vega 0.2.5 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c067bc284fb8cb8d590bc3840e1903c6da0ba49f55f9c0cc784d88358d0ff5c
-  data.tar.gz: 22268adc67db09659c8b7701f893f6df63cbd34810845b6bdcd8a359364b0df1
+  metadata.gz: 4fa6db813593582eba71e4d7f4b306553fb6530288478b2b03daf20b952a6827
+  data.tar.gz: 7b09a35505f87dc7e2498f8318947073a95ae4aa353e4b127c2f48c6baff263a
 SHA512:
-  metadata.gz: 5257af439bd6fdb7530a3c036a75449fedb7b2a28efe0aa426761588f07e150de7327ce52dd8e138aebacb87c3ffdf7a484356d021395b37567c01217d0f4931
-  data.tar.gz: b360e400d2adb00623c8ec32b1d169260959e6a7b62f4d6723329aefc5177cfb8d60bb07d2d31c966d1442a126e787007bc0dae75eb0846eaf3cadcbc562ed0b
+  metadata.gz: 32ffb63658b185ee27f46254dafe333f905a47ec4b5aae591009810dbc26815aa71d890f77f7c107c3465631ca5914d9d3edfefec84cfdb151c7e5f8af12813f
+  data.tar.gz: bf929161b62990cd9cab96fed031611ab03037b083c9ecebe401990359c9818bcb500bfaac3b709045da5ef880c322f8a3b7723758b50501e1072fd1a514171c

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.2.7 (2022-09-21)
+
+- Updated Vega to 5.22.1, Vega-Lite to 5.5.0, and Vega-Embed to 6.21.0
+
+## 0.2.6 (2022-02-02)
+
+- Added `vega_chart` helper
+- Added `nonce` option
+- Added `to_html` method
+
 ## 0.2.5 (2022-01-22)
 
 - Updated Vega-Lite to 5.2.0 and Vega-Embed to 6.20.5

data/README.md

@@ -19,6 +19,7 @@ gem "vega"
 Then follow the instructions for how you plan to use it:
 
 - [Rails 7 / Importmap](#rails-7--importmap)
+- [Rails 7 / esbuild or Webpack](#rails-7--esbuild-or-webpack)
 - [Rails 6 / Webpacker](#rails-6--webpacker)
 - [Rails 5 / Sprockets](#rails-5--sprockets)
 - [iRuby](#iruby)
@@ -41,7 +42,24 @@ import "vega"
 import "vega-lite"
 import "vega-embed"
 
-window.dispatchEvent(new Event("vega:load"));
+window.dispatchEvent(new Event("vega:load"))
+```
+
+### Rails 7 / esbuild or Webpack
+
+Run:
+
+```sh
+yarn add vega vega-lite vega-embed
+```
+
+And add to `app/javascript/application.js`:
+
+```js
+import embed from "vega-embed"
+
+window.vegaEmbed = embed
+window.dispatchEvent(new Event("vega:load"))
 ```
 
 ### Rails 6 / Webpacker
@@ -74,12 +92,12 @@ No additional set up is needed.
 
 ### Other
 
-For Sinatra and other web frameworks, include the Vega JavaScript files on pages with charts:
+For Sinatra and other web frameworks, download [Vega](https://cdn.jsdelivr.net/npm/vega@5), [Vega-Lite](https://cdn.jsdelivr.net/npm/vega-lite@5), and [Vega-Embed](https://cdn.jsdelivr.net/npm/vega-embed@6) and include them on pages with charts:
 
 ```html
-<script src="https://cdn.jsdelivr.net/npm/vega@5.21.0"></script>
-<script src="https://cdn.jsdelivr.net/npm/vega-lite@5.2.0"></script>
-<script src="https://cdn.jsdelivr.net/npm/vega-embed@6.20.5"></script>
+<script src="vega.js"></script>
+<script src="vega-lite.js"></script>
+<script src="vega-embed.js"></script>
 ```
 
 ## Getting Started
@@ -324,7 +342,7 @@ spec = {
 And render it in Rails
 
