RubyGems - chartkick - Versions diffs - 3.2.0 → 3.4.0 - Mend

chartkick 3.2.0 → 3.4.0

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +74 -47
data/README.md +45 -16
data/lib/chartkick/helper.rb +31 -16
data/lib/chartkick/version.rb +1 -1
data/vendor/assets/javascripts/Chart.bundle.js +4432 -2965
data/vendor/assets/javascripts/chartkick.js +202 -30
metadata +3 -4
data/CONTRIBUTING.md +0 -46

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b6eb4f5b6f498a122e58ca1dd4cf7e3e1f5d610e19faa5a702291e422549026
-  data.tar.gz: ec143cc0f819cdd1ccd955f43425d992daa87052aeede53f563beda9bace04a5
+  metadata.gz: 5afacd4c10d0cfddc6a2a660efead206ee042e80d48dd749f9de79feb365c1fd
+  data.tar.gz: c7fc99b0b2b467a6326df99f5832de2b3674f5f80415749cf57177142eecfc45
 SHA512:
-  metadata.gz: 1a494948bc4eeb5c1567e82777601982d7f3f90bfeb5c8b8b29335620cc0eaac7659a8b91e72fe9672d29a3b580b2c512fd0524c553be2de9fb57b4dcfa27b7a
-  data.tar.gz: 9f2e116c8c529e744e078b368ece8aebd7235dec00aa297a0745f309a494e57a2e29b2243dd5873d159a4346be0ee331f1df474f2a4166133a8a9e6159a0e9d7
+  metadata.gz: 75b1793b427c5d9d4604b813773253adb864b6134fad48f952c72377f75da40c8daa19eaf06fd7ce0b2da31a1ba436cfe54bde318ac849ec2080652582ac7076
+  data.tar.gz: 8f47e12f6e9c746871d02f0d5bd3093da1017c5a222837696b5b0d7b7e4008c400c8556e4f85ec7b0ccd79c15a9cb510a91a7d9ecf896d1a106b7c82e68ddc36

