rack-mini-profiler 1.0.2 → 1.1.0

data/lib/html/includes.tmpl

@@ -1,25 +1,23 @@
-<script id="profilerTemplate" type="text/x-jquery-tmpl">
-
+<script id="profilerTemplate" type="text/x-dot-tmpl">
   <div class="profiler-result">
-
-    <div class="profiler-button {{if has_duplicate_sql_timings}}profiler-warning{{/if}}">
-    {{if has_duplicate_sql_timings}}<span class="profiler-nuclear">!</span>{{/if}}
-      <span class="profiler-number">
-        ${MiniProfiler.formatDuration(duration_milliseconds)} <span class="profiler-unit">ms</span>
-      </span>
-      {{if MiniProfiler.showTotalSqlCount()}}
+    <div class="profiler-button {{? it.has_duplicate_sql_timings}}profiler-warning{{?}}">
+    {{? it.has_duplicate_sql_timings}}<span class="profiler-nuclear">!</span>{{?}}
       <span class="profiler-number">
-        ${sql_count} <span class="profiler-unit">sql</span>
+        {{= MiniProfiler.formatDuration(it.duration_milliseconds)}} <span class="profiler-unit">ms</span>
       </span>
-      {{/if}}
+      {{? MiniProfiler.showTotalSqlCount()}}
+        <span class="profiler-number">
+          {{= it.sql_count}} <span class="profiler-unit">sql</span>
+        </span>
+      {{?}}
     </div>
 
