chartkick 2.3.5 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d37a995b1d870a7e93be5d5eb338d163e1b42653304baab7bad889aff6f655fe
-  data.tar.gz: 9c5495a74d4e6c03b199a263556d9dcee91ee4e0c87fb7694851971068a817e2
+  metadata.gz: c0a077be384be822d5ee216171c64d1961de9171b979bd36028c65c4eff5d467
+  data.tar.gz: b6015bf55a19f58775c94043fcff1217c30618140012d5402ccebf47a9e5c824
 SHA512:
-  metadata.gz: e2e350cf8f342a7d55bfbc0a6581c92e25b4a59442719ef12aa32400ba9610b137360a10535a96afa049025a739235f28b00ade4299ad1cad5d2f9525ea1517d
-  data.tar.gz: 3de86761cb1f9e63d71589640827cc8391c668b398f9e49cdf4f4029351850181cc4e8197d8c6c341b6e7d79147ee01d96be6cf72b55ccca1f1395f4504d951e
+  metadata.gz: 0cade10faad8ea673f9201f63530c178a1b10ffacc67f8c9a9a8fd6f3d56e8911c1df67ad07fa304ca1202dc8509763e56ccdf596ba918ba1c3a1581eea36ff6
+  data.tar.gz: d59492c1e444735672121c686a1c355d92067813e8c80d79c2f93737174d3766d7d1d1a272a0c1afb7b7afd3ab7c9dd71695b8a9b278c7be8528f326a8c7ef87

data/CHANGELOG.md

@@ -1,3 +1,50 @@
+## 3.3.0
+
+- Updated Chartkick.js to 3.2.0
+- Rolled back Chart.js to 2.8.0 due to legend change
+
+## 3.2.2
+
+- Updated Chartkick.js to 3.1.3
+- Updated Chart.js to 2.9.1
+
+## 3.2.1
+
+- Updated Chartkick.js to 3.1.1
+
+## 3.2.0
+
+- Fixed XSS vulnerability - see [#488](https://github.com/ankane/chartkick/issues/488)
+
+## 3.1.0
+
+- Updated Chartkick.js to 3.1.0
+- Updated Chart.js to 2.8.0
+
+## 3.0.2
+
+- Fixed error with `nonce` option with Secure Headers and Rails < 5.2
+- Updated Chartkick.js to 3.0.2
+- Updated Chart.js to 2.7.3
+
+## 3.0.1
+
+- Updated Chartkick.js to 3.0.1
+
+## 3.0.0
+
+- Updated Chartkick.js to 3.0.0
+- Added `code` option
+- Added support for `nonce: true`
+
+Breaking changes
+
+- Removed support for Rails < 4.2
+- Removed chartkick.js from asset precompile (no longer needed)
+- Removed `xtype` option - numeric axes are automatically detected
+- Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
+- Removed support for the Google Charts jsapi loader - use loader.js instead
+
 ## 2.3.5
 
 - Updated Chartkick.js to 2.3.6

data/CONTRIBUTING.md

@@ -2,17 +2,15 @@
 
 First, thanks for wanting to contribute. You’re awesome! :heart:
 
-## Questions
+## Help
 
-Use [Stack Overflow](https://stackoverflow.com/) with the tag `chartkick`.
+We’re not able to provide support through GitHub Issues. If you’re looking for help with your code, try posting on [Stack Overflow](https://stackoverflow.com/).
 
-## Feature Requests
+All features should be documented. If you don’t see a feature in the docs, assume it doesn’t exist.
 
-Create an issue. Start the title with `[Idea]`.
+## Bugs
 
-## Issues
-
-Think you’ve discovered an issue?
+Think you’ve discovered a bug?
 
 1. Search existing issues to see if it’s been reported.
 2. Try the `master` branch to make sure it hasn’t been fixed.
@@ -27,10 +25,15 @@ If the above steps don’t help, create an issue. Include:
 - JavaScript rendered by Chartkick
 - Complete backtraces for exceptions
 
+## New Features
+
+If you’d like to discuss a new feature, create an issue and start the title with `[Idea]`.
+
 ## Pull Requests
 
 Fork the project and create a pull request. A few tips:
 
+- Submit JavaScript changes to the [Chartkick.js](https://github.com/ankane/chartkick.js) repo.
 - Keep changes to a minimum. If you have multiple features or fixes, submit multiple pull requests.
 - Follow the existing style. The code should read like it’s written by a single person.
 