 ```erb
-<%= Vega.render(spec) %>
+<%= vega_chart spec %>
 ```
 
 Or display it in iRuby
@@ -367,6 +385,29 @@ File.binwrite("chart.pdf", chart.to_pdf)
 
 ## Content Security Policy (CSP)
 
+### Styles and Frames
+
+Enable unsafe inline styles and blob frames on actions that have charts
+
+```ruby
+class ChartsController < ApplicationController
+  content_security_policy only: :index do |policy|
+    policy.style_src :self, :unsafe_inline
+    policy.frame_src :blob
+  end
+end
+```
+
+### Nonce
+
+Automatically add a nonce when configured in Rails with:
+
+```erb
+<%= vega_chart chart %>
+```
+
+### Interpreter
+
 By default, the Vega parser uses the Function constructor, which [can cause issues with CSP](https://vega.github.io/vega/usage/interpreter/).
 
 For Rails 7 / Importmap, add to `config/importmap.rb`:

data/lib/vega/base_chart.rb

@@ -18,9 +18,10 @@ module Vega
     end
     immutable_method :embed_options
 
-    def to_s
-      Spec.new(spec).to_s
+    def to_html(nonce: nil)
+      Spec.new(spec).to_html(nonce: nonce)
     end
+    alias_method :to_s, :to_html
 
     def to_iruby
       Spec.new(spec).to_iruby

data/lib/vega/helper.rb

@@ -0,0 +1,29 @@
+module Vega
+  module Helper
+    def vega_chart(chart, nonce: true)
+      unless chart.is_a?(Vega::BaseChart) || chart.is_a?(Hash)
+        raise TypeError, "expected Vega chart or spec"
+      end
+
+      if nonce == true
+        # Secure Headers also defines content_security_policy_nonce but it takes an argument
+        # Rails 5.2 overrides this method, but earlier versions do not
+        if respond_to?(:content_security_policy_nonce) && (content_security_policy_nonce rescue nil)
+          # Rails 5.2
+          nonce = content_security_policy_nonce
+        elsif respond_to?(:content_security_policy_script_nonce)
+          # Secure Headers
+          nonce = content_security_policy_script_nonce
+        else
+          nonce = nil
+        end
+      end
+
+      if chart.is_a?(Hash)
+        Vega.render(chart, nonce: nonce)
+      else
+        chart.to_html(nonce: nonce)
+      end
+    end
+  end
+end

data/lib/vega/spec.rb

@@ -6,11 +6,12 @@ module Vega
       @spec = spec.transform_keys!(&:to_s)
     end
 
-    def to_s
+    def to_html(nonce: nil)
       html, js = generate_output
+      nonce_html = nonce ? " nonce=\"#{ERB::Util.html_escape(nonce)}\"" : nil
       output = <<~EOS
         #{html}
-        <script>
+        <script#{nonce_html}>
           (function() {
             var createChart = function() { #{js} };
             if ("vegaEmbed" in window) {
@@ -23,6 +24,7 @@ module Vega
       EOS
       output.respond_to?(:html_safe) ? output.html_safe : output
     end
+    alias_method :to_s, :to_html
 
     # TODO only load vega-lite if $schema requires it
     def to_iruby
@@ -32,10 +34,10 @@ module Vega
         <script>
           require.config({
             paths: {
-              'vega': 'https://cdn.jsdelivr.net/npm/vega@5.21.0/build/vega.min',
+              'vega': 'https://cdn.jsdelivr.net/npm/vega@5.22.1/build/vega.min',
               'vega-util': 'https://cdn.jsdelivr.net/npm/vega-util@1.17.0/build/vega-util.min',
-              'vega-lite': 'https://cdn.jsdelivr.net/npm/vega-lite@5.2.0/build/vega-lite.min',
-              'vega-embed': 'https://cdn.jsdelivr.net/npm/vega-embed@6.20.5/build/vega-embed.min'
+              'vega-lite': 'https://cdn.jsdelivr.net/npm/vega-lite@5.5.0/build/vega-lite.min',
+              'vega-embed': 'https://cdn.jsdelivr.net/npm/vega-embed@6.21.0/build/vega-embed.min'
             }
           });
           require(['vega', 'vega-util', 'vega-lite', 'vega-embed'], function(vega, vegaUtil, vegaLite, vegaEmbed) {

data/lib/vega/version.rb

@@ -1,3 +1,3 @@
 module Vega
-  VERSION = "0.2.5"
+  VERSION = "0.2.7"
 end

data/lib/vega.rb

@@ -9,6 +9,7 @@ require "vega/base_chart"
 require "vega/chart"
 require "vega/lite_chart"
 require "vega/spec"
+require "vega/helper"
 require "vega/version"
 
 # integrations
@@ -25,8 +26,8 @@ module Vega
       LiteChart.new
     end
 
-    def render(spec)
-      Spec.new(spec).to_s
+    def render(spec, nonce: nil)
+      Spec.new(spec).to_html(nonce: nonce)
     end
 
     def display(spec)
@@ -34,3 +35,9 @@ module Vega
     end
   end
 end
+
+if defined?(ActiveSupport.on_load)
+  ActiveSupport.on_load(:action_view) do
+    include Vega::Helper
+  end
+end