     <div class="profiler-popup">
       <div class="profiler-info">
         <span class="profiler-name">
-          ${name} <span class="profiler-overall-duration">(${MiniProfiler.formatDuration(duration_milliseconds)} ms)</span>
+          {{= it.name}} <span class="profiler-overall-duration">({{= MiniProfiler.formatDuration(it.duration_milliseconds)}} ms)</span>
         </span>
-        <span class="profiler-server-time">${machine_name} on ${MiniProfiler.renderDate(started)}</span>
+        <span class="profiler-server-time">{{= it.machine_name}} on {{= MiniProfiler.renderDate(it.started)}}</span>
       </div>
       <div class="profiler-output">
         <table class="profiler-timings">
@@ -29,200 +27,192 @@
               <th>duration (ms)</th>
               <th class="profiler-duration-with-children">with children (ms)</th>
               <th class="time-from-start">from start (ms)</th>
-            {{if has_sql_timings}}
+            {{? it.has_sql_timings}}
               <th colspan="2">query time (ms)</th>
-            {{/if}}
-            {{each custom_timing_names}}
-              <th colspan="2">${$value.toLowerCase()} (ms)</th>
-            {{/each}}
+            {{?}}
+            {{~ it.custom_timing_names :value}}
+              <th colspan="2">{{= value.toLowerCase() }} (ms)</th>
+            {{~}}
             </tr>
           </thead>
           <tbody>
-            {{tmpl({timing:root, page:this.data}) "#timingTemplate"}}
+            {{= MiniProfiler.templates.timingTemplate({timing: it.root, page: it}) }}
           </tbody>
           <tfoot>
             <tr>
               <td colspan="3">
-                {{if !client_timings}}
-                {{tmpl "#linksTemplate"}}
-                {{/if}}
+                {{? !it.client_timings}}
+                   {{= MiniProfiler.templates.linksTemplate({timing: it.root, page: it}) }}
+                {{?}}
                 <a class="profiler-toggle-duration-with-children" title="toggles column with aggregate child durations">show time with children</a>
               </td>
-            {{if has_sql_timings}}
-              <td colspan="2" class="profiler-number profiler-percent-in-sql" title="${MiniProfiler.getSqlTimingsCount(root)} queries spent ${MiniProfiler.formatDuration(duration_milliseconds_in_sql)} ms of total request time">
-                ${MiniProfiler.formatDuration(duration_milliseconds_in_sql / duration_milliseconds * 100)}
-                <span class="profiler-unit">% in sql</span>
-              </td>
-            {{/if}}
-            {{each custom_timing_names}}
-              <td colspan="2" class="profiler-number profiler-percentage-in-sql" title="${custom_timing_stats[$value].count} ${$value.toLowerCase()} invocations spent ${MiniProfiler.formatDuration(custom_timing_stats[$value].duration)} ms of total request time">
-                ${MiniProfiler.formatDuration(custom_timing_stats[$value].duration / duration_milliseconds * 100)}
-                <span class="profiler-unit">% in ${$value.toLowerCase()}</span>
-              </td>
-            {{/each}}
+              {{? it.has_sql_timings}}
+                <td colspan="2" class="profiler-number profiler-percent-in-sql" title="{{= MiniProfiler.getSqlTimingsCount(it.root) }} queries spent {{= MiniProfiler.formatDuration(it.duration_milliseconds_in_sql) }} ms of total request time">
+                  {{= MiniProfiler.formatDuration(it.duration_milliseconds_in_sql / it.duration_milliseconds * 100) }}
+                  <span class="profiler-unit">% in sql</span>
+                </td>
+              {{?}}
+              {{~ it.custom_timing_names :value}}
+                <td colspan="2" class="profiler-number profiler-percentage-in-sql" title="{{= it.custom_timing_stats[value].count }} {{= value.toLowerCase() }} invocations spent {{= MiniProfiler.formatDuration(it.custom_timing_stats[value].duration) }} ms of total request time">
+                  {{= MiniProfiler.formatDuration(it.custom_timing_stats[value].duration / duration_milliseconds * 100) }}
+                  <span class="profiler-unit">% in {{= value.toLowerCase() }}</span>
+                </td>
+              {{~}}
             </tr>
           </tfoot>
         </table>
-        {{if client_timings}}
-        <table class="profiler-timings profiler-client-timings">
-          <thead>
-            <tr>
-              <th>client event</th>
-              <th>duration (ms)</th>
-              <th>from start (ms)</th>
-            </tr>
-          </thead>
-          <tbody>
-            {{each MiniProfiler.getClientTimings(client_timings)}}
-            <tr class="{{if $value.isTrivial }}profiler-trivial{{/if}}">
-              <td class="profiler-label">${$value.name}</td>
-              <td class="profiler-duration">
-                {{if $value.duration >= 0}}
-                <span class="profiler-unit"></span>${MiniProfiler.formatDuration($value.duration)}
-                {{/if}}
-              </td>
-              <td class="profiler-duration time-from-start">
-                <span class="profiler-unit">+</span>${MiniProfiler.formatDuration($value.start)}
+        {{? it.client_timings}}
+          <table class="profiler-timings profiler-client-timings">
+            <thead>
+              <tr>
+                <th>client event</th>
+                <th>duration (ms)</th>
+                <th>from start (ms)</th>
+              </tr>
+            </thead>
+            <tbody>
+              {{~ MiniProfiler.getClientTimings(it.client_timings) :value}}
+                <tr class="{{? value.isTrivial }}profiler-trivial{{?}}">
+                  <td class="profiler-label">{{= value.name }}</td>
+                  <td class="profiler-duration">
+                    {{? value.duration >= 0}}
+                      <span class="profiler-unit"></span>{{= MiniProfiler.formatDuration(value.duration) }}
+                    {{?}}
+                  </td>
+                  <td class="profiler-duration time-from-start">
+                    <span class="profiler-unit">+</span>{{= MiniProfiler.formatDuration(value.start) }}
+                  </td>
+                </tr>
+              {{~}}
+            </tbody>
+            <tfoot>
+              <td colspan="3">
+                 {{= MiniProfiler.templates.linksTemplate({timing: it.root, page: it}) }}
               </td>
-            </tr>
-            {{/each}}
-          </tbody>
-          <tfoot>
-            <td colspan="3">
-              {{tmpl "#linksTemplate"}}
-            </td>
-          </tfoot>
-        </table>
-        {{/if}}
+            </tfoot>
+          </table>
+        {{?}}
       </div>
     </div>
 
