RubyGems - chartkick - Versions diffs - 3.2.0 → 3.4.0 - Mend

chartkick 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +74 -47
data/README.md +45 -16
data/lib/chartkick/helper.rb +31 -16
data/lib/chartkick/version.rb +1 -1
data/vendor/assets/javascripts/Chart.bundle.js +4432 -2965
data/vendor/assets/javascripts/chartkick.js +202 -30
metadata +3 -4
data/CONTRIBUTING.md +0 -46

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b6eb4f5b6f498a122e58ca1dd4cf7e3e1f5d610e19faa5a702291e422549026
-  data.tar.gz: ec143cc0f819cdd1ccd955f43425d992daa87052aeede53f563beda9bace04a5
+  metadata.gz: 5afacd4c10d0cfddc6a2a660efead206ee042e80d48dd749f9de79feb365c1fd
+  data.tar.gz: c7fc99b0b2b467a6326df99f5832de2b3674f5f80415749cf57177142eecfc45
 SHA512:
-  metadata.gz: 1a494948bc4eeb5c1567e82777601982d7f3f90bfeb5c8b8b29335620cc0eaac7659a8b91e72fe9672d29a3b580b2c512fd0524c553be2de9fb57b4dcfa27b7a
-  data.tar.gz: 9f2e116c8c529e744e078b368ece8aebd7235dec00aa297a0745f309a494e57a2e29b2243dd5873d159a4346be0ee331f1df474f2a4166133a8a9e6159a0e9d7
+  metadata.gz: 75b1793b427c5d9d4604b813773253adb864b6134fad48f952c72377f75da40c8daa19eaf06fd7ce0b2da31a1ba436cfe54bde318ac849ec2080652582ac7076
+  data.tar.gz: 8f47e12f6e9c746871d02f0d5bd3093da1017c5a222837696b5b0d7b7e4008c400c8556e4f85ec7b0ccd79c15a9cb510a91a7d9ecf896d1a106b7c82e68ddc36

data/CHANGELOG.md CHANGED Viewed

@@ -1,23 +1,50 @@
-## 3.2.0
+## 3.4.0 (2020-08-04)
+- Fixed CSS injection with `width` and `height` options
+## 3.3.2 (2020-07-23)
+- Updated Chartkick.js to 3.2.1
+## 3.3.1 (2019-12-26)
+- Updated Chart.js to 2.9.3
+- Fixed deprecating warnings in Ruby 2.7
+## 3.3.0 (2019-11-09)
+- Updated Chartkick.js to 3.2.0
+- Rolled back Chart.js to 2.8.0 due to legend change
+## 3.2.2 (2019-10-27)
+- Updated Chartkick.js to 3.1.3
+- Updated Chart.js to 2.9.1
+## 3.2.1 (2019-07-15)
+- Updated Chartkick.js to 3.1.1
+## 3.2.0 (2019-06-04)
 - Fixed XSS vulnerability - see [#488](https://github.com/ankane/chartkick/issues/488)
-## 3.1.0
+## 3.1.0 (2019-05-26)
 - Updated Chartkick.js to 3.1.0
 - Updated Chart.js to 2.8.0
-## 3.0.2
+## 3.0.2 (2019-01-03)
 - Fixed error with `nonce` option with Secure Headers and Rails < 5.2
 - Updated Chartkick.js to 3.0.2
 - Updated Chart.js to 2.7.3
-## 3.0.1
+## 3.0.1 (2018-08-13)
 - Updated Chartkick.js to 3.0.1
-## 3.0.0
+## 3.0.0 (2018-08-08)
 - Updated Chartkick.js to 3.0.0
 - Added `code` option
@@ -31,55 +58,55 @@ Breaking changes
 - Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
 - Removed support for the Google Charts jsapi loader - use loader.js instead
-## 2.3.5
+## 2.3.5 (2018-06-15)
 - Updated Chartkick.js to 2.3.6
-## 2.3.4
+## 2.3.4 (2018-04-10)
 - Updated Chartkick.js to 2.3.5
 - Updated Chart.js to 2.7.2
-## 2.3.3
+## 2.3.3 (2018-03-25)
 - Updated Chartkick.js to 2.3.4
-## 2.3.2
+## 2.3.2 (2018-02-26)
 - Updated Chartkick.js to 2.3.3
-## 2.3.1
+## 2.3.1 (2018-02-23)
 - Updated Chartkick.js to 2.3.1
-## 2.3.0
+## 2.3.0 (2018-02-21)
 - Fixed deep merge error for non-Rails apps
 - Updated Chartkick.js to 2.3.0
-## 2.2.5
+## 2.2.5 (2017-10-28)
 - Updated Chart.js to 2.7.1
-## 2.2.4
+## 2.2.4 (2017-05-14)
 - Added compatibility with Rails API
 - Updated Chartkick.js to 2.2.4
-## 2.2.3
