diff options
Diffstat (limited to 'actionview/CHANGELOG.md')
| -rw-r--r-- | actionview/CHANGELOG.md | 349 |
1 files changed, 145 insertions, 204 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index a1901e8a17..abb97804e1 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,299 +1,240 @@ -* Deprecate `datetime_field` and `datetime_field_tag` helpers. - Datetime input type was removed from HTML specification. - One can use `datetime_local_field` and `datetime_local_field_tag` instead. +* Only clear ActionView cache in development on file changes - *Wojciech Wnętrzak* + To speed up development mode, view caches are only cleared when files in + the view paths have changed. Applications which have implemented custom + `ActionView::Resolver` subclasses may need to add their own cache clearing. -* Added log "Rendering ...", when starting to render a template to log that - we have started rendering something. This helps to easily identify the origin - of queries in the log whether they came from controller or views. + *John Hawthorn* - *Vipul A M and Prem Sichanugrist* -## Rails 5.0.0.beta3 (February 24, 2016) ## +## Rails 6.0.0.beta3 (March 11, 2019) ## -* Collection rendering can cache and fetch multiple partials at once. +* Only accept formats from registered mime types - Collections rendered as: + A lack of filtering on mime types could allow an attacker to read + arbitrary files on the target server or to perform a denial of service + attack. - ```ruby - <%= render partial: 'notifications/notification', collection: @notifications, as: :notification, cached: true %> - ``` - - will read several partials from cache at once. The templates in the collection - that haven't been cached already will automatically be written to cache. Works - great alongside individual template fragment caching. For instance if the - template the collection renders is cached like: - - ```ruby - # notifications/_notification.html.erb - <% cache notification do %> - <%# ... %> - <% end %> - ``` - - Then any collection renders shares that cache when attempting to read multiple - ones at once. - - *Kasper Timm Hansen* - -* Add support for nested hashes/arrays to `:params` option of `button_to` helper. - - *James Coleman* - -## Rails 5.0.0.beta2 (February 01, 2016) ## - -* Fix stripping the digest from the automatically generated img tag alt - attribute when assets are handled by Sprockets >=3.0. - - *Bart de Water* - -* Create a new `ActiveSupport::SafeBuffer` instance when `content_for` is flushed. - - Fixes #19890. - - *Yoong Kang Lim* - -* Fix `collection_radio_buttons` hidden_field name and make it appear - before the actual input radio tags to make the real value override - the hidden when passed. - - Fixes #22773. - - *Santiago Pastorino* - -* `ActionView::TestCase::Controller#params` returns an instance of - `ActionController::Parameters`. - - *Justin Coyne* - -* Fix regression in `submit_tag` when a symbol is used as label argument. - - *Yuuji Yaginuma* + Fixes CVE-2019-5418 + Fixes CVE-2019-5419 + *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* -## Rails 5.0.0.beta1 (December 18, 2015) ## -* `I18n.translate` helper will wrap the missing translation keys - in a <span> tag only if `debug_missing_translation` configuration - be true. Default value is `true`. For example in `application.rb`: +## Rails 6.0.0.beta2 (February 25, 2019) ## - # in order to turn off missing key wrapping - config.action_view.debug_missing_translation = false +* `ActionView::Template.finalize_compiled_template_methods` is deprecated with + no replacement. - *Sameer Rahmani* + *tenderlove* -* Respect value of `:object` if `:object` is false when rendering. +* `config.action_view.finalize_compiled_template_methods` is deprecated with + no replacement. - Fixes #22260. + *tenderlove* - *Yuichiro Kaneko* +* Ensure unique DOM IDs for collection inputs with float values. -* Generate `week_field` input values using a 1-based index and not a 0-based index - as per the W3 spec: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week + Fixes #34974. - *Christoph Geschwind* + *Mark Edmondson* -* Allow `host` option in `javascript_include_tag` and `stylesheet_link_tag` helpers - *Grzegorz Witek* +## Rails 6.0.0.beta1 (January 18, 2019) ## -* Restrict `url_for :back` to valid, non-JavaScript URLs. GH#14444 +* [Rename npm package](https://github.com/rails/rails/pull/34905) from + [`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to + [`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs). - *Damien Burke* + *Javan Makhmali* -* Allow `date_select` helper selected option to accept hash like the default options. +* Remove deprecated `image_alt` helper. - *Lecky Lao* - -* Collection input propagates input's `id` to the label's `for` attribute when - using html options as the last element of collection. - - *Vasiliy Ermolovich* - -* Add a `hidden_field` on the `collection_radio_buttons` to avoid raising an error - when the only input on the form is the `collection_radio_buttons`. - - *Mauro George* + *Rafael Mendonça França* -* `url_for` does not modify its arguments when generating polymorphic URLs. +* Fix the need of `#protect_against_forgery?