omg-actionview 8.0.0.alpha1

data/lib/action_view/helpers/javascript_helper.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module ActionView
+  module Helpers # :nodoc:
+    # = Action View JavaScript \Helpers
+    module JavaScriptHelper
+      JS_ESCAPE_MAP = {
+        "\\"    => "\\\\",
+        "</"    => '<\/',
+        "\r\n"  => '\n',
+        "\n"    => '\n',
+        "\r"    => '\n',
+        '"'     => '\\"',
+        "'"     => "\\'",
+        "`"     => "\\`",
+        "$"     => "\\$"
+      }
+
+      JS_ESCAPE_MAP[(+"\342\200\250").force_encoding(Encoding::UTF_8).encode!] = "&#x2028;"
+      JS_ESCAPE_MAP[(+"\342\200\251").force_encoding(Encoding::UTF_8).encode!] = "&#x2029;"
+
+      # Escapes carriage returns and single and double quotes for JavaScript segments.
+      #
+      # Also available through the alias j(). This is particularly helpful in JavaScript
+      # responses, like:
+      #
+      #   $('some_element').replaceWith('<%= j render 'some/element_template' %>');
+      def escape_javascript(javascript)
+        javascript = javascript.to_s
+        if javascript.empty?
+          result = ""
+        else
+          result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
+        end
+        javascript.html_safe? ? result.html_safe : result
+      end
+
+      alias_method :j, :escape_javascript
+
+      # Returns a JavaScript tag with the +content+ inside. Example:
+      #   javascript_tag "alert('All is good')"
+      #
+      # Returns:
+      #   <script>
+      #   //<![CDATA[
+      #   alert('All is good')
+      #   //]]>
+      #   </script>
+      #
+      # +html_options+ may be a hash of attributes for the <tt>\<script></tt>
+      # tag.
+      #
+      #   javascript_tag "alert('All is good')", type: 'application/javascript'
+      #
+      # Returns:
+      #   <script type="application/javascript">
+      #   //<![CDATA[
+      #   alert('All is good')
+      #   //]]>
+      #   </script>
+      #
+      # Instead of passing the content as an argument, you can also use a block
+      # in which case, you pass your +html_options+ as the first parameter.
+      #
+      #   <%= javascript_tag type: 'application/javascript' do -%>
+      #     alert('All is good')
+      #   <% end -%>
+      #
+      # If you have a content security policy enabled then you can add an automatic
+      # nonce value by passing <tt>nonce: true</tt> as part of +html_options+. Example:
+      #
+      #   <%= javascript_tag nonce: true do -%>
+      #     alert('All is good')
+      #   <% end -%>
+      def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block)
+        content =
+          if block_given?
+            html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash)
+            capture(&block)
+          else
+            content_or_options_with_block
+          end
+
+        if html_options[:nonce] == true
+          html_options[:nonce] = content_security_policy_nonce
+        end
+
+        content_tag("script", javascript_cdata_section(content), html_options)
+      end
+
+      def javascript_cdata_section(content) # :nodoc:
+        "\n//#{cdata_section("\n#{content}\n//")}\n".html_safe
+      end
+    end
+  end
+end

data/lib/action_view/helpers/number_helper.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/keys"
+require "active_support/core_ext/string/output_safety"
+require "active_support/number_helper"
+
+module ActionView
+  module Helpers # :nodoc:
+    # = Action View Number \Helpers
+    #
+    # Provides methods for converting numbers into formatted strings.
+    # Methods are provided for phone numbers, currency, percentage,
+    # precision, positional notation, file size, and pretty printing.
+    #
+    # Most methods expect a +number+ argument, and will return it
+    # unchanged if can't be converted into a valid number.
+    module NumberHelper
+      # Raised when argument +number+ param given to the helpers is invalid and
+      # the option +:raise+ is set to  +true+.