-  {{if has_sql_timings}}
-    <div class="profiler-queries">
-      <table>
-      <thead>
-        <tr>
-          <th style="text-align:right">step<br />time from start<br />query type<br />duration</th>
-          <th style="text-align:left">call stack<br />query</th>
-        </tr>
-      </thead>
-      <tbody>
-        {{each(i, s) MiniProfiler.getSqlTimings(root)}}
-          {{tmpl({ g:s.prevGap }) "#sqlGapTemplate"}}
-          {{tmpl({ i:i, s:s }) "#sqlTimingTemplate"}}
-          {{if s.nextGap}}
-            {{tmpl({ g:s.nextGap }) "#sqlGapTemplate"}}
-          {{/if}}
-        {{/each}}
-      </tbody>
-      </table>
-      <p class="profiler-trivial-gap-container">
-        <a class="profiler-toggle-trivial-gaps" href="#">show trivial gaps</a>
-      </p>
-    </div>
-  {{/if}}
-
+    {{? it.has_sql_timings}}
+      <div class="profiler-queries">
+        <table>
+        <thead>
+          <tr>
+            <th style="text-align:right">step<br />time from start<br />query type<br />duration</th>
+            <th style="text-align:left">call stack<br />query</th>
+          </tr>
+        </thead>
+        <tbody>
+          {{~ MiniProfiler.getSqlTimings(it.root) :value:index}}
+            {{= MiniProfiler.templates.sqlGapTemplate({g: value.prevGap}) }}
+            {{= MiniProfiler.templates.sqlTimingTemplate({i: index, s: value}) }}
+            {{? value.nextGap}}
+              {{= MiniProfiler.templates.sqlGapTemplate({g: value.nextGap}) }}
+            {{?}}
+          {{~}}
+        </tbody>
+        </table>
+        <p class="profiler-trivial-gap-container">
+          <a class="profiler-toggle-trivial-gaps">show trivial gaps</a>
+        </p>
+      </div>
+    {{?}}
   </div>
-
 </script>
 
-<script id="linksTemplate" type="text/x-jquery-tmpl">
-  <a href="${MiniProfiler.shareUrl(id)}" class="profiler-share-profiler-results" target="_blank">share</a>
-  <a href="${MiniProfiler.moreUrl()}" class="profiler-more-actions">more</a>
-  {{if custom_link}}
-  <a href="${custom_link}" class="profiler-custom-link" target="_blank">${custom_link_name}</a>
-  {{/if}}
-  {{if has_trivial_timings}}
-  <a class="profiler-toggle-trivial" data-show-on-load="${has_all_trivial_timings}" title="toggles any rows with &lt; ${trivial_duration_threshold_milliseconds} ms">
-    show trivial
-  </a>
-  {{/if}}
+<script id="linksTemplate" type="text/x-dot-tmpl">
+  <a href="{{= MiniProfiler.shareUrl(it.page.id) }}" class="profiler-share-profiler-results" target="_blank">share</a>
+  <a href="{{= MiniProfiler.moreUrl(it.timing.name) }}" class="profiler-more-actions">more</a>
+  {{? it.custom_link}}
+    <a href="{{= it.custom_link }}" class="profiler-custom-link" target="_blank">{{= it.custom_link_name }}</a>
+  {{?}}
+  {{? it.has_trivial_timings}}
+    <a class="profiler-toggle-trivial" data-show-on-load="{{= it.has_all_trivial_timings }}" title="toggles any rows with &lt; {{= it.trivial_duration_threshold_milliseconds }} ms">
+      show trivial
+    </a>
+  {{?}}
 </script>
 