+## 2.2.3 (2017-02-22)
 - Updated Chartkick.js to 2.2.3
 - Updated Chart.js to 2.5.0
-## 2.2.2
+## 2.2.2 (2017-01-07)
 - Updated Chartkick.js to 2.2.2
-## 2.2.1
+## 2.2.1 (2016-12-05)
 - Updated Chartkick.js to 2.2.1
-## 2.2.0
+## 2.2.0 (2016-12-03)
 - Updated Chartkick.js to 2.2.0
 - Improved JavaScript API
@@ -87,59 +114,59 @@ Breaking changes
 - Added `refresh` option
 - Added `donut` option to pie chart
-## 2.1.3
+## 2.1.3 (2016-11-29)
 - Updated Chartkick.js to 2.1.2 - fixes missing zero values for Chart.js
-## 2.1.2
+## 2.1.2 (2016-11-28)
 - Added `defer` option
 - Added `nonce` option
 - Updated Chartkick.js to 2.1.1
-## 2.1.1
+## 2.1.1 (2016-09-11)
 - Use custom version of Chart.js to fix label overlap
-## 2.1.0
+## 2.1.0 (2016-09-10)
 - Added basic support for new Google Charts loader
 - Added `configure` function
 - Dropped jQuery and Zepto dependencies for AJAX
 - Updated Chart.js to 2.2.2
-## 2.0.2
+## 2.0.2 (2016-08-11)
 - Updated Chartkick.js to 2.0.1
 - Updated Chart.js to 2.2.1
-## 2.0.1
+## 2.0.1 (2016-07-29)
 - Small Chartkick.js fixes
 - Updated Chart.js to 2.2.0
-## 2.0.0
+## 2.0.0 (2016-05-30)
 - Chart.js is now the default adapter - yay open source!
 - Axis types are automatically detected - no need for `discrete: true`
 - Better date support
 - New JavaScript API
-## 1.5.2
+## 1.5.2 (2016-05-05)
 - Fixed Sprockets error
-## 1.5.1
+## 1.5.1 (2016-05-03)
 - Updated chartkick.js to latest version
 - Included `Chart.bundle.js`
-## 1.5.0
+## 1.5.0 (2016-05-01)
 - Added Chart.js adapter **beta**
 - Fixed line height on timeline charts
-## 1.4.2
+## 1.4.2 (2016-02-29)
 - Added `width` option
 - Added `label` option
@@ -148,86 +175,86 @@ Breaking changes
 - Better tooltip for dates for Google Charts
 - Fixed asset precompilation issue with Rails 5
-## 1.4.1
+## 1.4.1 (2015-09-07)
 - Fixed regression with `min: nil`
-## 1.4.0
+## 1.4.0 (2015-08-31)
 - Added scatter chart
 - Added axis titles
-## 1.3.2
+## 1.3.2 (2014-07-04)
 - Fixed `except` error when not using Rails
-## 1.3.1
+## 1.3.1 (2014-06-30)
 - Fixed blank screen bug
 - Fixed language support
-## 1.3.0
+## 1.3.0 (2014-06-28)
 - Added timelines
-## 1.2.5
+## 1.2.5 (2014-06-12)
 - Added support for multiple groups
 - Added `html` option
-## 1.2.4
+## 1.2.4 (2014-03-24)
 - Added global options
 - Added `colors` option
-## 1.2.3
+## 1.2.3 (2014-03-23)
 - Added geo chart
 - Added `discrete` option
-## 1.2.2
+## 1.2.2 (2014-02-23)
 - Added global `content_for` option
 - Added `stacked` option
-## 1.2.1
+## 1.2.1 (2013-12-08)
 - Added localization for Google Charts
-## 1.2.0
+## 1.2.0 (2013-07-27)
 - Added bar chart and area chart
 - Resize Google Charts on window resize
-## 1.1.3
+## 1.1.3 (2013-06-26)
 - Added content_for option
-## 1.1.2
+## 1.1.2 (2013-06-11)
 - Updated chartkick.js to v1.0.1
-## 1.1.1
+## 1.1.1 (2013-06-10)
 - Added support for Sinatra
-## 1.1.0
+## 1.1.0 (2013-06-03)
 - Added support for Padrino and Rails 2.3+
-## 1.0.1
+## 1.0.1 (2013-05-23)
 - Updated chartkick.js to v1.0.1
-## 1.0.0
+## 1.0.0 (2013-05-15)
 - Use semantic versioning (no changes)
-## 0.0.5
+## 0.0.5 (2013-05-14)
 - Removed `:min => 0` default for charts with negative values
 - Show legend when data given in `{:name => "", :data => {}}` format