+      class InvalidNumberError < StandardError
+        attr_accessor :number
+        def initialize(number)
+          @number = number
+        end
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_phone.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_to_phone("12x34")              # => "12x34"
+      #   number_to_phone("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_to_phone(number, options = {})
+        return unless number
+        options = options.symbolize_keys
+
+        parse_float(number, true) if options.delete(:raise)
+        ERB::Util.html_escape(ActiveSupport::NumberHelper.number_to_phone(number, options))
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_currency.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_to_currency("12x34")              # => "$12x34"
+      #   number_to_currency("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_to_currency(number, options = {})
+        delegate_number_helper_method(:number_to_currency, number, options)
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_percentage.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_to_percentage("99x")              # => "99x%"
+      #   number_to_percentage("99x", raise: true) # => InvalidNumberError
+      #
+      def number_to_percentage(number, options = {})
+        delegate_number_helper_method(:number_to_percentage, number, options)
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_delimited.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_with_delimiter("12x34")              # => "12x34"
+      #   number_with_delimiter("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_with_delimiter(number, options = {})
+        delegate_number_helper_method(:number_to_delimited, number, options)
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_rounded.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_with_precision("12x34")              # => "12x34"
+      #   number_with_precision("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_with_precision(number, options = {})
+        delegate_number_helper_method(:number_to_rounded, number, options)
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_human_size.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_to_human_size("12x34")              # => "12x34"
+      #   number_to_human_size("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_to_human_size(number, options = {})
+        delegate_number_helper_method(:number_to_human_size, number, options)
+      end
+
+      # Delegates to ActiveSupport::NumberHelper#number_to_human.
+      #
+      # Additionally, supports a +:raise+ option that will cause
+      # InvalidNumberError to be raised if +number+ is not a valid number:
+      #
+      #   number_to_human("12x34")              # => "12x34"
+      #   number_to_human("12x34", raise: true) # => InvalidNumberError
+      #
+      def number_to_human(number, options = {})
+        delegate_number_helper_method(:number_to_human, number, options)
+      end
+
+      private
+        def delegate_number_helper_method(method, number, options)
+          return unless number
+          options = escape_unsafe_options(options.symbolize_keys)
+
+          wrap_with_output_safety_handling(number, options.delete(:raise)) {
+            ActiveSupport::NumberHelper.public_send(method, number, options)
+          }
+        end
+
+        def escape_unsafe_options(options)
+          options[:format]          = ERB::Util.html_escape(options[:format]) if options[:format]
+          options[:negative_format] = ERB::Util.html_escape(options[:negative_format]) if options[:negative_format]
+          options[:separator]       = ERB::Util.html_escape(options[:separator]) if options[:separator]
+          options[:delimiter]       = ERB::Util.html_escape(options[:delimiter]) if options[:delimiter]
+          options[:unit]            = ERB::Util.html_escape(options[:unit]) if options[:unit] && !options[:unit].html_safe?
+          options[:units]           = escape_units(options[:units]) if options[:units] && Hash === options[:units]
+          options
+        end
+
+        def escape_units(units)
+          units.transform_values do |v|
+            ERB::Util.html_escape(v)
+          end
+        end
+
+        def wrap_with_output_safety_handling(number, raise_on_invalid, &block)
+          valid_float = valid_float?(number)
+          raise InvalidNumberError, number if raise_on_invalid && !valid_float
+
+          formatted_number = yield
+
+          if valid_float || number.html_safe?
+            formatted_number.html_safe
+          else
+            formatted_number
+          end
+        end
+
+        def valid_float?(number)
+          !parse_float(number, false).nil?
+        end
+
+        def parse_float(number, raise_error)
+          result = Float(number, exception: false)
+          raise InvalidNumberError, number if result.nil? && raise_error
+          result
+        end
+    end
+  end
+end

data/lib/action_view/helpers/output_safety_helper.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/string/output_safety"
+
+module ActionView # :nodoc:
+  module Helpers # :nodoc:
+    # = Action View Raw Output \Helpers
+    module OutputSafetyHelper
+      # This method outputs without escaping a string. Since escaping tags is
+      # now default, this can be used when you don't want \Rails to automatically
+      # escape tags. This is not recommended if the data is coming from the user's
+      # input.
+      #
+      # For example:
+      #
+      #   raw @user.name
+      #   # => 'Jimmy <alert>Tables</alert>'
+      def raw(stringish)
+        stringish.to_s.html_safe
+      end
+
+      # This method returns an HTML safe string similar to what <tt>Array#join</tt>
+      # would return. The array is flattened, and all items, including
+      # the supplied separator, are HTML escaped unless they are HTML
+      # safe, and the returned string is marked as HTML safe.