-<script id="timingTemplate" type="text/x-jquery-tmpl">
-
-  <tr class="{{if timing.is_trivial }}profiler-trivial{{/if}}" data-timing-id="${timing.id}">
-    <td class="profiler-label" title="{{if timing.name && timing.name.length > 45 }}${timing.name}{{/if}}">
-      <span class="profiler-indent">${MiniProfiler.renderIndent(timing.depth)}</span> ${timing.name.slice(0,45)}{{if timing.name && timing.name.length > 45 }}...{{/if}}
+<script id="timingTemplate" type="text/x-dot-tmpl">
+  <tr class="{{? it.timing.is_trivial }}profiler-trivial{{?}}" data-timing-id="{{= it.timing.id }}">
+    <td class="profiler-label" title="{{? it.timing.name && it.timing.name.length > 45 }}{{= it.timing.name }}{{?}}">
+      <span class="profiler-indent">{{= MiniProfiler.renderIndent(it.timing.depth) }}</span> {{= it.timing.name.slice(0,45) }}{{? it.timing.name && it.timing.name.length > 45 }}...{{?}}
     </td>
     <td class="profiler-duration" title="duration of this step without any children's durations">
-      ${MiniProfiler.formatDuration(timing.duration_without_children_milliseconds)}
+      {{= MiniProfiler.formatDuration(it.timing.duration_without_children_milliseconds) }}
     </td>
     <td class="profiler-duration profiler-duration-with-children" title="duration of this step and its children">
-      ${MiniProfiler.formatDuration(timing.duration_milliseconds)}
+      {{= MiniProfiler.formatDuration(it.timing.duration_milliseconds) }}
     </td>
     <td class="profiler-duration time-from-start" title="time elapsed since profiling started">
-      <span class="profiler-unit">+</span>${MiniProfiler.formatDuration(timing.start_milliseconds)}
+      <span class="profiler-unit">+</span>{{= MiniProfiler.formatDuration(it.timing.start_milliseconds) }}
     </td>
 
-  {{if timing.has_sql_timings}}
-    <td class="profiler-duration {{if timing.has_duplicate_sql_timings}}profiler-warning{{/if}}" title="{{if timing.has_duplicate_sql_timings}}duplicate queries detected - {{/if}}{{if timing.executed_readers > 0 || timing.executed_scalars > 0 || timing.executed_non_queries > 0}}${timing.executed_readers} reader, ${timing.executed_scalars} scalar, ${timing.executed_non_queries} non-query statements executed{{/if}}">
+  {{? it.timing.has_sql_timings}}
+    <td class="profiler-duration {{? it.timing.has_duplicate_sql_timings}}profiler-warning{{?}}" title="{{? it.timing.has_duplicate_sql_timings}}duplicate queries detected - {{?}}{{? it.timing.executed_readers > 0 || it.timing.executed_scalars > 0 || it.timing.executed_non_queries > 0}}{{= it.timing.executed_readers }} reader, {{= it.timing.executed_scalars }} scalar, {{= it.timing.executed_non_queries }} non-query statements executed{{?}}">
       <a class="profiler-queries-show">
-        {{if timing.has_duplicate_sql_timings}}<span class="profiler-nuclear">!</span>{{/if}}
-        ${timing.sql_timings.length} <span class="profiler-unit">sql</span>
+        {{? it.timing.has_duplicate_sql_timings}}<span class="profiler-nuclear">!</span>{{?}}
+        {{= it.timing.sql_timings.length }} <span class="profiler-unit">sql</span>
       </a>
     </td>
     <td class="profiler-duration" title="aggregate duration of all queries in this step (excludes children)">
-      ${MiniProfiler.formatDuration(timing.sql_timings_duration_milliseconds)}
+      {{= MiniProfiler.formatDuration(it.timing.sql_timings_duration_milliseconds) }}
     </td>
-  {{else}}
+  {{??}}
     <td colspan="2"></td>
-  {{/if}}
+  {{?}}
 
