view_component 3.0.0.rc2 → 3.0.0.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2171ee963d59844894858309db964f092fb423bc4828a3bccbc917608502278
-  data.tar.gz: aaf7c734530bf46ea0fa5e7fdad4c6efaf7325eb45970fa2bea56d6c9f9a15c1
+  metadata.gz: 53d058ef489a0f7230b3a83fe92d36fab42b9b8ccf0cd2bba0d12f7320f2c261
+  data.tar.gz: de28dc5a7e3e9c34c3cf81bbd5d52f518c653950552547c86a547bb4a577bdfa
 SHA512:
-  metadata.gz: 5f26a04b1af1b93be44db4436d57544c182c64a1d1036a2db62cecf0bc8b12da3f7ccf11e7cb8bf88c9c915495686ddcd774cca13a5adf7353dfc678d6c7ead1
-  data.tar.gz: a982b51ed80dc7da05da996005b2e60ca7af576a91c5ef13cdd68698735635fb42834e7cc45d23e5cbf45326b4ab8d8b85a1e6ddb7b2967a6d1e45638c73d50a
+  metadata.gz: d6161e41e5b9b82ce20f9ffc624cfe2910e707d867e2ba0019bc960a02353e7d2b083700e3504ea1f84da83f9a31110eb581a07a16609d30c6a7737806f5986e
+  data.tar.gz: c137ce79675ec78c4f31dff419b42fdf31d2af696e2275047d74058c7e1402be00e0e44df125ea6c5803b59e6931d8a7619c9c266376b02881965a778e60d784

data/app/controllers/view_components_system_test_controller.rb

@@ -1,7 +1,28 @@
 # frozen_string_literal: true
 
 class ViewComponentsSystemTestController < ActionController::Base # :nodoc:
+  TEMP_DIR = FileUtils.mkdir_p("./tmp/view_components/").first
+
+  before_action :validate_test_env
+  before_action :validate_file_path
+
   def system_test_entrypoint
-    render file: "./tmp/view_components/#{params.permit(:file)[:file]}"
+    render file: @path
+  end
+
+  private
+
+  def validate_test_env
+    raise "ViewComponentsSystemTestController must only be called in a test environment" unless Rails.env.test?
+  end
+
+  # Ensure that the file path is valid and doesn't target files outside
+  # the expected directory (e.g. via a path traversal or symlink attack)
+  def validate_file_path
+    base_path = ::File.realpath(TEMP_DIR)
+    @path = ::File.realpath(params.permit(:file)[:file], base_path)
+    unless @path.start_with?(base_path)
+      raise ArgumentError, "Invalid file path"
+    end
   end
 end

data/docs/CHANGELOG.md

@@ -10,6 +10,42 @@ nav_order: 5
 
 ## main
 
+## v3.0.0.rc4
+
+Run into an issue with this release candidate? [Let us know](https://github.com/ViewComponent/view_component/issues/1629).
+
+* Add `TestHelpers#vc_test_request`.
+
+    *Joel Hawksley*
+
+## v3.0.0.rc3
+
+Run into an issue with this release candidate? [Let us know](https://github.com/ViewComponent/view_component/issues/1629).
+
+* Fix typos in generator docs.
+
+    *Sascha Karnatz*
+
+* Add `TestHelpers#vc_test_controller`.
+
+    *Joel Hawksley*
+
+* Document `config.view_component.capture_compatibility_patch_enabled` as option for the known incompatibilities with Rails form helpers.
+
+    *Tobias L. Maier*
+
+* Add support for experimental inline templates.
+
+    *Blake Williams*
+
+* Expose `translate` and `t` I18n methods on component classes.
+
+    *Elia Schito*
+
+* Protect against Arbitrary File Read edge case in `ViewComponentsSystemTestController`.
+
+    *Nick Malcolm*
+
 ## v3.0.0.rc2
 
 Run into an issue with this release? [Let us know](https://github.com/ViewComponent/view_component/issues/1629).

data/lib/view_component/base.rb

@@ -481,6 +481,11 @@ module ViewComponent
         compiler.compiled?
       end
 
+      # @private
+      def ensure_compiled
+        compile unless compiled?
+      end
+
       # Compile templates to instance methods, assuming they haven't been compiled already.
       #
       # Do as much work as possible in this step, as doing so reduces the amount

data/lib/view_component/compiler.rb

@@ -51,24 +51,46 @@ module ViewComponent
         component_class.validate_collection_parameter!
       end
 