data/CHANGELOG.md CHANGED Viewed

@@ -1,23 +1,50 @@
-## 3.2.0
+## 3.4.0 (2020-08-04)
+- Fixed CSS injection with `width` and `height` options
+## 3.3.2 (2020-07-23)
+- Updated Chartkick.js to 3.2.1
+## 3.3.1 (2019-12-26)
+- Updated Chart.js to 2.9.3
+- Fixed deprecating warnings in Ruby 2.7
+## 3.3.0 (2019-11-09)
+- Updated Chartkick.js to 3.2.0
+- Rolled back Chart.js to 2.8.0 due to legend change
+## 3.2.2 (2019-10-27)
+- Updated Chartkick.js to 3.1.3
+- Updated Chart.js to 2.9.1
+## 3.2.1 (2019-07-15)
+- Updated Chartkick.js to 3.1.1
+## 3.2.0 (2019-06-04)
 - Fixed XSS vulnerability - see [#488](https://github.com/ankane/chartkick/issues/488)
-## 3.1.0
+## 3.1.0 (2019-05-26)
 - Updated Chartkick.js to 3.1.0
 - Updated Chart.js to 2.8.0
-## 3.0.2
+## 3.0.2 (2019-01-03)
 - Fixed error with `nonce` option with Secure Headers and Rails < 5.2
 - Updated Chartkick.js to 3.0.2
 - Updated Chart.js to 2.7.3
-## 3.0.1
+## 3.0.1 (2018-08-13)
 - Updated Chartkick.js to 3.0.1
-## 3.0.0
+## 3.0.0 (2018-08-08)
 - Updated Chartkick.js to 3.0.0
 - Added `code` option
@@ -31,55 +58,55 @@ Breaking changes
 - Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
 - Removed support for the Google Charts jsapi loader - use loader.js instead
-## 2.3.5
+## 2.3.5 (2018-06-15)
 - Updated Chartkick.js to 2.3.6
-## 2.3.4
+## 2.3.4 (2018-04-10)
 - Updated Chartkick.js to 2.3.5
 - Updated Chart.js to 2.7.2
-## 2.3.3
+## 2.3.3 (2018-03-25)
 - Updated Chartkick.js to 2.3.4
-## 2.3.2
+## 2.3.2 (2018-02-26)
 - Updated Chartkick.js to 2.3.3
-## 2.3.1
+## 2.3.1 (2018-02-23)
 - Updated Chartkick.js to 2.3.1
-## 2.3.0
+## 2.3.0 (2018-02-21)
 - Fixed deep merge error for non-Rails apps
 - Updated Chartkick.js to 2.3.0
-## 2.2.5
+## 2.2.5 (2017-10-28)
 - Updated Chart.js to 2.7.1
-## 2.2.4
+## 2.2.4 (2017-05-14)
 - Added compatibility with Rails API
 - Updated Chartkick.js to 2.2.4
-## 2.2.3
+## 2.2.3 (2017-02-22)
 - Updated Chartkick.js to 2.2.3
 - Updated Chart.js to 2.5.0
-## 2.2.2
+## 2.2.2 (2017-01-07)
 - Updated Chartkick.js to 2.2.2
-## 2.2.1
+## 2.2.1 (2016-12-05)
 - Updated Chartkick.js to 2.2.1
-## 2.2.0
+## 2.2.0 (2016-12-03)
 - Updated Chartkick.js to 2.2.0
 - Improved JavaScript API
@@ -87,59 +114,59 @@ Breaking changes
 - Added `refresh` option
 - Added `donut` option to pie chart
-## 2.1.3
+## 2.1.3 (2016-11-29)
 - Updated Chartkick.js to 2.1.2 - fixes missing zero values for Chart.js
-## 2.1.2
+## 2.1.2 (2016-11-28)
 - Added `defer` option
 - Added `nonce` option
 - Updated Chartkick.js to 2.1.1
-## 2.1.1
+## 2.1.1 (2016-09-11)
 - Use custom version of Chart.js to fix label overlap
-## 2.1.0
+## 2.1.0 (2016-09-10)