-  {{each page.custom_timing_names}}
-    {{if timing.custom_timings && timing.custom_timings[$value]}}
-      <td class="profiler-duration" title="aggregate number of all ${$value.toLowerCase()} invocations in this step (excludes children)">
-        ${timing.custom_timings[$value].length} ${$value.toLowerCase()}
+  {{~ it.page.custom_timing_names :value}}
+    {{? it.timing.custom_timings && it.timing.custom_timings[value]}}
+      <td class="profiler-duration" title="aggregate number of all {{= value.toLowerCase() }} invocations in this step (excludes children)">
+        {{= it.timing.custom_timings[value].length }} {{= value.toLowerCase() }}
       </td>
-      <td class="profiler-duration" title="aggregate duration of all ${$value.toLowerCase()} invocations in this step (excludes children)">
-        ${MiniProfiler.formatDuration(timing.custom_timing_stats[$value].duration)}
+      <td class="profiler-duration" title="aggregate duration of all {{= value.toLowerCase() }} invocations in this step (excludes children)">
+        {{= MiniProfiler.formatDuration(it.timing.custom_timing_stats[value].duration) }}
       </td>
-    {{else}}
+    {{??}}
       <td colspan="2"></td>
-    {{/if}}
-  {{/each}}
+    {{?}}
+  {{~}}
 
   </tr>
 
-  {{if timing.has_children}}
-    {{each timing.children}}
-      {{tmpl({timing: $value, page: page}) "#timingTemplate"}}
-    {{/each}}
-  {{/if}}
-
+  {{? it.timing.has_children}}
+    {{~ it.timing.children :value}}
+      {{= MiniProfiler.templates.timingTemplate({timing: value, page: it}) }}
+    {{~}}
+  {{?}}
 </script>
 
-<script id="sqlTimingTemplate" type="text/x-jquery-tmpl">
-
-  <tr class="${s.row_class}" data-timing-id="${s.parent_timing_id}">
+<script id="sqlTimingTemplate" type="text/x-dot-tmpl">
+  <tr class="{{= it.s.row_class || '' }}" data-timing-id="{{= it.s.parent_timing_id }}">
     <td class="profiler-info">
-      <div>${s.parent_timing_name}</div>
-      <div class="profiler-number"><span class="profiler-unit">T+</span>${MiniProfiler.formatDuration(s.start_milliseconds)} <span class="profiler-unit">ms</span></div>
+      <div>{{= it.s.parent_timing_name }}</div>
+      <div class="profiler-number"><span class="profiler-unit">T+</span>{{= MiniProfiler.formatDuration(it.s.start_milliseconds) }} <span class="profiler-unit">ms</span></div>
       <div>
-        {{if s.is_duplicate}}<span class="profiler-warning">DUPLICATE</span>{{/if}}
-        ${MiniProfiler.renderExecuteType(s.execute_type)}
+        {{? it.s.is_duplicate}}<span class="profiler-warning">DUPLICATE</span>{{?}}
+        {{= MiniProfiler.renderExecuteType(it.s.execute_type) }}
       </div>
-      <div title="{{if s.execute_type == 3}}first result fetched: ${s.first_fetch_duration_milliseconds}ms{{/if}}">${MiniProfiler.formatDuration(s.duration_milliseconds)} <span class="profiler-unit">ms</span></div>
+      <div title="{{? it.s.execute_type == 3}}first result fetched: {{= it.s.first_fetch_duration_milliseconds }}ms{{?}}">{{= MiniProfiler.formatDuration(it.s.duration_milliseconds) }} <span class="profiler-unit">ms</span></div>
     </td>
     <td>
       <div class="query">
-        <pre class="profiler-stack-trace">${s.stack_trace_snippet}</pre>
-        <pre class="prettyprint lang-sql"><code>${s.formatted_command_string}; ${MiniProfiler.formatParameters(s.parameters)}</code></pre>
+        <pre class="profiler-stack-trace">{{= it.s.stack_trace_snippet }}</pre>
+        <pre class="prettyprint lang-sql"><code>{{= it.s.formatted_command_string }}; {{= MiniProfiler.formatParameters(it.s.parameters) }}</code></pre>
       </div>
     </td>
   </tr>
-
 </script>
 