-      templates.each do |template|
-        # Remove existing compiled template methods,
-        # as Ruby warns when redefining a method.
-        method_name = call_method_name(template[:variant])
+      if has_inline_template?
+        template = component_class.inline_template
 
         redefinition_lock.synchronize do
-          component_class.silence_redefinition_of_method(method_name)
+          component_class.silence_redefinition_of_method("call")
           # rubocop:disable Style/EvalWithLocation
-          component_class.class_eval <<-RUBY, template[:path], 0
-          def #{method_name}
-            #{compiled_template(template[:path])}
+          component_class.class_eval <<-RUBY, template.path, template.lineno
+          def call
+            #{compiled_inline_template(template)}
           end
           RUBY
           # rubocop:enable Style/EvalWithLocation
+
+          component_class.silence_redefinition_of_method("render_template_for")
+          component_class.class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          def render_template_for(variant = nil)
+            call
+          end
+          RUBY
+        end
+      else
+        templates.each do |template|
+          # Remove existing compiled template methods,
+          # as Ruby warns when redefining a method.
+          method_name = call_method_name(template[:variant])
+
+          redefinition_lock.synchronize do
+            component_class.silence_redefinition_of_method(method_name)
+            # rubocop:disable Style/EvalWithLocation
+            component_class.class_eval <<-RUBY, template[:path], 0
+            def #{method_name}
+              #{compiled_template(template[:path])}
+            end
+            RUBY
+            # rubocop:enable Style/EvalWithLocation
+          end
         end
-      end
 
-      define_render_template_for
+        define_render_template_for
+      end
 
       component_class.build_i18n_backend
 
@@ -103,12 +125,16 @@ module ViewComponent
       end
     end
 
+    def has_inline_template?
+      component_class.respond_to?(:inline_template) && component_class.inline_template.present?
+    end
+
     def template_errors
       @__vc_template_errors ||=
         begin
           errors = []
 
-          if (templates + inline_calls).empty?
+          if (templates + inline_calls).empty? && !has_inline_template?
             errors << "Couldn't find a template file or inline render method for #{component_class}."
           end
 
@@ -216,9 +242,21 @@ module ViewComponent
       end
     end
 
+    def compiled_inline_template(template)
+      handler = ActionView::Template.handler_for_extension(template.language)
+      template.rstrip! if component_class.strip_trailing_whitespace?
+
+      compile_template(template.source, handler)
+    end
+
     def compiled_template(file_path)
       handler = ActionView::Template.handler_for_extension(File.extname(file_path).delete("."))
       template = File.read(file_path)
+
+      compile_template(template, handler)
+    end
+
+    def compile_template(template, handler)
       template.rstrip! if component_class.strip_trailing_whitespace?
 
       if handler.method(:call).parameters.length > 1

data/lib/view_component/inline_template.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module ViewComponent # :nodoc:
+  module InlineTemplate
+    extend ActiveSupport::Concern
+    Template = Struct.new(:source, :language, :path, :lineno)
+
+    class_methods do
+      def method_missing(method, *args)
+        return super if !method.end_with?("_template")
+
+        if defined?(@__vc_inline_template_defined) && @__vc_inline_template_defined
+          raise ViewComponent::ComponentError, "inline templates can only be defined once per-component"
+        end
+
+        if args.size != 1
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 1)"
+        end
+
+        ext = method.to_s.gsub("_template", "")
+        template = args.first
+
+        @__vc_inline_template_language = ext
+
+        caller = caller_locations(1..1)[0]
+        @__vc_inline_template = Template.new(
+          template,
+          ext,
+          caller.absolute_path || caller.path,
+          caller.lineno
+        )
+
+        @__vc_inline_template_defined = true
+      end
+      ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
+
+      def respond_to_missing?(method, include_all = false)
+        method.end_with?("_template") || super
+      end
+
+      def inline_template
+        @__vc_inline_template
+      end
+
+      def inline_template_language
+        @__vc_inline_template_language if defined?(@__vc_inline_template_language)
+      end
+
+      def inherited(subclass)
+        super
+        subclass.instance_variable_set(:@__vc_inline_template_language, inline_template_language)
+      end
+    end
+  end
+end

