forme 2.4.1 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60794aa5c742e3b40bacd043172a0e201358b944a653f3bd013bf8e6a254154b
-  data.tar.gz: ae16923653b5bb463f430735a57b1f710a3ccb53420b124f15b6a5e72f290c2e
+  metadata.gz: c0078a295325f1880c32a870466a7e280a0cd324e2f8bf91ea81125bf557d225
+  data.tar.gz: 120e19dde7e39176a4693a4ab46f7f1c2f4d86265f3de4946af6a1d40f5fd524
 SHA512:
-  metadata.gz: b3f915c5dd32938874513739d29a2f6c04365a1f636c2dc814ce2a17de07beb4a9c8000e4f40b112bb8d4198d005552dafcf0cbb957dc0ffa9e11c0b6b820f33
-  data.tar.gz: 5528741694ca0c36800ce9cacab5a7e764698da5c9c9f1e4bb17bfce9c9a0ba86a354a0e2eca14a9825b5ee792aa7dc5c62eb687b8d5a540fa7b2fea47220617
+  metadata.gz: f13bb7fdfaf90be6af18cc67403d4e36f963c6258eeb49bbc4579b356534172fa4d25380f032ef7a80954f532de3a63f67e3ad3a985c0225d4d21db0245fe387
+  data.tar.gz: 6ec1d4cbee834565239953a12b826b9b190c4f80901b6dc559954c7414889a1c0691e3a16b25dd5d2176a079ae3826a3b9e13bb6c23e323979046af98288208f

data/CHANGELOG

@@ -1,3 +1,21 @@
+=== 2.6.0 (2024-06-18)
+
+* Add Roda forme_erubi_capture_block plugin to support erubi/capture_block <%= form do %> <% end %> tags (jeremyevans)
+
+* Support :hr as select option value to use a hr tag instead of an option tag (jeremyevans)
+
+* Support maxlength and minlength options as attributes for textareas (jeremyevans)
+
+* Support minlength option as attribute for text inputs (jeremyevans)
+
+=== 2.5.0 (2024-02-13)
+
+* Add hidden inputs to work with formaction/formmethod support in Roda 3.77+ route_csrf plugin (jeremyevans)
+
+* Support :formaction option on buttons (jeremyevans)
+
+* Support emit: false option for non-rails template forms allowing block based form use without appending to template (jeremyevans)
+
 === 2.4.1 (2023-09-19)
 
 * Add dependency on bigdecimal, as bigdecimal is moving from standard library to bundled gem in Ruby 3.4 (jeremyevans)

data/README.rdoc

@@ -615,8 +615,8 @@ internally).  +forme_parse+ returns a hash with the following keys:
                 check that the submitted values for associated objects match one of the
                 options for the input in the form.
 
-It is possible to use +forme_set+ for the values it can handle, and set other fields manually
-using +set_fields+.
+It is possible to use +forme_set+ for the forms it can handle, and use +forme_parse+ and
++set_fields+ for other forms.
 
 === Roda forme_set plugin
 
@@ -792,6 +792,7 @@ Forme ships with multiple Roda plugins
 * forme_set (discussed above)
 * forme
 * forme_route_csrf
+* forme_erubi_capture_block
 * forme_erubi_capture
 
 == forme_route_csrf and forme plugins
@@ -800,7 +801,7 @@ For new code, it is recommended to use forme_route_csrf, as that uses Roda's rou
 plugin, which supports more secure request-specific CSRF tokens.  In both cases, usage in ERB
 templates is the same:
 
-  <% form(@obj, :action=>'/foo') do |f| %>
+  <% form(@obj, action: '/foo') do |f| %>
     <%= f.input(:field) %>
     <% f.tag(:fieldset) do %>
       <%= f.input(:field_two) %>
@@ -810,6 +811,8 @@ templates is the same:
 The forme_route_csrf plugin's +form+ method supports the following options
 in addition to the default +Forme.form+ options:
 
+:emit :: Set to false to not emit implicit tags into template.  This should only be
+         used if you are not modifying the template inside the block.
 :csrf :: Set to force whether a CSRF tag should be included.  By default, a CSRF
          tag is included if the form's method is one of the request methods checked
          by the Roda route_csrf plugin.
@@ -818,10 +821,43 @@ in addition to the default +Forme.form+ options:
                                CSRF token unless the Roda route_csrf plugin has been
                                configured to support non-request specific tokens.
 
