rails-hidden_autocomplete 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 714b227121581a2d002269a2255687b039ef2b2e5b18bf1c6e615cae6d3b3aec
+  data.tar.gz: 2f90d31085eceb2b3d0c084b215f2439464c06217bad2f0d22d26f5d9fbfd4e4
+SHA512:
+  metadata.gz: 3b18e08b4f20d30fb86258c4449c445fcb43518dd20c2962dc3940226e80f0a7ad5ccc720ba45ac40762bc59ed34b216584d044938a4ec8e09496ebd5c3d5c48
+  data.tar.gz: 4bfb358b4018c3ab3919d8d5559735bff7f08d76ac24dde8557371132e41896b2fe04cad5feb915c2545a0a87c75ba2a592b34930669a56a6b25052fb54de7ff

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 Ryan Baumann
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# rails-hidden_autocomplete
+This is a Rails plugin to add `autocomplete="off"` to all hidden form inputs generated by Rails. This is necessary because Firefox has [a long-running bug](https://bugzilla.mozilla.org/show_bug.cgi?id=520561) where it may populate hidden inputs **without** `autocomplete="off"` with completely random values. Since Rails uses hidden fields extensively for CSRF protection and non-standard HTTP methods, this issue is also tracked in the main Rails tracker here: [add autocomplete="OFF" to firefox-proof automagically added hidden fields like method](https://github.com/rails/rails/issues/42610)
+
+## Usage
+Using this plugin from a Rails 6 application should automatically override Rails classes which generate hidden form inputs to add an `autocomplete="off"` attribute.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rails-hidden_autocomplete'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install rails-hidden_autocomplete
+```
+
+## Contributing
+If you find a place that still emits hidden form inputs without an `autocomplete="off"` attribute, please feel free to submit a pull request to cover it.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Rails::HiddenAutocomplete'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/config/initializers/rails-hidden_autocomplete.rb

@@ -0,0 +1,6 @@
+Rails.application.reloader.to_prepare do
+  ActionView::Helpers::DateTimeSelector.prepend Rails::HiddenAutocomplete::ActionView::Helpers::DateTimeSelector
+  ActionView::Helpers::FormTagHelper.prepend Rails::HiddenAutocomplete::ActionView::Helpers::FormTagHelper
+  ActionView::Helpers::Tags.prepend Rails::HiddenAutocomplete::ActionView::Helpers::Tags
+  ActionView::Helpers::UrlHelper.prepend Rails::HiddenAutocomplete::ActionView::Helpers::UrlHelper
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/rails/hidden_autocomplete/action_view/helpers/date_time_selector.rb

@@ -0,0 +1,24 @@
+module Rails
+  module HiddenAutocomplete
+    module ActionView
+      module Helpers
+        module DateTimeSelector
+          private
+
+          def build_hidden(type, value)
+            select_options = {
+              type: 'hidden',
+              id: input_id_from_type(type),
+              name: input_name_from_type(type),
+              value: value,
+              autocomplete: 'off'
+            }.merge!(@html_options.slice(:disabled))
+            select_options[:disabled] = 'disabled' if @options[:disabled]
+
+            tag(:input, select_options) + "\n".html_safe
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails/hidden_autocomplete/action_view/helpers/form_tag_helper.rb

@@ -0,0 +1,13 @@
+module Rails
+  module HiddenAutocomplete
+    module ActionView
+      module Helpers
+        module FormTagHelper
+          def hidden_field_tag(name, value = nil, options = {})
+            super(name, value, options.merge(autocomplete: 'off'))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails/hidden_autocomplete/action_view/helpers/tags.rb

@@ -0,0 +1,16 @@
+module Rails
+  module HiddenAutocomplete
+    module ActionView
+      module Helpers
+        module Tags
+          class HiddenField
+            def render
+              @options[:autocomplete] = 'off'
+              super
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails/hidden_autocomplete/action_view/helpers/url_helper.rb