 - Added basic support for new Google Charts loader
 - Added `configure` function
 - Dropped jQuery and Zepto dependencies for AJAX
 - Updated Chart.js to 2.2.2
-## 2.0.2
+## 2.0.2 (2016-08-11)
 - Updated Chartkick.js to 2.0.1
 - Updated Chart.js to 2.2.1
-## 2.0.1
+## 2.0.1 (2016-07-29)
 - Small Chartkick.js fixes
 - Updated Chart.js to 2.2.0
-## 2.0.0
+## 2.0.0 (2016-05-30)
 - Chart.js is now the default adapter - yay open source!
 - Axis types are automatically detected - no need for `discrete: true`
 - Better date support
 - New JavaScript API
-## 1.5.2
+## 1.5.2 (2016-05-05)
 - Fixed Sprockets error
-## 1.5.1
+## 1.5.1 (2016-05-03)
 - Updated chartkick.js to latest version
 - Included `Chart.bundle.js`
-## 1.5.0
+## 1.5.0 (2016-05-01)
 - Added Chart.js adapter **beta**
 - Fixed line height on timeline charts
-## 1.4.2
+## 1.4.2 (2016-02-29)
 - Added `width` option
 - Added `label` option
@@ -148,86 +175,86 @@ Breaking changes
 - Better tooltip for dates for Google Charts
 - Fixed asset precompilation issue with Rails 5
-## 1.4.1
+## 1.4.1 (2015-09-07)
 - Fixed regression with `min: nil`
-## 1.4.0
+## 1.4.0 (2015-08-31)
 - Added scatter chart
 - Added axis titles
-## 1.3.2
+## 1.3.2 (2014-07-04)
 - Fixed `except` error when not using Rails
-## 1.3.1
+## 1.3.1 (2014-06-30)
 - Fixed blank screen bug
 - Fixed language support
-## 1.3.0
+## 1.3.0 (2014-06-28)
 - Added timelines
-## 1.2.5
+## 1.2.5 (2014-06-12)
 - Added support for multiple groups
 - Added `html` option
-## 1.2.4
+## 1.2.4 (2014-03-24)
 - Added global options
 - Added `colors` option
-## 1.2.3
+## 1.2.3 (2014-03-23)
 - Added geo chart
 - Added `discrete` option
-## 1.2.2
+## 1.2.2 (2014-02-23)
 - Added global `content_for` option
 - Added `stacked` option
-## 1.2.1
+## 1.2.1 (2013-12-08)
 - Added localization for Google Charts
-## 1.2.0
+## 1.2.0 (2013-07-27)
 - Added bar chart and area chart
 - Resize Google Charts on window resize
-## 1.1.3
+## 1.1.3 (2013-06-26)
 - Added content_for option
-## 1.1.2
+## 1.1.2 (2013-06-11)
 - Updated chartkick.js to v1.0.1
-## 1.1.1
+## 1.1.1 (2013-06-10)
 - Added support for Sinatra
-## 1.1.0
+## 1.1.0 (2013-06-03)
 - Added support for Padrino and Rails 2.3+
-## 1.0.1
+## 1.0.1 (2013-05-23)
 - Updated chartkick.js to v1.0.1
-## 1.0.0
+## 1.0.0 (2013-05-15)
 - Use semantic versioning (no changes)
-## 0.0.5
+## 0.0.5 (2013-05-14)
 - Removed `:min => 0` default for charts with negative values
 - Show legend when data given in `{:name => "", :data => {}}` format
-## 0.0.4
+## 0.0.4 (2013-05-13)
 - Fix for `Uncaught ReferenceError: Chartkick is not defined` when chartkick.js is included in the `<head>`