+The <tt>emit: false</tt> option allows you to do:
+
+  <%= form(@obj, {action: '/foo'}, emit: false) do |f|
+    f.input(:field)
+    f.tag(:fieldset) do
+      f.input(:field_two)
+    end
+  end %>
+
+This is useful if you are calling some method that calls +form+ with a block,
+where the resulting entire Forme::Forme object will be literalized into the
+template. The form will include the CSRF token and forme_set metadata as appropriate.
+
 The forme plugin does not require any csrf plugin, but will transparently use
 Rack::Csrf if it is available. If Rack::Csrf is available a CSRF tag if the form's
 method is +POST+, with no configuration ability.
 
+== forme_erubi_capture_block plugin
+
+The forme_erubi_capture_block plugin builds on the forme_route_csrf plugin, but it supports
+the erubi/capture_block engine, which allows this syntax:
+
+  <%= form(@obj, :action=>'/foo') do |f| %>
+    <%= f.input(:field) %>
+    <%= f.tag(:fieldset) do %>
+      <%= f.input(:field_two) %>
+    <% end %>
+  <% end %>
+
+If you use the forme_erubi_capture)block plugin, you need to manually set Roda to use the
+erubi/capture_block engine, which you can do via:
+
+  require 'erubi/capture_block'
+  app.plugin :render, :engine_opts=>{'erb'=>{:engine_class=>Erubi::CaptureBlockEngine}}
+
+The forme_erubi_capture plugin requires Erubi 1.13.0+.
+
 == forme_erubi_capture plugin
 
 The forme_erubi_capture plugin builds on the forme_route_csrf plugin, but it supports
@@ -856,7 +892,8 @@ It allows you to use the following API in your erb templates:
   <% end %>
 
 In order to this to work transparently, the ERB outvar needs to be <tt>@_out_buf</tt> (this is the
-default in Sinatra).
+default in Sinatra).  The Sinatra extension also supports the <tt>emit: false</tt> option to not
+directly modify the related template (see example in the Roda section for usage).
 
 = Rails Support
 
@@ -966,6 +1003,8 @@ Creates a select tag, containing option tags specified by the :options option.
             array, uses the first entry of the array as the text of the option, and
             the last entry of the array as the value of the option. If the last entry
             of the array is a hash, uses the hash as the attributes for the option.
+            If the option value is +:hr+, uses an hr tag (allowed in recent versions of
+            the HTML standard).
 :selected :: The value that should be selected.  Any options that are equal to
              this value (or included in this value if a multiple select box),
              are set to selected.
@@ -997,6 +1036,8 @@ Creates a textarea tag.  Options:
 
 :cols :: The number of columns in the text area.
 :rows :: The number of rows in the text area.
+:maxlength :: Use the maxlength attribute on the tag
+:minlength :: Use the minlength attribute on the tag
 
 == all others
 
@@ -1005,6 +1046,7 @@ as text and password, as well as newer HTML5 inputs such as number or email. Opt
 
 :size :: Uses the size attribute on the tag
 :maxlength :: Use the maxlength attribute on the tag
+:minlength :: Use the minlength attribute on the tag
 
 == Form options
 

data/lib/forme/bs3.rb

@@ -356,7 +356,7 @@ module Forme
           case tag.attr[:type].to_sym
           when :checkbox, :radio, :hidden
             # .form-control class causes rendering problems, so remove if found
-            tag.attr[:class].gsub!(/\s*form-control\s*/,'') if tag.attr[:class]
+            tag.attr[:class] = tag.attr[:class].gsub(/\s*form-control\s*/,'') if tag.attr[:class]
             tag.attr[:class] = nil if tag.attr[:class] && tag.attr[:class].empty?
             
           when :file

data/lib/forme/template.rb

@@ -72,9 +72,9 @@ module Forme
       private
 
       def _forme_form(obj, attr, opts, &block)
-        if block_given?
+        if block && opts[:emit] != false
           erb_form = buffer = offset = nil
-          block = proc do
+          form_block = proc do
             wrapped_form = erb_form.instance_variable_get(:@form)
             buffer = wrapped_form.to_s
             offset = buffer.length
@@ -83,9 +83,9 @@ module Forme
             offset = buffer.length
           end
 
-          f, attr, block = _forme_wrapped_form_class.form_args(obj, attr, opts, &block)
+          f, attr, form_block = _forme_wrapped_form_class.form_args(obj, attr, opts, &form_block)
           erb_form = _forme_form_class.new(f, self)
-          erb_form.form(attr, &block)
+          erb_form.form(attr, &form_block)
           erb_form.emit(buffer[offset, buffer.length])
         else
           _forme_wrapped_form_class.form(obj, attr, opts, &block)

data/lib/forme/transformers/formatter.rb

@@ -178,7 +178,7 @@ module Forme
     # with the type attribute set to input.
     def _format_input(type)
       @attr[:type] = type
-      copy_options_to_attributes([:size, :maxlength])
+      copy_options_to_attributes([:size, :maxlength, :minlength])
       tag(:input)
     end
 