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2013-2018 Andrew Kane
+Copyright (c) 2013-2019 Andrew Kane
 
 MIT License
 

data/README.md

@@ -2,12 +2,42 @@
 
 Create beautiful JavaScript charts with one line of Ruby. No more fighting with charting libraries!
 
-[See it in action](https://www.chartkick.com)
+[See it in action](https://chartkick.com)
 
 :fire: For admin charts and dashboards, check out [Blazer](https://github.com/ankane/blazer/)
 
 :two_hearts: A perfect companion to [Groupdate](https://github.com/ankane/groupdate), [Hightop](https://github.com/ankane/hightop), and [ActiveMedian](https://github.com/ankane/active_median)
 
+## Quick Start
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "chartkick"
+```
+
+For Rails 6 / Webpacker, run:
+
+```sh
+yarn add chartkick chart.js
+```
+
+And in `app/javascript/packs/application.js`, add:
+
+```js
+require("chartkick")
+require("chart.js")
+```
+
+For Rails 5 / Sprockets, in `app/assets/javascripts/application.js`, add:
+
+```js
+//= require chartkick
+//= require Chart.bundle
+```
+
+This sets up Chartkick with Chart.js. For other charting libraries, see [detailed instructions](#installation).
+
 ## Charts
 
 Line chart
@@ -116,6 +146,12 @@ Min and max values
 
 `min` defaults to 0 for charts with non-negative values. Use `nil` to let the charting library decide.
 
+Min and max for x-axis - *Chart.js*
+
+```erb
+<%= line_chart data, xmin: "2018-01-01", xmax: "2019-01-01" %>
+```
+
 Colors
 
 ```erb
@@ -206,6 +242,30 @@ Set a decimal separator - *Chart.js, Highcharts*
 <%= line_chart data, decimal: "," %>
 ```
 
+Set significant digits - *Chart.js, Highcharts*
+
+```erb
+<%= line_chart data, precision: 3 %>
+```
+
+Set rounding - *Chart.js, Highcharts*
+
+```erb
+<%= line_chart data, round: 2 %>
+```
+
+Show insignificant zeros, useful for currency - *Chart.js, Highcharts*
+
+```erb
+<%= line_chart data, round: 2, zeros: true %>
+```
+
+Friendly file sizes - *Chart.js 2.8+*
+
+```erb
+<%= line_chart data, bytes: true %>
+```
+
 Show a message when data is empty
 
 ```erb
@@ -257,18 +317,19 @@ You capture the JavaScript in a content block with:
 Chartkick.options[:content_for] = :charts_js
 ```
 
-Then, in your layout:
+Then, in your layout, use:
 
 ```erb
-<%= yield :charts_js %> <!-- Rails -->
-<%= yield_content :charts_js %> <!-- Padrino -->
+<%= yield :charts_js %>
 ```
 
+> For Padrino, use `yield_content` instead of `yield`
+
 This is great for including all of your JavaScript at the bottom of the page.
 
 ### Data
 
-Pass data as a Hash or Array
+Pass data as a hash or array
 
 ```erb
 <%= pie_chart({"Football" => 10, "Basketball" => 5}) %>
@@ -284,12 +345,35 @@ For multiple series, use the format
 ] %>
 ```
 
-Times can be a time, a timestamp, or a string (strings are parsed)
+Times can be a time or a string (strings are parsed)
+
+```erb
+<%= line_chart({20.day.ago => 5, "2013-05-07 00:00:00 UTC" => 7}) %>
+```
+
+### Multiple Series
+
+You can pass a few options with a series:
+
+- `name`
+- `data`
+- `color`
+- `dataset` - *Chart.js only*
+- `points` - *Chart.js only*
+- `curve` - *Chart.js only*
+
+### Code
+
+If you want to use the charting library directly, get the code with:
 
 ```erb
-<%= line_chart({20.day.ago => 5, 1368174456 => 4, "2013-05-07 00:00:00 UTC" => 7}) %>
+<%= line_chart data, code: true %>
 ```
 
+The code will be logged to the JavaScript console.
+
+> JavaScript functions cannot be logged, so it may not be identical.
+
 ### Download Charts
 