+      #
+      #   safe_join([tag.p("foo"), "<p>bar</p>"], "<br>")
+      #   # => "<p>foo</p>&lt;br&gt;&lt;p&gt;bar&lt;/p&gt;"
+      #
+      #   safe_join([tag.p("foo"), tag.p("bar")], tag.br)
+      #   # => "<p>foo</p><br><p>bar</p>"
+      #
+      def safe_join(array, sep = $,)
+        sep = ERB::Util.unwrapped_html_escape(sep)
+
+        array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
+      end
+
+      # Converts the array to a comma-separated sentence where the last element is
+      # joined by the connector word. This is the html_safe-aware version of
+      # ActiveSupport's {Array#to_sentence}[https://api.rubyonrails.org/classes/Array.html#method-i-to_sentence].
+      #
+      def to_sentence(array, options = {})
+        options.assert_valid_keys(:words_connector, :two_words_connector, :last_word_connector, :locale)
+
+        default_connectors = {
+          words_connector: ", ",
+          two_words_connector: " and ",
+          last_word_connector: ", and "
+        }
+        if defined?(I18n)
+          i18n_connectors = I18n.translate(:'support.array', locale: options[:locale], default: {})
+          default_connectors.merge!(i18n_connectors)
+        end
+        options = default_connectors.merge!(options)
+
+        case array.length
+        when 0
+          "".html_safe
+        when 1
+          ERB::Util.html_escape(array[0])
+        when 2
+          safe_join([array[0], array[1]], options[:two_words_connector])
+        else
+          safe_join([safe_join(array[0...-1], options[:words_connector]), options[:last_word_connector], array[-1]], nil)
+        end
+      end
+    end
+  end
+end

data/lib/action_view/helpers/rendering_helper.rb

@@ -0,0 +1,218 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionView
+  module Helpers # :nodoc:
+    # # Action View Rendering Helpers
+    #
+    # Implements methods that allow rendering from a view context. In order to use
+    # this module, all you need is to implement view_renderer that returns an
+    # ActionView::Renderer object.
+    module RenderingHelper
+      # Renders a template and returns the result.
+      #
+      # Pass the template to render as the first argument. This is shorthand
+      # syntax for partial rendering, so the template filename should be
+      # prefixed with an underscore. The partial renderer looks for the partial
+      # template in the directory of the calling template first.
+      #
+      #     <% # app/views/posts/new.html.erb %>
+      #     <%= render "form" %>
+      #     # => renders app/views/posts/_form.html.erb
+      #
+      # Use the complete view path to render a partial from another directory.
+      #
+      #     <% # app/views/posts/show.html.erb %>
+      #     <%= render "comments/form" %>
+      #     # => renders app/views/comments/_form.html.erb
+      #
+      # Without the rendering mode, the second argument can be a Hash of local
+      # variable assignments for the template.
+      #
+      #     <% # app/views/posts/new.html.erb %>
+      #     <%= render "form", post: Post.new %>
+      #     # => renders app/views/posts/_form.html.erb
+      #
+      # If the first argument responds to `render_in`, the template will be rendered
+      # by calling `render_in` with the current view context.
+      #
+      #     class Greeting
+      #       def render_in(view_context)
+      #         view_context.render html: "<h1>Hello, World</h1>"
+      #       end
+      #
+      #       def format
+      #         :html
+      #       end
+      #     end
+      #
+      #     <%= render Greeting.new %>
+      #     # => "<h1>Hello, World</h1>"
+      #
+      # #### Rendering Mode
+      #
+      # Pass the rendering mode as first argument to override it.
+      #
+      # `:partial`
+      # :   See ActionView::PartialRenderer for details.
+      #
+      #         <%= render partial: "form", locals: { post: Post.new } %>
+      #         # => renders app/views/posts/_form.html.erb
+      #
+      # `:file`
+      # :   Renders the contents of a file. This option should **not** be used with
+      #     unsanitized user input.
+      #
+      #         <%= render file: "/path/to/some/file" %>
+      #         # => renders /path/to/some/file
+      #
+      # `:inline`
+      # :   Renders an ERB template string.
+      #
+      #         <% name = "World" %>
+      #         <%= render inline: "<h1>Hello, <%= name %>!</h1>" %>
+      #         # => renders "<h1>Hello, World!</h1>"
+      #
+      # `:body`
+      # :   Renders the provided text, and sets the format as `:text`.
+      #
+      #         <%= render body: "Hello, World!" %>
+      #         # => renders "Hello, World!"
+      #
+      # `:plain`
+      # :   Renders the provided text, and sets the format as `:text`.
