view_component 2.82.0 → 2.83.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/docs/CHANGELOG.md +6 -0
  3. data/lib/view_component/base.rb +39 -2
  4. data/lib/view_component/compiler.rb +6 -0
  5. data/lib/view_component/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9bb20706245c43b9c5fa4d11087a2e98332bda53d659f7065874a3c0b8545547
4
- data.tar.gz: 13821a1e91da8a8dce8270962b99aa3b84fddb9731f99c2e2acfd143ad017836
3
+ metadata.gz: 27bcac094fd171c4eb5c5ef2319372747f0efd62ca643fefdc2b544fd6efbd73
4
+ data.tar.gz: 49d93b90f2cf504ded99a6cfe0db780ec178131800a35eff210488da62aae673
5
5
  SHA512:
6
- metadata.gz: 5b0ebf7ac54fc2c82374b29f9cceadfe55af73516ad2e4c65dad69cd65a7c63de3e00ef9cdba8b359c1061309f9a0d2f90344374feec2b37211fbfb36282c96b
7
- data.tar.gz: 48e156dcc5fa1ac9a6cff64e4cb585d528103452938a515d1e3598b505b03188e89362c393c86c0a05437f9a8c28f22e937e3d706f3da17ae03a7c1371728505
6
+ metadata.gz: 89a7f4702ccfc60f9128a99a3ff0ab5b35237fc0aaba860c01e705754330d557b3c380de369cd63db430f3d42d2cb2370a0677eee07ae73a61118921ec715994
7
+ data.tar.gz: 99c1af02c38bba37dc3f44b70818eadae73e307c4d05dd321585fb8cbdfed667367e34255fbbae11b9197fca731704e53a76b38abcfac93e45378c48a798cb43
data/docs/CHANGELOG.md CHANGED
@@ -10,6 +10,12 @@ nav_order: 5
10
10
 
11
11
  ## main
12
12
 
13
+ ## 2.83.0
14
+
15
+ * Ensure HTML output safety.
16
+
17
+ *Cameron Dutro*
18
+
13
19
  ## 2.82.0
14
20
 
15
21
  * Revert "Avoid loading ActionView::Base during initialization (#1528)"
data/lib/view_component/base.rb CHANGED
@@ -130,7 +130,12 @@ module ViewComponent
130
130
  before_render
131
131
 
132
132
  if render?
133
- render_template_for(@__vc_variant).to_s + output_postamble
133
+ # Avoid allocating new string when output_postamble is blank
134
+ if output_postamble.blank?
135
+ safe_render_template_for(@__vc_variant).to_s
136
+ else
137
+ safe_render_template_for(@__vc_variant).to_s + safe_output_postamble
138
+ end
134
139
  else
135
140
  ""
136
141
  end
@@ -157,7 +162,7 @@ module ViewComponent
157
162
  #
158
163
  # @return [String]
159
164
  def output_postamble
160
- ""
165
+ @@default_output_postamble ||= "".html_safe
161
166
  end
162
167
 
163
168
  # Called before rendering the component. Override to perform operations that
@@ -309,6 +314,38 @@ module ViewComponent
309
314
  @__vc_content_evaluated
310
315
  end
311
316
 
317
+ def maybe_escape_html(text)
318
+ return text if request && !request.format.html?
319
+ return text if text.blank?
320
+
321
+ if text.html_safe?
322
+ text
323
+ else
324
+ yield
325
+ html_escape(text)
326
+ end
327
+ end
328
+
329
+ def safe_render_template_for(variant)
330
+ if compiler.renders_template_for_variant?(variant)
331
+ render_template_for(variant)
332
+ else
333
+ maybe_escape_html(render_template_for(variant)) do
334
+ Kernel.warn("WARNING: The #{self.class} component rendered HTML-unsafe output. The output will be automatically escaped, but you may want to investigate.")
335
+ end
336
+ end
337
+ end
338
+
339
+ def safe_output_postamble
340
+ maybe_escape_html(output_postamble) do
341
+ Kernel.warn("WARNING: The #{self.class} component was provided an HTML-unsafe postamble. The postamble will be automatically escaped, but you may want to investigate.")
342
+ end
343
+ end
344
+
345
+ def compiler
346
+ @compiler ||= self.class.compiler
347
+ end
348
+
312
349
  # Set the controller used for testing components:
313
350
  #
314
351
  # ```ruby
data/lib/view_component/compiler.rb CHANGED
@@ -16,6 +16,7 @@ module ViewComponent
16
16
  def initialize(component_class)
17
17
  @component_class = component_class
18
18
  @redefinition_lock = Mutex.new
19
+ @variants_rendering_templates = Set.new
19
20
  end
20
21
 
21
22
  def compiled?
@@ -61,6 +62,7 @@ module ViewComponent
61
62
  # Remove existing compiled template methods,
62
63
  # as Ruby warns when redefining a method.
63
64
  method_name = call_method_name(template[:variant])
65
+ @variants_rendering_templates << template[:variant]
64
66
 
65
67
  redefinition_lock.synchronize do
66
68
  component_class.silence_redefinition_of_method(method_name)
@@ -81,6 +83,10 @@ module ViewComponent
81
83
  CompileCache.register(component_class)
82
84
  end
83
85
 
86
+ def renders_template_for_variant?(variant)
87
+ @variants_rendering_templates.include?(variant)
88
+ end
89
+
84
90
  private
85
91
 
86
92
  attr_reader :component_class, :redefinition_lock
data/lib/view_component/version.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module ViewComponent
4
4
  module VERSION
5
5
  MAJOR = 2
6
- MINOR = 82
6
+ MINOR = 83
7
7
  PATCH = 0
8
8
 
9
9
  STRING = [MAJOR, MINOR, PATCH].join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: view_component
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.82.0
4
+ version: 2.83.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ViewComponent Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-11 00:00:00.000000000 Z
11
+ date: 2024-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -409,7 +409,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
409
409
  - !ruby/object:Gem::Version
410
410
  version: '0'
411
411
  requirements: []
412
- rubygems_version: 3.2.32
412
+ rubygems_version: 3.4.5
413
413
  signing_key:
414
414
  specification_version: 4
415
415
  summary: A framework for building reusable, testable & encapsulated view components