@@ -0,0 +1,76 @@
+module Rails
+  module HiddenAutocomplete
+    module ActionView
+      module Helpers
+        module UrlHelper
+          mattr_accessor :button_to_generates_button_tag, default: false
+
+          def button_to(name = nil, options = nil, html_options = nil, &block)
+            if block
+              html_options = options
+              options = name
+            end
+            options      ||= {}
+            html_options ||= {}
+            html_options = html_options.stringify_keys
+
+            url    = options.is_a?(String) ? options : url_for(options)
+            remote = html_options.delete('remote')
+            params = html_options.delete('params')
+
+            method     = html_options.delete('method').to_s
+            method_tag = %w[patch put delete].include?(method) ? method_tag(method) : ''.html_safe
+
+            form_method  = method == 'get' ? 'get' : 'post'
+            form_options = html_options.delete('form') || {}
+            form_options[:class] ||= html_options.delete('form_class') || 'button_to'
+            form_options[:method] = form_method
+            form_options[:action] = url
+            form_options[:'data-remote'] = true if remote
+
+            request_token_tag = if form_method == 'post'
+                                  request_method = method.empty? ? 'post' : method
+                                  token_tag(nil, form_options: { action: url, method: request_method })
+                                else
+                                  ''
+                                end
+
+            html_options = convert_options_to_data_attributes(options, html_options)
+            html_options['type'] = 'submit'
+
+            button = if block || button_to_generates_button_tag
+                       content_tag('button', name || url, html_options, &block)
+                     else
+                       html_options['value'] = name || url
+                       tag('input', html_options)
+                     end
+
+            inner_tags = method_tag.safe_concat(button).safe_concat(request_token_tag)
+            if params
+              to_form_params(params).each do |param|
+                inner_tags.safe_concat tag(:input, type: 'hidden', name: param[:name], value: param[:value],
+                                                   autocomplete: 'off')
+              end
+            end
+            content_tag('form', inner_tags, form_options)
+          end
+
+          private
+
+          def token_tag(token = nil, form_options: {})
+            if token != false && defined?(protect_against_forgery?) && protect_against_forgery?
+              token ||= form_authenticity_token(form_options: form_options)
+              tag(:input, type: 'hidden', name: request_forgery_protection_token.to_s, value: token, autocomplete: 'off')
+            else
+              ''
+            end
+          end
+
+          def method_tag(method)
+            tag('input', type: 'hidden', name: '_method', value: method.to_s, autocomplete: 'off')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails/hidden_autocomplete/engine.rb

@@ -0,0 +1,6 @@
+module Rails
+  module HiddenAutocomplete
+    class Engine < ::Rails::Engine
+    end
+  end
+end

data/lib/rails/hidden_autocomplete/version.rb

@@ -0,0 +1,5 @@
+module Rails
+  module HiddenAutocomplete
+    VERSION = '0.1.0'
+  end
+end

data/lib/rails/hidden_autocomplete.rb

@@ -0,0 +1,10 @@
+require "rails/hidden_autocomplete/engine"
+require "rails/hidden_autocomplete/action_view/helpers/date_time_selector"
+require "rails/hidden_autocomplete/action_view/helpers/form_tag_helper"
+require "rails/hidden_autocomplete/action_view/helpers/tags"
+require "rails/hidden_autocomplete/action_view/helpers/url_helper"
+
+module Rails
+  module HiddenAutocomplete
+  end
+end

data/lib/tasks/rails/hidden_autocomplete_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :rails_hidden_autocomplete do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: rails-hidden_autocomplete
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ryan Baumann
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-09-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.3.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.3.2
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: rails-hidden_autocomplete is a Rails-modifying Rails Engine to inject
+  the autocomplete="off" attribute into all hidden form inputs generated by Rails.
+  This is necessary because Firefox will randomly overwrite the values of hidden inputs
+  without an autocomplete="off" attribute.
+email:
+- ryan@podqueue.fm
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/rails_hidden_autocomplete_manifest.js
+- config/initializers/rails-hidden_autocomplete.rb
+- config/routes.rb
+- lib/rails/hidden_autocomplete.rb
+- lib/rails/hidden_autocomplete/action_view/helpers/date_time_selector.rb
+- lib/rails/hidden_autocomplete/action_view/helpers/form_tag_helper.rb
+- lib/rails/hidden_autocomplete/action_view/helpers/tags.rb
+- lib/rails/hidden_autocomplete/action_view/helpers/url_helper.rb
+- lib/rails/hidden_autocomplete/engine.rb
+- lib/rails/hidden_autocomplete/version.rb
+- lib/tasks/rails/hidden_autocomplete_tasks.rake
+homepage: https://github.com/podqueue/rails-hidden_autocomplete
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.6.2
+signing_key:
+specification_version: 4
+summary: Adds autocomplete="off" to all hidden inputs generated by Rails
+test_files: []