` method defined in + `ActionView::Base` subclasses. This prevents the use of forms and buttons. - *Bernerd Schaefer* + *Genadi Samokovarov* -* `number_to_currency` and `number_with_delimiter` now accept a custom `delimiter_pattern` option - to handle placement of delimiter, to support currency formats like INR. +* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms. - Example: + Fixes #33889. - number_to_currency(1230000, delimiter_pattern: /(\d+?)(?=(\d\d)+(\d)(?!\d))/, unit: '₹', format: "%u %n") - # => '₹ 12,30,000.00' + *Wolfgang Hobmaier* - *Vipul A M* +* Prevent non-primary mouse keys from triggering Rails UJS click handlers. + Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks. + For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur. -* Make `disable_with` the default behavior for submit tags. Disables the - button on submit to prevent double submits. - - *Justin Schiff* + ``` + <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %> + ``` -* Add a break_sequence option to word_wrap so you can specify a custom break. + Fixes #34541. - *Mauricio Gomez* + *Wolfgang Hobmaier* -* Add wildcard matching to explicit dependencies. +* Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines. - Turns: + For example, given input like this: - ```erb - <% # Template Dependency: recordings/threads/events/subscribers_changed %> - <% # Template Dependency: recordings/threads/events/completed %> - <% # Template Dependency: recordings/threads/events/uncompleted %> ``` - - Into: - - ```erb - <% # Template Dependency: recordings/threads/events/* %> + This is a paragraph with an initial indent, + followed by additional lines that are not indented, + and finally terminated with a blockquote: + "A pithy saying" ``` - *Kasper Timm Hansen* + Calling `word_wrap` should not trim the indents on the first and last lines. -* Allow defining explicit collection caching using a `# Template Collection: ...` - directive inside templates. + Fixes #34487. - *Dov Murik* + *Lyle Mullican* -* Asset helpers raise `ArgumentError` when `nil` is passed as a source. +* Add allocations to template rendering instrumentation. - *Anton Kolomiychuk* + Adds the allocations for template and partial rendering to the server output on render. -* Always attach the template digest to the cache key for collection caching - even when `virtual_path` is not available from the view context. - Which could happen if the rendering was done directly in the controller - and not in a template. - - Fixes #20535. - - *Roque Pinel* + ``` + Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004) + Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654) + Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564) + ``` -* Improve detection of partial templates eligible for collection caching, - now allowing multi-line comments at the beginning of the template file. + *Eileen M. Uchitelle*, *Aaron Patterson* - *Dov Murik* +* Respect the `only_path` option passed to `url_for` when the options are passed in as an array -* Raise an `ArgumentError` when a false value for `include_blank` is passed to a - required select field (to comply with the HTML5 spec). + Fixes #33237. - *Grey Baker* + *Joel Ambass* -* Do not put partial name to `local_assigns` when rendering without - an object or a collection. +* Deprecate calling private model methods from view helpers. - *Henrik Nygren* + For example, in methods like `options_from_collection_for_select` + and `collection_select` it is possible to call private methods from + the objects used. -* Remove `:rescue_format` option for `translate` helper since it's no longer - supported by I18n. + Fixes #33546. - *Bernard Potocki* + *Ana María Martínez Gómez* -* `translate` should handle `raise` flag correctly in case of both main and default - translation is missing. +* Fix issue with `button_to`'s `to_form_params` - Fixes #19967. + `button_to` was throwing exception when invoked with `params` hash that + contains symbol and string keys. The reason for the exception was that + `to_form_params` was comparing the given symbol and string keys. - *Bernard Potocki* + The issue is fixed by turning all keys to strings inside + `to_form_params` before comparing them. -* Load the `default_form_builder` from the controller on initialization, which overrides - the global config if it is present. + *Georgi Georgiev* - *Kevin McPhillips* +* Mark arrays of translations as trusted safe by using the `_html` suffix. -* Accept lambda as `child_index` option in `fields_for` method. + Example: - *Karol Galanciak* + en: + foo_html: + - "One" + - "<strong>Two</strong>" + - "Three 