 *Chart.js only*
@@ -300,13 +384,25 @@ Give users the ability to download charts. It all happens in the browser - no se
 <%= line_chart data, download: true %>
 ```
 
+> Safari will open the image in a new window instead of downloading.
+
 Set the filename
 
 ```erb
-<%= line_chart data, download: "boom" %>
+<%= line_chart data, download: {filename: "boom"} %>
 ```
 
-**Note:** Safari will open the image in a new window instead of downloading.
+Set the background color
+
+```erb
+<%= line_chart data, download: {background: "#ffffff"} %>
+```
+
+Set title
+
+```erb
+<%= line_chart data, title: "Awesome chart" %>
+```
 
 ## Installation
 
@@ -318,92 +414,97 @@ gem "chartkick"
 
 Next, choose your charting library.
 
-### Charting Libraries
+- [Chart.js](#chart-js)
+- [Google Charts](#google-charts)
+- [Highcharts](#highcharts)
 
-**Note:** In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
+> In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
 
-#### Chart.js
+### Chart.js
 
-In `application.js`, add:
+For Rails 6 / Webpacker, run:
 
-```js
-//= require Chart.bundle
-//= require chartkick
+```sh
+yarn add chartkick chart.js
 ```
 
-#### Google Charts
+And in `app/javascript/packs/application.js`, add:
+
+```js
+require("chartkick")
+require("chart.js")
+```
 
-In `application.js`, add:
+For Rails 5 / Sprockets, in `app/assets/javascripts/application.js`, add:
 
 ```js
 //= require chartkick
+//= require Chart.bundle
 ```
 
-In your views, before `application.js`, add:
+### Google Charts
+
+In your layout or views, add:
 
 ```erb
 <%= javascript_include_tag "https://www.gstatic.com/charts/loader.js" %>
 ```
 
-#### Highcharts
+For Rails 6 / Webpacker, run:
 
-Download [highcharts.js](https://code.highcharts.com/highcharts.js) into `vendor/assets/javascripts` (or use `yarn add highcharts` in Rails 5.1+).
+```sh
+yarn add chartkick
+```
 
-In `application.js`, add:
+And in `app/javascript/packs/application.js`, add:
 
 ```js
-//= require highcharts
-//= require chartkick
+require("chartkick")
 ```
 
-Works with Highcharts 2.1+
+For Rails 5 / Sprockets, in `app/assets/javascripts/application.js`, add:
 
-### Webpacker
+```js
+//= require chartkick
+```
 
-For Webpacker, use Yarn to install the JavaScript libraries:
+To specify a language or Google Maps API key, use:
 
-```sh
-yarn add chartkick chart.js # or highcharts
+```js
+Chartkick.configure({language: "de", mapsApiKey: "..."})
 ```
 
-Then include them in your pack.
+before your charts.
 
-```es6
-import Chartkick from "chartkick";
-window.Chartkick = Chartkick;
+### Highcharts
 
-// for Chart.js
-import Chart from "chart.js";
-Chartkick.addAdapter(Chart);
+For Rails 6 / Webpacker, run:
 
-// for Highcharts
-import Highcharts from "highcharts";
-Chartkick.addAdapter(Highcharts);
-
-// for Google Charts
-// just include https://www.gstatic.com/charts/loader.js in your views
+```sh
+yarn add chartkick highcharts
 ```
 
-You pack must be included **before** the charts in your views, unless using the `:content_for` option.
+And in `app/javascript/packs/application.js`, add:
 
-### Sinatra and Padrino
+```js
+require("chartkick").use(require("highcharts"))
+```
 
-You must include `chartkick.js` manually. [Download it here](https://raw.githubusercontent.com/ankane/chartkick/master/vendor/assets/javascripts/chartkick.js)
+For Rails 5 / Sprockets, download [highcharts.js](https://code.highcharts.com/highcharts.js) into `vendor/assets/javascripts` (or use `yarn add highcharts` in Rails 5.1+), and in `app/assets/javascripts/application.js`, add:
 
-```html
-<script src="chartkick.js"></script>
+```js
+//= require chartkick
+//= require highcharts
 ```
 
-### Localization
+### Sinatra and Padrino
 
-To specify a language for Google Charts, add:
+Download [chartkick.js](https://raw.githubusercontent.com/ankane/chartkick/master/vendor/assets/javascripts/chartkick.js) and include it manually.
 
-```javascript
-Chartkick.configure({language: "de"});
+```html
+<script src="chartkick.js"></script>
 ```
 