-<script id="sqlGapTemplate" type="text/x-jquery-tmpl">
-
-  <tr class="profiler-gap-info{{if g.duration < 4}} profiler-trivial-gaps{{/if}}">
+<script id="sqlGapTemplate" type="text/x-dot-tmpl">
+  <tr class="profiler-gap-info{{? it.g.duration < 4}} profiler-trivial-gaps{{?}}">
     <td class="profiler-info">
-      ${g.duration} <span class="profiler-unit">ms</span>  
+      {{= it.g.duration }} <span class="profiler-unit">ms</span>
     </td>
     <td class="query">
-      <div>${g.topReason.name} &mdash; ${g.topReason.duration.toFixed(2)} <span class="profiler-unit">ms</span></div>
+      <div>{{= it.g.topReason.name }} &mdash; {{= it.g.topReason.duration.toFixed(2) }} <span class="profiler-unit">ms</span></div>
     </td>
   </tr>
-
 </script>

data/lib/html/share.html

@@ -1,7 +1,6 @@
 <html>
     <head>
         <title><%= name %> (<%= duration %> ms) - Profiling Results</title>
-        <script type='text/javascript' src='<%= path %>jquery.1.7.1.js?v=<%= version %>'></script>
         <script type='text/javascript'> var profiler = <%= json %>; </script>
         <%= includes %>
     </head>

data/lib/mini_profiler/asset_version.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 module Rack
   class MiniProfiler
-    ASSET_VERSION = '355f78011d9b95de14a5b1014b088681'.freeze
+    ASSET_VERSION = '0ade3000608cde95db93022b6576d63a'
   end
-end
+end

data/lib/mini_profiler/config.rb

@@ -34,9 +34,9 @@ module Rack
             end
           end
           @enabled = true
-          @disable_env_dump = false
           @max_sql_param_length = 0 # disable sql parameter collection by default
           @skip_sql_param_names = /password/ # skips parameters with the name password by default
+          @enable_advanced_debugging_tools = false
 
           # ui parameters
           @autorized            = true
@@ -47,7 +47,7 @@ module Rack
           @show_trivial         = false
           @show_total_sql_count = false
           @start_hidden         = false
-          @toggle_shortcut      = 'Alt+P'
+          @toggle_shortcut      = 'alt+p'
           @html_container       = 'body'
           @position             = "top-left"
 
@@ -57,10 +57,10 @@ module Rack
 
       attr_accessor :authorization_mode, :auto_inject, :backtrace_ignores,
         :backtrace_includes, :backtrace_remove, :backtrace_threshold_ms,
-        :base_url_path, :disable_caching, :disable_env_dump, :enabled,
+        :base_url_path, :disable_caching, :enabled,
         :flamegraph_sample_rate, :logger, :pre_authorize_cb, :skip_paths,
         :skip_schema_queries, :storage, :storage_failure, :storage_instance,
-        :storage_options, :user_provider
+        :storage_options, :user_provider, :enable_advanced_debugging_tools
       attr_accessor :skip_sql_param_names, :suppress_encoding, :max_sql_param_length
 
       # ui accessors

data/lib/mini_profiler/profiler.rb

@@ -62,6 +62,11 @@ module Rack
         Thread.current[:mp_authorized]
       end
 
+      def advanced_tools_message
+        <<~TEXT
+          This feature is disabled by default, to enable set the enable_advanced_debugging_tools option to true in Mini Profiler config.
+        TEXT
+      end
     end
 