data/lib/view_component/system_test_helpers.rb

@@ -10,12 +10,12 @@ module ViewComponent
     # @param layout [String] The (optional) layout to use.
     # @return [Proc] A block that can be used to visit the path of the inline rendered component.
     def with_rendered_component_path(fragment, layout: false, &block)
-      # Add './tmp/view_components/' directory if it doesn't exist to store the rendered component HTML
-      FileUtils.mkdir_p("./tmp/view_components/") unless Dir.exist?("./tmp/view_components/")
-
-      file = Tempfile.new(["rendered_#{fragment.class.name}", ".html"], "tmp/view_components/")
+      file = Tempfile.new(
+        ["rendered_#{fragment.class.name}", ".html"],
+        ViewComponentsSystemTestController::TEMP_DIR
+      )
       begin
-        file.write(__vc_test_helpers_controller.render_to_string(html: fragment.to_html.html_safe, layout: layout))
+        file.write(vc_test_controller.render_to_string(html: fragment.to_html.html_safe, layout: layout))
         file.rewind
 
         block.call("/_system_test_entrypoint?file=#{file.path.split("/").last}")

data/lib/view_component/test_helpers.rb

@@ -47,9 +47,9 @@ module ViewComponent
       @page = nil
       @rendered_content =
         if Rails.version.to_f >= 6.1
-          __vc_test_helpers_controller.view_context.render(component, args, &block)
+          vc_test_controller.view_context.render(component, args, &block)
         else
-          __vc_test_helpers_controller.view_context.render_component(component, &block)
+          vc_test_controller.view_context.render_component(component, &block)
         end
 
       Nokogiri::HTML.fragment(@rendered_content)
@@ -105,7 +105,7 @@ module ViewComponent
     # ```
     def render_in_view_context(*args, &block)
       @page = nil
-      @rendered_content = __vc_test_helpers_controller.view_context.instance_exec(*args, &block)
+      @rendered_content = vc_test_controller.view_context.instance_exec(*args, &block)
       Nokogiri::HTML.fragment(@rendered_content)
     end
     ruby2_keywords(:render_in_view_context) if respond_to?(:ruby2_keywords, true)
@@ -120,12 +120,12 @@ module ViewComponent
     #
     # @param variant [Symbol] The variant to be set for the provided block.
     def with_variant(variant)
-      old_variants = __vc_test_helpers_controller.view_context.lookup_context.variants
+      old_variants = vc_test_controller.view_context.lookup_context.variants
 
-      __vc_test_helpers_controller.view_context.lookup_context.variants = variant
+      vc_test_controller.view_context.lookup_context.variants = variant
       yield
     ensure
-      __vc_test_helpers_controller.view_context.lookup_context.variants = old_variants
+      vc_test_controller.view_context.lookup_context.variants = old_variants
     end
 
     # Set the controller to be used while executing the given block,
@@ -139,12 +139,12 @@ module ViewComponent
     #
     # @param klass [ActionController::Base] The controller to be used.
     def with_controller_class(klass)
-      old_controller = defined?(@__vc_test_helpers_controller) && @__vc_test_helpers_controller
+      old_controller = defined?(@vc_test_controller) && @vc_test_controller
 
-      @__vc_test_helpers_controller = __vc_test_helpers_build_controller(klass)
+      @vc_test_controller = __vc_test_helpers_build_controller(klass)
       yield
     ensure
-      @__vc_test_helpers_controller = old_controller
+      @vc_test_controller = old_controller
     end
 