@@ -268,10 +268,16 @@ module Forme
       ret
     end
 
+    # Formats a submit input.  Respects :formaction option.
+    def format_submit
+      copy_options_to_attributes([:formaction])
+      _format_input(:submit)
+    end
+
     # Formats a textarea.  Respects the following options:
     # :value :: Sets value as the child of the textarea.
     def format_textarea
-      copy_options_to_attributes([:cols, :rows])
+      copy_options_to_attributes([:cols, :rows, :maxlength, :minlength])
       if val = @attr.delete(:value)
         tag(:textarea, @attr, [val])
       else
@@ -446,7 +452,9 @@ module Forme
 
       os.map do |x|
         attr = {}
-        if tm
+        if x == :hr
+          next form._tag(:hr, {})
+        elsif tm
           text = x.send(tm)
           val = x.send(vm) if vm
         elsif x.is_a?(Array)

data/lib/forme/transformers/serializer.rb

@@ -9,7 +9,7 @@ module Forme
     Forme.register_transformer(:serializer, :default, new)
 
     # Which tags are self closing (such tags ignore children).
-    SELF_CLOSING = [:img, :input]
+    SELF_CLOSING = [:img, :input, :hr]
 
     # Serialize the tag object to an html string.  Supports +Tag+ instances,
     # +Input+ instances (recursing into +call+ with the result of formatting the input),

data/lib/forme/version.rb

@@ -6,11 +6,11 @@ module Forme
   MAJOR = 2
 
   # The minor version of Forme, updated for new feature releases of Forme.
-  MINOR = 4
+  MINOR = 6
 
   # The patch version of Forme, updated only for bug fixes from the last
   # feature release.
-  TINY = 1
+  TINY = 0
 
   # Version constant, use <tt>Forme.version</tt> instead.
   VERSION = "#{MAJOR}.#{MINOR}.#{TINY}".freeze

data/lib/forme.rb

@@ -25,16 +25,10 @@ module Forme
     rescue LoadError
       ESCAPE_TABLE = {'&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#39;'}.freeze
       ESCAPE_TABLE.each_value(&:freeze)
-      if RUBY_VERSION >= '1.9'
-        # Escape the following characters with their HTML/XML
-        # equivalents.
-        def self.h(value)
-          value.to_s.gsub(/[&<>"']/, ESCAPE_TABLE)
-        end
-      else
-        def self.h(value)
-          value.to_s.gsub(/[&<>"']/){|s| ESCAPE_TABLE[s]}
-        end
+      # Escape the following characters with their HTML/XML
+      # equivalents.
+      def self.h(value)
+        value.to_s.gsub(/[&<>"']/, ESCAPE_TABLE)
       end
     end
   end

data/lib/roda/plugins/forme_erubi_capture.rb

@@ -33,8 +33,8 @@ class Roda
       end
 
       module InstanceMethods
-        def form(*)
-          if block_given?
+        def _forme_form(obj, attr, opts, &block)
+          if block && opts[:emit] != false
             capture_erb do
               super
               instance_variable_get(render_opts[:template_opts][:outvar])

data/lib/roda/plugins/forme_erubi_capture_block.rb

@@ -0,0 +1,45 @@
+# frozen-string-literal: true
+
+require_relative '../../forme/template'
+
+class Roda
+  module RodaPlugins
+    module FormeErubiCaptureBlock
+      def self.load_dependencies(app)
+        app.plugin :forme_route_csrf
+      end
+
+      class Form < ::Forme::Template::Form
+        %w'inputs tag subform'.each do |meth|
+          class_eval(<<-END, __FILE__, __LINE__+1)
+            def #{meth}(*)
+              if block_given?
+                @scope.instance_variable_get(@scope.render_opts[:template_opts][:outvar]).capture{super}
+              else
+                super
+              end
+            end
+          END
+        end
+      end
+
+      module InstanceMethods
+        def _forme_form(obj, attr, opts, &block)
+          if block && opts[:emit] != false
+            instance_variable_get(render_opts[:template_opts][:outvar]).capture{super}
+          else
+            super
+          end
+        end
+
+        private
+
+        def _forme_form_class
+          Form
+        end
+      end
+    end
+
+    register_plugin(:forme_erubi_capture_block, FormeErubiCaptureBlock)
+  end
+end