-## 0.0.4
+## 0.0.4 (2013-05-13)
 - Fix for `Uncaught ReferenceError: Chartkick is not defined` when chartkick.js is included in the `<head>`

data/README.md CHANGED Viewed

@@ -8,6 +8,8 @@ Create beautiful JavaScript charts with one line of Ruby. No more fighting with
 :two_hearts: A perfect companion to [Groupdate](https://github.com/ankane/groupdate), [Hightop](https://github.com/ankane/hightop), and [ActiveMedian](https://github.com/ankane/active_median)
+[![Build Status](https://travis-ci.org/ankane/chartkick.svg?branch=master)](https://travis-ci.org/ankane/chartkick)
 ## Quick Start
 Add this line to your application's Gemfile:
@@ -242,6 +244,30 @@ Set a decimal separator - *Chart.js, Highcharts*
 <%= line_chart data, decimal: "," %>
 ```
+Set significant digits - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, precision: 3 %>
+```
+Set rounding - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, round: 2 %>
+```
+Show insignificant zeros, useful for currency - *Chart.js, Highcharts*
+```erb
+<%= line_chart data, round: 2, zeros: true %>
+```
+Friendly byte sizes - *Chart.js 2.8+*
+```erb
+<%= line_chart data, bytes: true %>
+```
 Show a message when data is empty
 ```erb
@@ -299,7 +325,7 @@ Then, in your layout, use:
 <%= yield :charts_js %>
 ```
-> For Padrino, use `yield_content` instead of `yield`
+For Padrino, use `yield_content` instead of `yield`.
 This is great for including all of your JavaScript at the bottom of the page.
@@ -346,9 +372,7 @@ If you want to use the charting library directly, get the code with:
 <%= line_chart data, code: true %>
 ```
-The code will be logged to the JavaScript console.
-> JavaScript functions cannot be logged, so it may not be identical.
+The code will be logged to the JavaScript console. JavaScript functions cannot be logged, so it may not be identical.
 ### Download Charts
@@ -360,7 +384,7 @@ Give users the ability to download charts. It all happens in the browser - no se
 <%= line_chart data, download: true %>
 ```
-> Safari will open the image in a new window instead of downloading.
+Safari will open the image in a new window instead of downloading.
 Set the filename
@@ -394,7 +418,7 @@ Next, choose your charting library.
 - [Google Charts](#google-charts)
 - [Highcharts](#highcharts)
-> In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
+In the instructions below, `application.js` must be included **before** the charts in your views, unless using the `:content_for` option.
 ### Chart.js
@@ -538,6 +562,12 @@ Redraw the chart with:
 chart.redraw()
 ```
+Destroy the chart with:
+```javascript
+chart.destroy()
+```
 Loop over charts with:
 ```javascript
@@ -573,14 +603,6 @@ Breaking changes
 - Removed `window.Chartkick = {...}` way to set config - use `Chartkick.configure` instead
 - Removed support for the Google Charts jsapi loader - use loader.js instead
-### 2.0
-Breaking changes
-- Chart.js is now the default adapter if multiple are loaded - yay open source!
-- Axis types are automatically detected - no need for `discrete: true`
-- Better date support - dates are no longer treated as UTC
 ## Credits
 Chartkick uses [iso8601.js](https://github.com/Do/iso8601.js) to parse dates and times.