-after the JavaScript files and before your charts.
-
 ### Multiple Libraries
 
 If more than one charting library is loaded, choose between them with:
@@ -469,6 +570,10 @@ Chartkick.eachChart( function(chart) {
 })
 ```
 
+## Content Security Policy (CSP)
+
+Check out [how to configure CSP](https://github.com/ankane/chartkick/blob/master/guides/Content-Security-Policy.md)
+
 ## No Ruby? No Problem
 
 Check out [chartkick.js](https://github.com/ankane/chartkick.js)
@@ -476,11 +581,22 @@ Check out [chartkick.js](https://github.com/ankane/chartkick.js)
 ## Tutorials
 
 - [Charts with Chartkick and Groupdate](https://gorails.com/episodes/charts-with-chartkick-and-groupdate)
+- [Creando gráficos en Ruby on Rails con Chartkick y Chart.js](https://www.youtube.com/watch?v=W92AlkwQn3M)
 - [Make Easy Graphs and Charts on Rails with Chartkick](https://www.sitepoint.com/make-easy-graphs-and-charts-on-rails-with-chartkick/)
 - [Practical Graphs on Rails: Chartkick in Practice](https://www.sitepoint.com/graphs-on-rails-chartkick-in-practice/)
 
 ## Upgrading
 
+### 3.0
+
+Breaking changes
+
+- Removed support for Rails < 4.2
+- Removed chartkick.js from asset precompile (no longer needed)
+- Removed `xtype` option - numeric axes are automatically detected
+- Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
+- Removed support for the Google Charts jsapi loader - use loader.js instead
+
 ### 2.0
 
 Breaking changes

data/lib/chartkick/engine.rb

@@ -1,20 +1,5 @@
 module Chartkick
   class Engine < ::Rails::Engine
-    initializer "precompile", group: :all do |app|
-      if app.config.respond_to?(:assets)
-        if defined?(Sprockets) && Gem::Version.new(Sprockets::VERSION) >= Gem::Version.new("4.0.0.beta1")
-          app.config.assets.precompile << "chartkick.js"
-        else
-          # use a proc instead of a string
-          app.config.assets.precompile << proc { |path| path == "chartkick.js" }
-        end
-      end
-    end
-
-    initializer "helper" do
-      ActiveSupport.on_load(:action_view) do
-        include Helper
-      end
-    end
+    # for assets
   end
 end

data/lib/chartkick/helper.rb

@@ -3,41 +3,41 @@ require "erb"
 
 module Chartkick
   module Helper
-    def line_chart(data_source, options = {})
+    def line_chart(data_source, **options)
       chartkick_chart "LineChart", data_source, options
     end
 
-    def pie_chart(data_source, options = {})
+    def pie_chart(data_source, **options)
       chartkick_chart "PieChart", data_source, options
     end
 
-    def column_chart(data_source, options = {})
+    def column_chart(data_source, **options)
       chartkick_chart "ColumnChart", data_source, options
     end
 
-    def bar_chart(data_source, options = {})
+    def bar_chart(data_source, **options)
       chartkick_chart "BarChart", data_source, options
     end
 
-    def area_chart(data_source, options = {})
+    def area_chart(data_source, **options)
       chartkick_chart "AreaChart", data_source, options
     end
 
-    def scatter_chart(data_source, options = {})
+    def scatter_chart(data_source, **options)
       chartkick_chart "ScatterChart", data_source, options
     end
 
-    def geo_chart(data_source, options = {})
+    def geo_chart(data_source, **options)
       chartkick_chart "GeoChart", data_source, options
     end
 
-    def timeline(data_source, options = {})
+    def timeline(data_source, **options)
       chartkick_chart "Timeline", data_source, options
     end
 
     private
 
-    def chartkick_chart(klass, data_source, options)
+    def chartkick_chart(klass, data_source, **options)
       @chartkick_chart_id ||= 0
       options = chartkick_deep_merge(Chartkick.options, options)
       element_id = options.delete(:id) || "chart-#{@chartkick_chart_id += 1}"
@@ -46,13 +46,47 @@ module Chartkick
       defer = !!options.delete(:defer)
       # content_for: nil must override default
       content_for = options.key?(:content_for) ? options.delete(:content_for) : Chartkick.content_for
-      nonce = options.key?(:nonce) ? " nonce=\"#{ERB::Util.html_escape(options.delete(:nonce))}\"" : nil
