view_component 2.82.0 → 2.83.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9bb20706245c43b9c5fa4d11087a2e98332bda53d659f7065874a3c0b8545547
4
- data.tar.gz: 13821a1e91da8a8dce8270962b99aa3b84fddb9731f99c2e2acfd143ad017836
3
+ metadata.gz: 27bcac094fd171c4eb5c5ef2319372747f0efd62ca643fefdc2b544fd6efbd73
4
+ data.tar.gz: 49d93b90f2cf504ded99a6cfe0db780ec178131800a35eff210488da62aae673
5
5
  SHA512:
6
- metadata.gz: 5b0ebf7ac54fc2c82374b29f9cceadfe55af73516ad2e4c65dad69cd65a7c63de3e00ef9cdba8b359c1061309f9a0d2f90344374feec2b37211fbfb36282c96b
7
- data.tar.gz: 48e156dcc5fa1ac9a6cff64e4cb585d528103452938a515d1e3598b505b03188e89362c393c86c0a05437f9a8c28f22e937e3d706f3da17ae03a7c1371728505
6
+ metadata.gz: 89a7f4702ccfc60f9128a99a3ff0ab5b35237fc0aaba860c01e705754330d557b3c380de369cd63db430f3d42d2cb2370a0677eee07ae73a61118921ec715994
7
+ data.tar.gz: 99c1af02c38bba37dc3f44b70818eadae73e307c4d05dd321585fb8cbdfed667367e34255fbbae11b9197fca731704e53a76b38abcfac93e45378c48a798cb43
data/docs/CHANGELOG.md CHANGED
@@ -10,6 +10,12 @@ nav_order: 5
10
10
 
11
11
  ## main
12
12
 
13
+ ## 2.83.0
14
+
15
+ * Ensure HTML output safety.
16
+
17
+ *Cameron Dutro*
18
+
13
19
  ## 2.82.0
14
20
 
15
21
  * Revert "Avoid loading ActionView::Base during initialization (#1528)"
@@ -130,7 +130,12 @@ module ViewComponent
130
130
  before_render
131
131
 
132
132
  if render?
133
- render_template_for(@__vc_variant).to_s + output_postamble
133
+ # Avoid allocating new string when output_postamble is blank
134
+ if output_postamble.blank?
135
+ safe_render_template_for(@__vc_variant).to_s
136
+ else
137
+ safe_render_template_for(@__vc_variant).to_s + safe_output_postamble
138
+ end
134
139
  else
135
140
  ""
136
141
  end
@@ -157,7 +162,7 @@ module ViewComponent
157
162
  #
158
163
  # @return [String]
159
164
  def output_postamble
160
- ""
165
+ @@default_output_postamble ||= "".html_safe
161
166
  end
162
167
 
163
168
  # Called before rendering the component. Override to perform operations that
@@ -309,6 +314,38 @@ module ViewComponent
309
314
  @__vc_content_evaluated
310
315
  end
311
316
 
317
+ def maybe_escape_html(text)
318
+ return text if request && !request.format.html?
319
+ return text if text.blank?
320
+
321
+ if text.html_safe?
322
+ text
323
+ else
324
+ yield
325
+ html_escape(text)
326
+ end
327
+ end
328
+
329
+ def safe_render_template_for(variant)
330
+ if compiler.renders_template_for_variant?(variant)
331
+ render_template_for(variant)
332
+ else
333
+ maybe_escape_html(render_template_for(variant)) do
334
+ Kernel.warn("WARNING: The #{self.class} component rendered HTML-unsafe output. The output will be automatically escaped, but you may want to investigate.")
335
+ end
336
+ end
337
+ end
338
+
339
+ def safe_output_postamble
340
+ maybe_escape_html(output_postamble) do
341
+ Kernel.warn("WARNING: The #{self.class} component was provided an HTML-unsafe postamble. The postamble will be automatically escaped, but you may want to investigate.")
342
+ end
343
+ end
344
+
345
+ def compiler
346
+ @compiler ||= self.class.compiler
347
+ end
348
+
312
349
  # Set the controller used for testing components:
313
350
  #
314
351
  # ```ruby
@@ -16,6 +16,7 @@ module ViewComponent
16
16
  def initialize(component_class)
17
17
  @component_class = component_class
18
18
  @redefinition_lock = Mutex.new
19
+ @variants_rendering_templates = Set.new
19
20
  end
20
21
 
21
22
  def compiled?
@@ -61,6 +62,7 @@ module ViewComponent
61
62
  # Remove existing compiled template methods,
62
63
  # as Ruby warns when redefining a method.
63
64
  method_name = call_method_name(template[:variant])
65
+ @variants_rendering_templates << template[:variant]
64
66
 
65
67
  redefinition_lock.synchronize do
66
68
  component_class.silence_redefinition_of_method(method_name)
@@ -81,6 +83,10 @@ module ViewComponent
81
83
  CompileCache.register(component_class)
82
84
  end
83
85
 
86
+ def renders_template_for_variant?(variant)
87
+ @variants_rendering_templates.include?(variant)
88
+ end
89
+
84
90
  private
85
91
 
86
92
  attr_reader :component_class, :redefinition_lock
@@ -3,7 +3,7 @@
3
3
  module ViewComponent
4
4
  module VERSION
5
5
  MAJOR = 2
6
- MINOR = 82
6
+ MINOR = 83
7
7
  PATCH = 0
8
8
 
9
9
  STRING = [MAJOR, MINOR, PATCH].join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: view_component
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.82.0
4
+ version: 2.83.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ViewComponent Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-11 00:00:00.000000000 Z
11
+ date: 2024-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -409,7 +409,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
409
409
  - !ruby/object:Gem::Version
410
410
  version: '0'
411
411
  requirements: []
412
- rubygems_version: 3.2.32
412
+ rubygems_version: 3.4.5
413
413
  signing_key:
414
414
  specification_version: 4
415
415
  summary: A framework for building reusable, testable & encapsulated view components