@@ -589,8 +611,6 @@ Chartkick uses [iso8601.js](https://github.com/Do/iso8601.js) to parse dates and
 View the [changelog](https://github.com/ankane/chartkick/blob/master/CHANGELOG.md)
-Chartkick follows [Semantic Versioning](https://semver.org/)
 ## Contributing
 Everyone is encouraged to help improve this project. Here are a few ways you can help:
@@ -599,3 +619,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/chartkick/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+To get started with development:
+```sh
+git clone https://github.com/ankane/chartkick.git
+cd chartkick
+bundle install
+bundle exec rake test
+```

data/lib/chartkick/helper.rb CHANGED Viewed

@@ -4,35 +4,35 @@ require "erb"
 module Chartkick
   module Helper
     def line_chart(data_source, **options)
-      chartkick_chart "LineChart", data_source, options
+      chartkick_chart "LineChart", data_source, **options
     end
     def pie_chart(data_source, **options)
-      chartkick_chart "PieChart", data_source, options
+      chartkick_chart "PieChart", data_source, **options
     end
     def column_chart(data_source, **options)
-      chartkick_chart "ColumnChart", data_source, options
+      chartkick_chart "ColumnChart", data_source, **options
     end
     def bar_chart(data_source, **options)
-      chartkick_chart "BarChart", data_source, options
+      chartkick_chart "BarChart", data_source, **options
     end
     def area_chart(data_source, **options)
-      chartkick_chart "AreaChart", data_source, options
+      chartkick_chart "AreaChart", data_source, **options
     end
     def scatter_chart(data_source, **options)
-      chartkick_chart "ScatterChart", data_source, options
+      chartkick_chart "ScatterChart", data_source, **options
     end
     def geo_chart(data_source, **options)
-      chartkick_chart "GeoChart", data_source, options
+      chartkick_chart "GeoChart", data_source, **options
     end
     def timeline(data_source, **options)
-      chartkick_chart "Timeline", data_source, options
+      chartkick_chart "Timeline", data_source, **options
     end
     private
@@ -41,8 +41,8 @@ module Chartkick
       @chartkick_chart_id ||= 0
       options = chartkick_deep_merge(Chartkick.options, options)
       element_id = options.delete(:id) || "chart-#{@chartkick_chart_id += 1}"
-      height = options.delete(:height) || "300px"
-      width = options.delete(:width) || "100%"
+      height = (options.delete(:height) || "300px").to_s
+      width = (options.delete(:width) || "100%").to_s
       defer = !!options.delete(:defer)
       # content_for: nil must override default
       content_for = options.key?(:content_for) ? options.delete(:content_for) : Chartkick.content_for
@@ -63,18 +63,31 @@ module Chartkick
       # html vars
       html_vars = {
-        id: element_id,
-        height: height,
-        width: width
+        id: element_id
       }
       html_vars.each_key do |k|
         html_vars[k] = ERB::Util.html_escape(html_vars[k])
       end
-      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % html_vars
+      # css vars
+      css_vars = {
+        height: height,
+        width: width
+      }
+      css_vars.each_key do |k|
+        # limit to alphanumeric and % for simplicity
+        # this prevents things like calc() but safety is the priority
+        raise ArgumentError, "Invalid #{k}" unless css_vars[k] =~ /\A[a-zA-Z0-9%]*\z/
+        # we limit above, but escape for safety as fail-safe
+        # to prevent XSS injection in worse-case scenario
+        css_vars[k] = ERB::Util.html_escape(css_vars[k])
+      end
+      html = (options.delete(:html) || %(<div id="%{id}" style="height: %{height}; width: %{width}; text-align: center; color: #999; line-height: %{height}; font-size: 14px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Verdana, Arial, Helvetica, sans-serif;">Loading...</div>)) % html_vars.merge(css_vars)
       # js vars
       js_vars = {
-        type: klass, # don't convert to JSON, but still escape
+        type: klass.to_json,
         id: element_id.to_json,
         data: data_source.respond_to?(:chart_json) ? data_source.chart_json : data_source.to_json,
         options: options.to_json
@@ -82,9 +95,10 @@ module Chartkick
       js_vars.each_key do |k|
         js_vars[k] = chartkick_json_escape(js_vars[k])
       end
-      createjs = "new Chartkick.%{type}(%{id}, %{data}, %{options});" % js_vars
+      createjs = "new Chartkick[%{type}](%{id}, %{data}, %{options});" % js_vars
       if defer
+        # TODO remove type in 4.0
         js = <<JS
 <script type="text/javascript"#{nonce_html}>
   (function() {
@@ -100,6 +114,7 @@ module Chartkick
 </script>
 JS
       else
+        # TODO remove type in 4.0
         js = <<JS
 <script type="text/javascript"#{nonce_html}>
   #{createjs}