElement);
         delegate(document, Rails.formInputClickSelector, 'click', handleConfirm);
         delegate(document, Rails.formInputClickSelector, 'click', formSubmitButtonClick);
         document.addEventListener('DOMContentLoaded', refreshCSRFTokens);
+        document.addEventListener('DOMContentLoaded', loadCSPNonce);
         return window._rails_loaded = true;
       };
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 5.2.2.1
+  version: 5.2.3.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-13 00:00:00.000000000 Z
+date: 2019-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2.1
+        version: 5.2.3.rc1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -230,8 +230,8 @@ homepage: http://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.2.1/actionview
-  changelog_uri: https://github.com/rails/rails/blob/v5.2.2.1/actionview/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v5.2.3.rc1/actionview
+  changelog_uri: https://github.com/rails/rails/blob/v5.2.3.rc1/actionview/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -243,9 +243,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.2.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
 rubygems_version: 3.0.1