     # Set the URL of the current request (such as when using request-dependent path helpers):
@@ -157,35 +157,54 @@ module ViewComponent
     #
     # @param path [String] The path to set for the current request.
     def with_request_url(path)
-      old_request_path_info = __vc_test_helpers_request.path_info
-      old_request_path_parameters = __vc_test_helpers_request.path_parameters
-      old_request_query_parameters = __vc_test_helpers_request.query_parameters
-      old_request_query_string = __vc_test_helpers_request.query_string
-      old_controller = defined?(@__vc_test_helpers_controller) && @__vc_test_helpers_controller
+      old_request_path_info = vc_test_request.path_info
+      old_request_path_parameters = vc_test_request.path_parameters
+      old_request_query_parameters = vc_test_request.query_parameters
+      old_request_query_string = vc_test_request.query_string
+      old_controller = defined?(@vc_test_controller) && @vc_test_controller
 
       path, query = path.split("?", 2)
-      __vc_test_helpers_request.path_info = path
-      __vc_test_helpers_request.path_parameters = Rails.application.routes.recognize_path_with_request(__vc_test_helpers_request, path, {})
-      __vc_test_helpers_request.set_header("action_dispatch.request.query_parameters", Rack::Utils.parse_nested_query(query))
-      __vc_test_helpers_request.set_header(Rack::QUERY_STRING, query)
+      vc_test_request.path_info = path
+      vc_test_request.path_parameters = Rails.application.routes.recognize_path_with_request(vc_test_request, path, {})
+      vc_test_request.set_header("action_dispatch.request.query_parameters", Rack::Utils.parse_nested_query(query))
+      vc_test_request.set_header(Rack::QUERY_STRING, query)
       yield
     ensure
-      __vc_test_helpers_request.path_info = old_request_path_info
-      __vc_test_helpers_request.path_parameters = old_request_path_parameters
-      __vc_test_helpers_request.set_header("action_dispatch.request.query_parameters", old_request_query_parameters)
-      __vc_test_helpers_request.set_header(Rack::QUERY_STRING, old_request_query_string)
-      @__vc_test_helpers_controller = old_controller
+      vc_test_request.path_info = old_request_path_info
+      vc_test_request.path_parameters = old_request_path_parameters
+      vc_test_request.set_header("action_dispatch.request.query_parameters", old_request_query_parameters)
+      vc_test_request.set_header(Rack::QUERY_STRING, old_request_query_string)
+      @vc_test_controller = old_controller
     end
 
-    # Note: We prefix private methods here to prevent collisions in consumer's tests.
-    private
-
-    def __vc_test_helpers_controller
-      @__vc_test_helpers_controller ||= __vc_test_helpers_build_controller(Base.test_controller.constantize)
+    # Access the controller used by `render_inline`:
+    #
+    # ```ruby
+    # test "logged out user sees login link" do
+    #   vc_test_controller.expects(:logged_in?).at_least_once.returns(false)
+    #   render_inline(LoginComponent.new)
+    #   assert_selector("[aria-label='You must be signed in']")
+    # end
+    # ```
+    #
+    # @return [ActionController::Base]
+    def vc_test_controller
+      @vc_test_controller ||= __vc_test_helpers_build_controller(Base.test_controller.constantize)
     end
 
-    def __vc_test_helpers_request
-      @__vc_test_helpers_request ||=
+    # Access the request used by `render_inline`:
+    #
+    # ```ruby
+    # test "component does not render in Firefox" do
+    #   request.env["HTTP_USER_AGENT"] = "Mozilla/5.0"
+    #   render_inline(NoFirefoxComponent.new)
+    #   refute_component_rendered
+    # end
+    # ```
+    #
+    # @return [ActionDispatch::TestRequest]
+    def vc_test_request
+      @vc_test_request ||=
         begin
           out = ActionDispatch::TestRequest.create
           out.session = ActionController::TestSession.new
@@ -193,8 +212,11 @@ module ViewComponent
         end
     end
 
+    # Note: We prefix private methods here to prevent collisions in consumer's tests.
+    private
+
     def __vc_test_helpers_build_controller(klass)
-      klass.new.tap { |c| c.request = __vc_test_helpers_request }.extend(Rails.application.routes.url_helpers)
+      klass.new.tap { |c| c.request = vc_test_request }.extend(Rails.application.routes.url_helpers)
     end
 
     def __vc_test_helpers_preview_class

data/lib/view_component/translatable.rb

@@ -21,7 +21,7 @@ module ViewComponent
       end
 
       def build_i18n_backend
-        return if CompileCache.compiled? self
+        return if compiled?
 