data/README.md CHANGED Viewed

@@ -8,6 +8,8 @@ Create beautiful JavaScript charts with one line of Ruby. No more fighting with
 :two_hearts: A perfect companion to [Groupdate](https://github.com/ankane/groupdate), [Hightop](https://github.com/ankane/hightop), and [ActiveMedian](https://github.com/ankane/active_median)
+[![Build Status](https://travis-ci.org/ankane/chartkick.svg?branch=master)](https://travis-ci.org/ankane/chartkick)
 ## Quick Start
 Add this line to your application's Gemfile:
@@ -242,6 +244,30 @@ Set a decimal separator - *Chart.js, Highcharts*
 <%= line_chart data, decimal: "," %>
 ```
+Set significant digits - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, precision: 3 %>
+```
+Set rounding - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, round: 2 %>
+```
+Show insignificant zeros, useful for currency - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, round: 2, zeros: true %>
+```
+Friendly byte sizes - *Chart.js 2.8+*
+```erb
+<%= line_chart data, bytes: true %>
+```
 Show a message when data is empty
 ```erb
@@ -299,7 +325,7 @@ Then, in your layout, use:
 <%= yield :charts_js %>
 ```
-> For Padrino, use `yield_content` instead of `yield`
+For Padrino, use `yield_content` instead of `yield`.
 This is great for including all of your JavaScript at the bottom of the page.
@@ -346,9 +372,7 @@ If you want to use the charting library directly, get the code with:
 <%= line_chart data, code: true %>
 ```
-The code will be logged to the JavaScript console.
-> JavaScript functions cannot be logged, so it may not be identical.
+The code will be logged to the JavaScript console. JavaScript functions cannot be logged, so it may not be identical.
 ### Download Charts
@@ -360,7 +384,7 @@ Give users the ability to download charts. It all happens in the browser - no se
 <%= line_chart data, download: true %>
 ```
-> Safari will open the image in a new window instead of downloading.
+Safari will open the image in a new window instead of downloading.
 Set the filename
@@ -394,7 +418,7 @@ Next, choose your charting library.
 - [Google Charts](#google-charts)
 - [Highcharts](#highcharts)
-> In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
+In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
 ### Chart.js
@@ -538,6 +562,12 @@ Redraw the chart with:
 chart.redraw()
 ```
+Destroy the chart with:
+```javascript
+chart.destroy()
+```
 Loop over charts with:
 ```javascript
@@ -573,14 +603,6 @@ Breaking changes
 - Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
 - Removed support for the Google Charts jsapi loader - use loader.js instead
-### 2.0
-Breaking changes
-- Chart.js is now the default adapter if multiple are loaded - yay open source!
-- Axis types are automatically detected - no need for `discrete: true`
-- Better date support - dates are no longer treated as UTC
 ## Credits
 Chartkick uses [iso8601.js](https://github.com/Do/iso8601.js) to parse dates and times.
@@ -589,8 +611,6 @@ Chartkick uses [iso8601.js](https://github.com/Do/iso8601.js) to parse dates and
 View the [changelog](https://github.com/ankane/chartkick/blob/master/CHANGELOG.md)
-Chartkick follows [Semantic Versioning](https://semver.org/)
 ## Contributing
 Everyone is encouraged to help improve this project. Here are a few ways you can help:
@@ -599,3 +619,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/chartkick/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+To get started with development:
+```sh
+git clone https://github.com/ankane/chartkick.git
+cd chartkick
+bundle install
+bundle exec rake test
+```

data/lib/chartkick/helper.rb CHANGED Viewed

@@ -4,35 +4,35 @@ require "erb"
 module Chartkick
   module Helper
     def line_chart(data_source, **options)
-      chartkick_chart "LineChart", data_source, options
+      chartkick_chart "LineChart", data_source, **options
     end
     def pie_chart(data_source, **options)
-      chartkick_chart "PieChart", data_source, options
+      chartkick_chart "PieChart", data_source, **options
     end
     def column_chart(data_source, **options)
-      chartkick_chart "ColumnChart", data_source, options
+      chartkick_chart "ColumnChart", data_source, **options
     end
     def bar_chart(data_source, **options)
-      chartkick_chart "BarChart", data_source, options
+      chartkick_chart "BarChart", data_source, **options
     end
     def area_chart(data_source, **options)
-      chartkick_chart "AreaChart", data_source, options
+      chartkick_chart "AreaChart", data_source, **options
     end
     def scatter_chart(data_source, **options)
-      chartkick_chart "ScatterChart", data_source, options
+      chartkick_chart "ScatterChart", data_source, **options
     end
     def geo_chart(data_source, **options)
-      chartkick_chart "GeoChart", data_source, options
+      chartkick_chart "GeoChart", data_source, **options
     end
     def timeline(data_source, **options)
-      chartkick_chart "Timeline", data_source, options
+      chartkick_chart "Timeline", data_source, **options
     end
     private
@@ -41,8 +41,8 @@ module Chartkick
       @chartkick_chart_id ||= 0
       options = chartkick_deep_merge(Chartkick.options, options)
       element_id = options.delete(:id) || "chart-#{@chartkick_chart_id += 1}"
-      height = options.delete(:height) || "300px"
-      width = options.delete(:width) || "100%"
+      height = (options.delete(:height) || "300px").to_s
+      width = (options.delete(:width) || "100%").to_s
       defer = !!options.delete(:defer)
       # content_for: nil must override default
       content_for = options.key?(:content_for) ? options.delete(:content_for) : Chartkick.content_for
@@ -63,18 +63,31 @@ module Chartkick
       # html vars
       html_vars = {
-        id: element_id,
-        height: height,
-        width: width
+        id: element_id
       }
       html_vars.each_key do |k|
         html_vars[k] = ERB::Util.html_escape(html_vars[k])
       end
-      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % html_vars
+      # css vars
+      css_vars = {
+        height: height,
+        width: width
+      }
+      css_vars.each_key do |k|
+        # limit to alphanumeric and % for simplicity
+        # this prevents things like calc() but safety is the priority
+        raise ArgumentError, "Invalid #{k}" unless css_vars[k] =~ /\A[a-zA-Z0-9%]*\z/
+        # we limit above, but escape for safety as fail-safe
+        # to prevent XSS injection in worse-case scenario
+        css_vars[k] = ERB::Util.html_escape(css_vars[k])
+      end
+      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % html_vars.merge(css_vars)
       # js vars
       js_vars = {
-        type: klass, # don't convert to JSON, but still escape
+        type: klass.to_json,
         id: element_id.to_json,
         data: data_source.respond_to?(:chart_json) ? data_source.chart_json : data_source.to_json,
         options: options.to_json
@@ -82,9 +95,10 @@ module Chartkick
       js_vars.each_key do |k|
         js_vars[k] = chartkick_json_escape(js_vars[k])
       end
-      createjs = "new Chartkick.%{type}(%{id}, %{data}, %{options});" % js_vars
+      createjs = "new Chartkick[%{type}](%{id}, %{data}, %{options});" % js_vars
       if defer
+        # TODO remove type in 4.0
         js = <<JS
 <script type="text/javascript"#{nonce_html}>
   (function() {
@@ -100,6 +114,7 @@ module Chartkick
 </script>
 JS
       else
+        # TODO remove type in 4.0
         js = <<JS
 <script type="text/javascript"#{nonce_html}>
   #{createjs}