-      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % {id: ERB::Util.html_escape(element_id), height: ERB::Util.html_escape(height), width: ERB::Util.html_escape(width)}
 
-      createjs = "new Chartkick.#{klass}(#{element_id.to_json}, #{data_source.respond_to?(:chart_json) ? data_source.chart_json : data_source.to_json}, #{options.to_json});"
+      nonce = options.delete(:nonce)
+      if nonce == true
+        # Secure Headers also defines content_security_policy_nonce but it takes an argument
+        # Rails 5.2 overrides this method, but earlier versions do not
+        if respond_to?(:content_security_policy_nonce) && (content_security_policy_nonce rescue nil)
+          # Rails 5.2
+          nonce = content_security_policy_nonce
+        elsif respond_to?(:content_security_policy_script_nonce)
+          # Secure Headers
+          nonce = content_security_policy_script_nonce
+        end
+      end
+      nonce_html = nonce ? " nonce=\"#{ERB::Util.html_escape(nonce)}\"" : nil
+
+      # html vars
+      html_vars = {
+        id: element_id,
+        height: height,
+        width: width
+      }
+      html_vars.each_key do |k|
+        html_vars[k] = ERB::Util.html_escape(html_vars[k])
+      end
+      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % html_vars
+
+      # js vars
+      js_vars = {
+        type: klass.to_json,
+        id: element_id.to_json,
+        data: data_source.respond_to?(:chart_json) ? data_source.chart_json : data_source.to_json,
+        options: options.to_json
+      }
+      js_vars.each_key do |k|
+        js_vars[k] = chartkick_json_escape(js_vars[k])
+      end
+      createjs = "new Chartkick[%{type}](%{id}, %{data}, %{options});" % js_vars
+
       if defer
         js = <<JS
-<script type="text/javascript"#{nonce}>
+<script type="text/javascript"#{nonce_html}>
   (function() {
     var createChart = function() { #{createjs} };
     if (window.addEventListener) {
@@ -67,7 +101,7 @@ module Chartkick
 JS
       else
         js = <<JS
-<script type="text/javascript"#{nonce}>
+<script type="text/javascript"#{nonce_html}>
   #{createjs}
 </script>
 JS
@@ -91,5 +125,16 @@ JS
       end
       hash_a
     end
+
+    # from https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/string/output_safety.rb
+    JSON_ESCAPE = { "&" => '\u0026', ">" => '\u003e', "<" => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
+    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
+    def chartkick_json_escape(s)
+      if ERB::Util.respond_to?(:json_escape)
+        ERB::Util.json_escape(s)
+      else
+        s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
+      end
+    end
   end
 end

data/lib/chartkick/version.rb

@@ -1,3 +1,3 @@
 module Chartkick
-  VERSION = "2.3.5"
+  VERSION = "3.3.0"
 end

data/lib/chartkick.rb

@@ -1,8 +1,16 @@
-require "chartkick/version"
 require "chartkick/helper"
-require "chartkick/rails" if defined?(Rails)
+require "chartkick/version"
+
+# integrations
+require "chartkick/engine" if defined?(Rails)
 require "chartkick/sinatra" if defined?(Sinatra)
 
+if defined?(ActiveSupport.on_load)
+  ActiveSupport.on_load(:action_view) do
+    include Chartkick::Helper
+  end
+end
+
 module Chartkick
   class << self
     attr_accessor :content_for
@@ -15,9 +23,21 @@ end
 # use Enumerable so it can be called on arrays
 module Enumerable
   def chart_json
-    if is_a?(Hash) && (key = keys.first) && key.is_a?(Array) && key.size == 2
-      group_by { |k, _v| k[0] }.map do |name, data|
-        {name: name, data: data.map { |k, v| [k[1], v] }}
+    if is_a?(Hash)
+      if (key = keys.first) && key.is_a?(Array) && key.size == 2
+        group_by { |k, _v| k[0] }.map do |name, data|
+          {name: name, data: data.map { |k, v| [k[1], v] }}
+        end
+      else
+        to_a
+      end
+    elsif is_a?(Array)
+      map do |v|
+        if v.is_a?(Hash) && v[:data].is_a?(Hash)
+          v = v.dup
+          v[:data] = v[:data].to_a
+        end
+        v
       end
     else
       self