+      #
+      #         <%= render plain: "Hello, World!" %>
+      #         # => renders "Hello, World!"
+      #
+      # `:html`
+      # :   Renders the provided HTML string, and sets the format as
+      #     `:html`. If the string is not `html_safe?`, performs HTML escaping on
+      #     the string before rendering.
+      #
+      #         <%= render html: "<h1>Hello, World!</h1>".html_safe %>
+      #         # => renders "<h1>Hello, World!</h1>"
+      #
+      #         <%= render html: "<h1>Hello, World!</h1>" %>
+      #         # => renders "&lt;h1&gt;Hello, World!&lt;/h1&gt;"
+      #
+      # `:renderable`
+      # :   Renders the provided object by calling `render_in` with the current view
+      #     context. The format is determined by calling `format` on the
+      #     renderable if it responds to `format`, falling back to `:html` by
+      #     default.
+      #
+      #         <%= render renderable: Greeting.new %>
+      #         # => renders "<h1>Hello, World</h1>"
+      #
+      #
+      # #### Options
+      #
+      # `:locals`
+      # :   Hash of local variable assignments for the template.
+      #
+      #         <%= render inline: "<h1>Hello, <%= name %>!</h1>", locals: { name: "World" } %>
+      #         # => renders "<h1>Hello, World!</h1>"
+      #
+      # `:formats`
+      # :   Override the current format to render a template for a different format.
+      #
+      #         <% # app/views/posts/show.html.erb %>
+      #         <%= render template: "posts/content", formats: [:text] %>
+      #         # => renders app/views/posts/content.text.erb
+      #
+      # `:variants`
+      # :   Render a template for a different variant.
+      #
+      #         <% # app/views/posts/show.html.erb %>
+      #         <%= render template: "posts/content", variants: [:tablet] %>
+      #         # => renders app/views/posts/content.html+tablet.erb
+      #
+      # `:handlers`
+      # :   Render a template for a different handler.
+      #
+      #         <% # app/views/posts/show.html.erb %>
+      #         <%= render template: "posts/content", handlers: [:builder] %>
+      #         # => renders app/views/posts/content.html.builder
+      def render(options = {}, locals = {}, &block)
+        case options
+        when Hash
+          in_rendering_context(options) do |renderer|
+            if block_given?
+              view_renderer.render_partial(self, options.merge(partial: options[:layout]), &block)
+            else
+              view_renderer.render(self, options)
+            end
+          end
+        else
+          if options.respond_to?(:render_in)
+            options.render_in(self, &block)
+          else
+            view_renderer.render_partial(self, partial: options, locals: locals, &block)
+          end
+        end
+      end
+
+      # Overrides _layout_for in the context object so it supports the case a block is
+      # passed to a partial. Returns the contents that are yielded to a layout, given
+      # a name or a block.
+      #
+      # You can think of a layout as a method that is called with a block. If the user
+      # calls `yield :some_name`, the block, by default, returns
+      # `content_for(:some_name)`. If the user calls simply `yield`, the default block
+      # returns `content_for(:layout)`.
+      #
+      # The user can override this default by passing a block to the layout:
+      #
+      #     # The template
+      #     <%= render layout: "my_layout" do %>
+      #       Content
+      #     <% end %>
+      #
+      #     # The layout
+      #     <html>
+      #       <%= yield %>
+      #     </html>
+      #
+      # In this case, instead of the default block, which would return `content_for(:layout)`,
+      # this method returns the block that was passed in to `render :layout`, and the response
+      # would be
+      #
+      #     <html>
+      #       Content
+      #     </html>
+      #
+      # Finally, the block can take block arguments, which can be passed in by
+      # `yield`:
+      #
+      #     # The template
+      #     <%= render layout: "my_layout" do |customer| %>
+      #       Hello <%= customer.name %>
+      #     <% end %>
+      #
+      #     # The layout
+      #     <html>
+      #       <%= yield Struct.new(:name).new("David") %>
+      #     </html>
+      #
+      # In this case, the layout would receive the block passed into `render :layout`,
+      # and the struct specified would be passed into the block as an argument. The result
+      # would be
+      #
+      #     <html>
+      #       Hello David
+      #     </html>
+      #
+      def _layout_for(*args, &block)
+        name = args.first
+
+        if block && !name.is_a?(Symbol)
+          capture(*args, &block)
+        else
+          super
+        end
+      end
+    end
+  end
+end