diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | actionview/CHANGELOG.md | 7 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 14 | ||||
| -rw-r--r-- | actionview/test/template/sanitize_helper_test.rb | 2 | ||||
| -rw-r--r-- | activerecord/lib/active_record/associations/collection_proxy.rb | 4 | ||||
| -rw-r--r-- | activerecord/test/cases/associations/has_many_associations_test.rb | 8 | ||||
| -rw-r--r-- | activerecord/test/cases/calculations_test.rb | 2 | ||||
| -rw-r--r-- | guides/source/testing.md | 4 | ||||
| -rw-r--r-- | railties/RDOC_MAIN.rdoc | 2 | ||||
| -rw-r--r-- | railties/lib/rails/generators/app_base.rb | 2 |
10 files changed, 39 insertions, 8 deletions
@@ -71,7 +71,7 @@ and may also be used independently outside Rails. * [Getting Started with Rails](http://guides.rubyonrails.org/getting_started.html) * [Ruby on Rails Guides](http://guides.rubyonrails.org) * [The API Documentation](http://api.rubyonrails.org) - * [Ruby on Rails Tutorial](http://www.railstutorial.org/book) + * [Ruby on Rails Tutorial](https://www.railstutorial.org/book) ## Contributing diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index f5d2c9f23b..f2ae74454a 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,10 @@ +* Remove the option `encode_special_chars` misnomer from `strip_tags` + + As of rails-html-sanitizer v1.0.3 sanitizer will ignore the + `encode_special_chars` option. Fixes #28060. + + *Andrew Hood* + ## Rails 5.1.0.beta1 (February 23, 2017) ## * Change the ERB handler from Erubis to Erubi. diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 1e9b813d3d..0abd5bc5dc 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -13,6 +13,7 @@ module ActionView # It also strips href/src attributes with unsafe protocols like # <tt>javascript:</tt>, while also protecting against attempts to use Unicode, # ASCII, and hex character references to work around these protocol filters. + # All special characters will be escaped. # # The default sanitizer is Rails::Html::WhiteListSanitizer. See {Rails HTML # Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information. @@ -20,8 +21,7 @@ module ActionView # Custom sanitization rules can also be provided. # # Please note that sanitizing user-provided text does not guarantee that the - # resulting markup is valid or even well-formed. For example, the output may still - # contain unescaped characters like <tt><</tt>, <tt>></tt>, or <tt>&</tt>. + # resulting markup is valid or even well-formed. # # ==== Options # @@ -86,7 +86,7 @@ module ActionView self.class.white_list_sanitizer.sanitize_css(style) end - # Strips all HTML tags from +html+, including comments. + # Strips all HTML tags from +html+, including comments and special characters. # # strip_tags("Strip <i>these</i> tags!") # # => Strip these tags! @@ -96,8 +96,11 @@ module ActionView # # strip_tags("<div id='top-bar'>Welcome to my website!</div>") # # => Welcome to my website! + # + # strip_tags("> A quote from Smith & Wesson") + # # => > A quote from Smith & Wesson def strip_tags(html) - self.class.full_sanitizer.sanitize(html, encode_special_chars: false) + self.class.full_sanitizer.sanitize(html) end # Strips all link tags from +html+ leaving just the link text. @@ -110,6 +113,9 @@ module ActionView # # strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.') # # => Blog: Visit. + # + # strip_links('<<a href="https://example.org">malformed & link</a>') + # # => <malformed & link def strip_links(html) self.class.link_sanitizer.sanitize(html) end diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb index c8963fee9c..11ed55456f 100644 --- a/actionview/test/template/sanitize_helper_test.rb +++ b/actionview/test/template/sanitize_helper_test.rb @@ -10,6 +10,7 @@ class SanitizeHelperTest < ActionView::TestCase assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>") assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic") assert_equal "My mind\nall <b>day</b> long", strip_links("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>") + assert_equal "<malformed & link", strip_links('<<a href="https://example.org">malformed & link</a>') end def test_sanitize_form @@ -26,6 +27,7 @@ class SanitizeHelperTest < ActionView::TestCase assert_equal("Dont touch me", strip_tags("Dont touch me")) assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")) assert_equal "This has a here.", strip_tags("This has a <!