     #
@@ -71,7 +76,7 @@ module Rack
       MiniProfiler.config.merge!(config)
       @config = MiniProfiler.config
       @app    = app
-      @config.base_url_path << "/" unless @config.base_url_path.end_with? "/"
+      @config.base_url_path += "/" unless @config.base_url_path.end_with? "/"
       unless @config.storage_instance
         @config.storage_instance = @config.storage.new(@config.storage_options)
       end
@@ -84,11 +89,11 @@ module Rack
 
     def serve_results(env)
       request     = Rack::Request.new(env)
-      id          = request[:id]
+      id          = request.params['id']
       page_struct = @storage.load(id)
       unless page_struct
         @storage.set_viewed(user(env), id)
-        id        = ERB::Util.html_escape(request['id'])
+        id        = ERB::Util.html_escape(request.params['id'])
         user_info = ERB::Util.html_escape(user(env))
         return [404, {}, ["Request not found: #{id} - user #{user_info}"]]
       end
@@ -147,6 +152,14 @@ module Rack
       @config
     end
 
+    def advanced_debugging_enabled?
+      config.enable_advanced_debugging_tools
+    end
+
+    def tool_disabled_message(client_settings)
+      client_settings.handle_cookie(text_result(Rack::MiniProfiler.advanced_tools_message))
+    end
+
     def call(env)
 
       start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
@@ -195,12 +208,14 @@ module Rack
 
       # profile gc
       if query_string =~ /pp=profile-gc/
+        return tool_disabled_message(client_settings) if !advanced_debugging_enabled?
         current.measure = false if current
         return client_settings.handle_cookie(Rack::MiniProfiler::GCProfiler.new.profile_gc(@app, env))
       end
 
       # profile memory
       if query_string =~ /pp=profile-memory/
+        return tool_disabled_message(client_settings) if !advanced_debugging_enabled?
         query_params = Rack::Utils.parse_nested_query(query_string)
         options = {
           ignore_files: query_params['memory_profiler_ignore_files'],
@@ -307,12 +322,14 @@ module Rack
         return client_settings.handle_cookie(dump_exceptions exceptions)
       end
 
-      if query_string =~ /pp=env/ && !config.disable_env_dump
+      if query_string =~ /pp=env/
+        return tool_disabled_message(client_settings) if !advanced_debugging_enabled?
         body.close if body.respond_to? :close
         return client_settings.handle_cookie(dump_env env)
       end
 
       if query_string =~ /pp=analyze-memory/
+        return tool_disabled_message(client_settings) if !advanced_debugging_enabled?
         body.close if body.respond_to? :close
         return client_settings.handle_cookie(analyze_memory)
       end
@@ -331,6 +348,17 @@ module Rack
         return client_settings.handle_cookie(self.flamegraph(flamegraph))
       end
 
+      if path == '/rack-mini-profiler/requests'
+        blank_page_html = <<~HTML
+          <html>
+            <head></head>
+            <body></body>
+          </html>
+        HTML
+
+        status, headers, body = [200, { 'Content-Type' => 'text/html' }, [blank_page_html.dup]]
+      end
+
       begin
         @storage.save(page_struct)
         # no matter what it is, it should be unviewed, otherwise we will miss POST
@@ -369,7 +397,7 @@ module Rack
 
       # inject header
       if headers.is_a? Hash
-        headers['X-MiniProfiler-Ids'] = ids_json(env)
+        headers['X-MiniProfiler-Ids'] = ids_comma_separated(env)
       end
 
       if current.inject_js && content_type =~ /text\/html/
@@ -528,7 +556,7 @@ module Rack
 
     def make_link(postfix, env)
       link = env["PATH_INFO"] + "?" + env["QUERY_STRING"].sub("pp=help", "pp=#{postfix}")
-      "pp=<a href='#{link}'>#{postfix}</a>"
+      "pp=<a href='#{ERB::Util.html_escape(link)}'>#{postfix}</a>"
     end
 
     def help(client_settings, env)
@@ -574,10 +602,6 @@ Append the following to your query string:
       all
     end
 
-    def ids_json(env)
-      ::JSON.generate(ids(env))
-    end
-
     def ids_comma_separated(env)
       ids(env).join(",")
     end