data/lib/roda/plugins/forme_route_csrf.rb

@@ -36,7 +36,7 @@ class Roda
           end
 
           if apply_csrf
-            token = if opts.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
+            token = if use_request_specific_token = opts.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
               csrf_token(csrf_path(attr[:action]), method)
             else
               csrf_token
@@ -46,6 +46,23 @@ class Roda
             opts[:_before] = lambda do |form|
               form.tag(:input, :type=>:hidden, :name=>csrf_field, :value=>token)
             end
+
+            if use_request_specific_token && (formaction_field = csrf_options[:formaction_field])
+              formactions = opts[:formactions] = []
+              formaction_tokens = opts[:formaction_tokens] = {}
+              _after = opts[:_after]
+              opts[:formaction_csrfs] = [formaction_field, formaction_tokens]
+              formaction_field = csrf_options[:formaction_field]
+              opts[:_after] = lambda do |form|
+                formactions.each do |action, method|
+                  path = csrf_path(action)
+                  fa_token = csrf_token(path, method)
+                  formaction_tokens[path] = fa_token
+                  form.tag(:input, :type=>:hidden, :name=>"#{formaction_field}[#{path}]", :value=>fa_token)
+                end
+                _after.call(form) if _after
+              end
+            end
           end
         end
       end

data/lib/roda/plugins/forme_set.rb

@@ -7,7 +7,7 @@ class Roda
   module RodaPlugins
     module FormeSet
       # Require the forme_route_csrf plugin.
-      def self.load_dependencies(app, _ = nil)
+      def self.load_dependencies(app, opts = nil, &_)
         app.plugin :forme_route_csrf 
       end
 
@@ -102,7 +102,9 @@ class Roda
         def _forme_form_options(obj, attr, opts)
           super
 
+          _after = opts[:_after]
           opts[:_after] = lambda do |form|
+            _after.call(form) if _after
             if (obj = form.opts[:obj]) && obj.respond_to?(:forme_inputs) && (forme_inputs = obj.forme_inputs)
               columns = []
               valid_values = {}
@@ -129,6 +131,9 @@ class Roda
               data['columns'] = columns
               data['namespaces'] = form.opts[:namespace]
               data['csrf'] = form.opts[:csrf]
+              if (formactions = form.opts[:formaction_csrfs]) && !formactions[1].empty?
+                data['formaction_csrfs'] = formactions
+              end
               data['valid_values'] = valid_values unless valid_values.empty?
               data['form_version'] = form.opts[:form_version] if form.opts[:form_version]
 
@@ -154,8 +159,16 @@ class Roda
 
           data = JSON.parse(data)
           csrf_field, hmac_csrf_value = data['csrf']
+          formaction_csrf_field, formaction_values = data['formaction_csrfs']
+
           if csrf_field
-            csrf_value = params[csrf_field].to_s
+            formaction_params = params[formaction_csrf_field]
+            if formaction_csrf_field && (formaction_params = params[formaction_csrf_field]).is_a?(Hash) && (csrf_value = formaction_params[request.path])
+              hmac_csrf_value = formaction_values[request.path]
+            else
+              csrf_value = params[csrf_field].to_s
+            end
+
             hmac_csrf_value = hmac_csrf_value.to_s
             unless Rack::Utils.secure_compare(csrf_value.ljust(hmac_csrf_value.length), hmac_csrf_value) && csrf_value.length == hmac_csrf_value.length
               return _forme_parse_error(:csrf_mismatch, obj)

data/lib/sequel/plugins/forme.rb

@@ -17,6 +17,22 @@ module Sequel # :nodoc:
       # that use a <tt>Sequel::Model</tt> instance as the form's
       # +obj+.
       module SequelForm
+        # If the form has the :formactions option and the button has the
+        # formaction option or attribute, append the action and method
+        # for this button to the formactions. This is used by the
+        # Roda forme_route_csrf and forme_set plugins so that formaction
+        # can work as expected.
+        def button(opts={})
+          if opts.is_a?(Hash) && (formactions = self.opts[:formactions]) &&
+              (formaction = opts[:formaction] || ((attr = opts[:attr]) && (attr[:formaction] || attr['formaction'])))
+            formmethod = opts[:formmethod] ||
+              ((attr = opts[:attr]) && (attr[:formmethod] || attr['formmethod'])) ||
+              ((attr = form_tag_attributes) && (attr[:method] || attr['method']))
+            formactions << [formaction, formmethod]
+          end
+          super
+        end
+
         # Use the post method by default for Sequel forms, unless
         # overridden with the :method attribute.
         def form(attr={}, &block)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forme
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.6.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-19 00:00:00.000000000 Z
+date: 2024-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bigdecimal
@@ -203,6 +203,7 @@ files:
 - lib/forme/version.rb
 - lib/roda/plugins/forme.rb
 - lib/roda/plugins/forme_erubi_capture.rb
+- lib/roda/plugins/forme_erubi_capture_block.rb
 - lib/roda/plugins/forme_route_csrf.rb
 - lib/roda/plugins/forme_set.rb
 - lib/sequel/plugins/forme.rb
@@ -239,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: HTML forms library