-- comment --> here.") + assert_equal("Jekyll & Hyde", strip_tags("Jekyll & Hyde")) assert_equal "", strip_tags("<script>") end diff --git a/activerecord/lib/active_record/associations/collection_proxy.rb b/activerecord/lib/active_record/associations/collection_proxy.rb index 55bf2e0ff0..d35fe9fe50 100644 --- a/activerecord/lib/active_record/associations/collection_proxy.rb +++ b/activerecord/lib/active_record/associations/collection_proxy.rb @@ -33,6 +33,10 @@ module ActiveRecord super klass, klass.arel_table, klass.predicate_builder end + def initialize_dup(other) # :nodoc: + @association = @association.deep_dup + end + def target @association.target end diff --git a/activerecord/test/cases/associations/has_many_associations_test.rb b/activerecord/test/cases/associations/has_many_associations_test.rb index ede3a44090..3ef322d9e5 100644 --- a/activerecord/test/cases/associations/has_many_associations_test.rb +++ b/activerecord/test/cases/associations/has_many_associations_test.rb @@ -2107,6 +2107,14 @@ class HasManyAssociationsTest < ActiveRecord::TestCase assert_not_equal target.object_id, ary.object_id end + def test_dup_should_dup_load_target + original = topics(:first).replies + dupped = topics(:first).replies.dup + + assert_not_equal original.object_id, dupped.object_id + assert_not_equal original.load_target.object_id, dupped.load_target.object_id + end + def test_merging_with_custom_attribute_writer bulb = Bulb.new(color: "red") assert_equal "RED!", bulb.color diff --git a/activerecord/test/cases/calculations_test.rb b/activerecord/test/cases/calculations_test.rb index edf7ce0bca..f018156cfc 100644 --- a/activerecord/test/cases/calculations_test.rb +++ b/activerecord/test/cases/calculations_test.rb @@ -249,7 +249,7 @@ class CalculationsTest < ActiveRecord::TestCase end def test_should_group_by_summed_field_having_condition_from_select - skip if current_adapter?(:PostgreSQLAdapter) + skip if current_adapter?(:PostgreSQLAdapter, :OracleAdapter) c = Account.select("MIN(credit_limit) AS min_credit_limit").group(:firm_id).having("min_credit_limit > 50").sum(:credit_limit) assert_nil c[1] assert_equal 60, c[2] diff --git a/guides/source/testing.md b/guides/source/testing.md index 652030a733..4231500729 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -1435,6 +1435,10 @@ variable. We then ensure that it was sent (the first assert), then, in the second batch of assertions, we ensure that the email does indeed contain what we expect. The helper `read_fixture` is used to read in the content from this file. +NOTE: `email.body.to_s` is present when there's only one (HTML or text) part present. +If the mailer provides both, you can test your fixture against specific parts +with `email.text_part.body.to_s` or `email.html_part.body.to_s`. + Here's the content of the `invite` fixture: ``` diff --git a/railties/RDOC_MAIN.rdoc b/railties/RDOC_MAIN.rdoc index ef9bbf3d7e..654c7bae57 100644 --- a/railties/RDOC_MAIN.rdoc +++ b/railties/RDOC_MAIN.rdoc @@ -57,7 +57,7 @@ can read more about Action Pack in its {README}[link:files/actionpack/README_rdo * The \README file created within your application. * {Getting Started with \Rails}[http://guides.rubyonrails.org/getting_started.html]. -* {Ruby on \Rails Tutorial}[http://www.railstutorial.org/book]. +* {Ruby on \Rails Tutorial}[https://www.railstutorial.org/book]. * {Ruby on \Rails Guides}[http://guides.rubyonrails.org]. * {The API Documentation}[http://api.rubyonrails.org]. diff --git a/railties/lib/rails/generators/app_base.rb b/railties/lib/rails/generators/app_base.rb index 04f6341471..56e286f259 100644 --- a/railties/lib/rails/generators/app_base.rb +++ b/railties/lib/rails/generators/app_base.rb @@ -322,7 +322,7 @@ module Rails return [] unless options[:webpack] comment = "Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker" - GemfileEntry.github "webpacker", "rails/webpacker", nil, comment + GemfileEntry.new "webpacker", nil, comment end def jbuilder_gemfile_entry |