         self.i18n_backend = if (translation_files = sidecar_files(%w[yml yaml])).any?
           # Returning nil cleans up if translations file has been removed since the last compilation
@@ -32,6 +32,27 @@ module ViewComponent
           )
         end
       end
+
+      def i18n_key(key, scope = nil)
+        scope = scope.join(".") if scope.is_a? Array
+        key = key&.to_s unless key.is_a?(String)
+        key = "#{scope}.#{key}" if scope
+        key = "#{i18n_scope}#{key}" if key.start_with?(".")
+        key
+      end
+
+      def translate(key = nil, **options)
+        return key.map { |k| translate(k, **options) } if key.is_a?(Array)
+
+        ensure_compiled
+
+        locale = options.delete(:locale) || ::I18n.locale
+        key = i18n_key(key, options.delete(:scope))
+
+        i18n_backend.translate(locale, key, options)
+      end
+
+      alias_method :t, :translate
     end
 
     class I18nBackend < ::I18n::Backend::Simple
@@ -64,15 +85,10 @@ module ViewComponent
       return key.map { |k| translate(k, **options) } if key.is_a?(Array)
 
       locale = options.delete(:locale) || ::I18n.locale
-      scope = options.delete(:scope)
-      scope = scope.join(".") if scope.is_a? Array
-      key = key&.to_s unless key.is_a?(String)
-      key = "#{scope}.#{key}" if scope
-      key = "#{i18n_scope}#{key}" if key.start_with?(".")
-
-      if HTML_SAFE_TRANSLATION_KEY.match?(key)
-        html_escape_translation_options!(options)
-      end
+      key = self.class.i18n_key(key, options.delete(:scope))
+      as_html = HTML_SAFE_TRANSLATION_KEY.match?(key)
+
+      html_escape_translation_options!(options) if as_html
 
       if key.start_with?(i18n_scope + ".")
         translated =
@@ -85,10 +101,7 @@ module ViewComponent
           return super(key, locale: locale, **options)
         end
 
-        if HTML_SAFE_TRANSLATION_KEY.match?(key)
-          translated = html_safe_translation(translated)
-        end
-
+        translated = html_safe_translation(translated) if as_html
         translated
       else
         super(key, locale: locale, **options)
@@ -101,6 +114,8 @@ module ViewComponent
       self.class.i18n_scope
     end
 
+    private
+
     def html_safe_translation(translation)
       if translation.respond_to?(:map)
         translation.map { |element| html_safe_translation(element) }
@@ -112,18 +127,13 @@ module ViewComponent
       end
     end
 
-    private
-
     def html_escape_translation_options!(options)
       options.each do |name, value|
-        unless i18n_option?(name) || (name == :count && value.is_a?(Numeric))
-          options[name] = ERB::Util.html_escape(value.to_s)
-        end
-      end
-    end
+        next if ::I18n.reserved_keys_pattern.match?(name)
+        next if name == :count && value.is_a?(Numeric)
 
-    def i18n_option?(name)
-      (@i18n_option_names ||= I18n::RESERVED_KEYS.to_set).include?(name)
+        options[name] = ERB::Util.html_escape(value.to_s)
+      end
     end
   end
 end

data/lib/view_component/version.rb

@@ -5,7 +5,7 @@ module ViewComponent
     MAJOR = 3
     MINOR = 0
     PATCH = 0
-    PRE = "rc2"
+    PRE = "rc4"
 
     STRING = [MAJOR, MINOR, PATCH, PRE].compact.join(".")
   end

data/lib/view_component.rb

@@ -13,6 +13,7 @@ module ViewComponent
   autoload :ComponentError
   autoload :Config
   autoload :Deprecation
+  autoload :InlineTemplate
   autoload :Instrumentation
   autoload :Preview
   autoload :PreviewTemplateError

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: view_component
 version: !ruby/object:Gem::Version
-  version: 3.0.0.rc2
+  version: 3.0.0.rc4
 platform: ruby
 authors:
 - ViewComponent Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-17 00:00:00.000000000 Z
+date: 2023-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -363,6 +363,7 @@ files:
 - lib/view_component/docs_builder_component.html.erb
 - lib/view_component/docs_builder_component.rb
 - lib/view_component/engine.rb
+- lib/view_component/inline_template.rb
 - lib/view_component/instrumentation.rb
 - lib/view_component/preview.rb
 - lib/view_component/preview_template_error.rb