👋 🙂" -* `translate` allows `default: [[]]` again for a default value of `[]`. + *Juan Broullon* - Fixes #19640. +* Add `year_format` option to date_select tag. This option makes it possible to customize year + names. Lambda should be passed to use this option. - *Adam Prescott* + Example: -* `translate` should accept nils as members of the `:default` - parameter without raising a translation missing error. + date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" }) - Fixes #19419. + The HTML produced: - *Justin Coyne* + <select id="user_birthday__1i" name="user_birthday[(1i)]"> + <option value="1998">Heisei 10</option> + <option value="1999">Heisei 11</option> + <option value="2000">Heisei 12</option> + </select> + /* The rest is omitted */ -* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY` - as input when `precision: 0` is used. + *Koki Ryu* - Fixes #19227. +* Fix JavaScript views rendering does not work with Firefox when using + Content Security Policy. - *Yves Senn* + Fixes #32577. -* Fixed the translation helper method to accept different default values types - besides String. + *Yuji Yaginuma* - *Ulisses Almeida* +* Add the `nonce: true` option for `javascript_include_tag` helper to + support automatic nonce generation for Content Security Policy. + Works the same way as `javascript_tag nonce: true` does. -* Fixed a dependency tracker bug that caused template dependencies not - count layouts as dependencies for partials. + *Yaroslav Markin* - *Juho Leinonen* +* Remove `ActionView::Helpers::RecordTagHelper`. -* Extracted `ActionView::Helpers::RecordTagHelper` to external gem - (`record_tag_helper`) and added removal notices. + *Yoshiyuki Hirano* - *Todd Bealmear* +* Disable `ActionView::Template` finalizers in test environment. -* Allow to pass a string value to `size` option in `image_tag` and `video_tag`. + Template finalization can be expensive in large view test suites. + Add a configuration option, + `action_view.finalize_compiled_template_methods`, and turn it off in + the test environment. - This makes the behavior more consistent with `width` or `height` options. + *Simon Coffey* - *Mehdi Lahmam* +* Extract the `confirm` call in its own, overridable method in `rails_ujs`. -* Partial template name does no more have to be a valid Ruby identifier. + Example: - There used to be a naming rule that the partial name should start with - underscore, and should be followed by any combination of letters, numbers - and underscores. - But now we can give our partials any name starting with underscore, such as - _🍔.html.erb. + Rails.confirm = function(message, element) { + return (my_bootstrap_modal_confirm(message)); + } - *Akira Matsuda* + *Mathieu Mahé* -* Change the default template handler from `ERB` to `Raw`. +* Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required` + field. - Files without a template handler in their extension will be rendered using the raw - handler instead of ERB. + Example: - *Rafael Mendonça França* + select :post, + :category, + ["lifestyle", "programming", "spiritual"], + { selected: "", disabled: "", prompt: "Choose one" }, + { required: true } -* Remove deprecated `AbstractController::Base::parent_prefixes`. + Placeholder option would be selected and disabled. - *Rafael Mendonça França* + The HTML produced: -* Default translations that have a lower precedence than a html safe default, - but are not themselves safe, should not be marked as html_safe. + <select required="required" name="post[category]" id="post_category"> + <option disabled="disabled" selected="selected" value="">Choose one</option> + <option value="lifestyle">lifestyle</option> + <option value="programming">programming</option> + <option value="spiritual">spiritual</option></select> - *Justin Coyne* + *Sergey Prikhodko* -* Make possible to use blocks with short version of `render "partial"` helper. +* Don't enforce UTF-8 by default. - *Nikolay Shebanov* + With the disabling of TLS 1.0 by most major websites, continuing to run + IE8 or lower becomes increasingly difficult so default to not enforcing + UTF-8 encoding as it's not relevant to other browsers. -* Add a `hidden_field` on the `file_field` to avoid raising an error when the only - input on the form is the `file_field`. + *Andrew White* - *Mauro George* +* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`. -* Add an explicit error message, in `ActionView::PartialRenderer` for partial - `rendering`, when the value of option `as` has invalid characters. + *Rui Onodera* - *Angelo Capilleri* +* Rails 6 requires Ruby 2.5.0 or newer. -* Allow entries without a link tag in `AtomFeedHelper`. + *Jeremy Daer*, *Kasper Timm Hansen* - *Daniel Gomez de Souza* -Please check [4-2-stable](https://github.com/rails/rails/blob/4-2-stable/actionview/CHANGELOG.md) for previous changes. +Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes. |