diff options
Diffstat (limited to 'actionview/lib/action_view/helpers')
21 files changed, 342 insertions, 107 deletions
diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index 14bd8ffa84..59d70a1dc4 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -55,7 +55,7 @@ module ActionView # that path. # * <tt>:skip_pipeline</tt> - This option is used to bypass the asset pipeline # when it is set to true. - # * <tt>:nonce<tt> - When set to true, adds an automatic nonce value if + # * <tt>:nonce</tt> - When set to true, adds an automatic nonce value if # you have Content Security Policy enabled. # # ==== Examples @@ -98,7 +98,7 @@ module ActionView if tag_options["nonce"] == true tag_options["nonce"] = content_security_policy_nonce end - content_tag("script".freeze, "", tag_options) + content_tag("script", "", tag_options) }.join("\n").html_safe request.send_early_hints("Link" => early_hints_links.join("\n")) if respond_to?(:request) && request @@ -329,14 +329,14 @@ module ActionView # image_tag("pic.jpg", srcset: [["pic_1024.jpg", "1024w"], ["pic_1980.jpg", "1980w"]], sizes: "100vw") # # => <img src="/assets/pic.jpg" srcset="/assets/pic_1024.jpg 1024w, /assets/pic_1980.jpg 1980w" sizes="100vw"> # - # Active Storage (images that are uploaded by the users of your app): + # Active Storage blobs (images that are uploaded by the users of your app): # # image_tag(user.avatar) # # => <img src="/rails/active_storage/blobs/.../tiger.jpg" /> - # image_tag(user.avatar.variant(resize_to_fit: [100, 100])) - # # => <img src="/rails/active_storage/variants/.../tiger.jpg" /> - # image_tag(user.avatar.variant(resize_to_fit: [100, 100]), size: '100') - # # => <img width="100" height="100" src="/rails/active_storage/variants/.../tiger.jpg" /> + # image_tag(user.avatar.variant(resize_to_limit: [100, 100])) + # # => <img src="/rails/active_storage/representations/.../tiger.jpg" /> + # image_tag(user.avatar.variant(resize_to_limit: [100, 100]), size: '100') + # # => <img width="100" height="100" src="/rails/active_storage/representations/.../tiger.jpg" /> def image_tag(source, options = {}) options = options.symbolize_keys check_for_image_tag_errors(options) @@ -355,29 +355,6 @@ module ActionView tag("img", options) end - # Returns a string suitable for an HTML image tag alt attribute. - # The +src+ argument is meant to be an image file path. - # The method removes the basename of the file path and the digest, - # if any. It also removes hyphens and underscores from file names and - # replaces them with spaces, returning a space-separated, titleized - # string. - # - # ==== Examples - # - # image_alt('rails.png') - # # => Rails - # - # image_alt('hyphenated-file-name.png') - # # => Hyphenated file name - # - # image_alt('underscored_file_name.png') - # # => Underscored file name - def image_alt(src) - ActiveSupport::Deprecation.warn("image_alt is deprecated and will be removed from Rails 6.0. You must explicitly set alt text on images.") - - File.basename(src, ".*".freeze).sub(/-[[:xdigit:]]{32,64}\z/, "".freeze).tr("-_".freeze, " ".freeze).capitalize - end - # Returns an HTML video tag for the +sources+. If +sources+ is a string, # a single video tag will be returned. If +sources+ is an array, a video # tag with nested source tags for each source will be returned. The diff --git a/actionview/lib/action_view/helpers/asset_url_helper.rb b/actionview/lib/action_view/helpers/asset_url_helper.rb index 8cbe107e41..cc62783d60 100644 --- a/actionview/lib/action_view/helpers/asset_url_helper.rb +++ b/actionview/lib/action_view/helpers/asset_url_helper.rb @@ -98,8 +98,9 @@ module ActionView # have SSL certificates for each of the asset hosts this technique allows you # to avoid warnings in the client about mixed media. # Note that the +request+ parameter might not be supplied, e.g. when the assets - # are precompiled via a Rake task. Make sure to use a +Proc+ instead of a lambda, - # since a +Proc+ allows missing parameters and sets them to +nil+. + # are precompiled with the command `rails assets:precompile`. Make sure to use a + # +Proc+ instead of a lambda, since a +Proc+ allows missing parameters and sets them + # to +nil+. # # config.action_controller.asset_host = Proc.new { |source, request| # if request && request.ssl? @@ -187,7 +188,7 @@ module ActionView return "" if source.blank? return source if URI_REGEXP.match?(source) - tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "".freeze) + tail, source = source[/([\?#].+)$/], source.sub(/([\?#].+)$/, "") if extname = compute_asset_extname(source, options) source = "#{source}#{extname}" diff --git a/actionview/lib/action_view/helpers/cache_helper.rb b/actionview/lib/action_view/helpers/cache_helper.rb index 15d187a9ec..020aebeea3 100644 --- a/actionview/lib/action_view/helpers/cache_helper.rb +++ b/actionview/lib/action_view/helpers/cache_helper.rb @@ -208,27 +208,35 @@ module ActionView # # The digest will be generated using +virtual_path:+ if it is provided. # - def cache_fragment_name(name = {}, skip_digest: nil, virtual_path: nil) + def cache_fragment_name(name = {}, skip_digest: nil, virtual_path: nil, digest_path: nil) if skip_digest name else - fragment_name_with_digest(name, virtual_path) + fragment_name_with_digest(name, virtual_path, digest_path) + end + end + + def digest_path_from_template(template) # :nodoc: + digest = Digestor.digest(name: template.virtual_path, format: template.format, finder: lookup_context, dependencies: view_cache_dependencies) + + if digest.present? + "#{template.virtual_path}:#{digest}" + else + template.virtual_path end end private - def fragment_name_with_digest(name, virtual_path) + def fragment_name_with_digest(name, virtual_path, digest_path) virtual_path ||= @virtual_path - if virtual_path + if virtual_path || digest_path name = controller.url_for(name).split("://").last if name.is_a?(Hash) - if digest = Digestor.digest(name: virtual_path, finder: lookup_context, dependencies: view_cache_dependencies).presence - [ "#{virtual_path}:#{digest}", name ] - else - [ virtual_path, name ] - end + digest_path ||= digest_path_from_template(@current_template) + + [ digest_path, name ] else name end diff --git a/actionview/lib/action_view/helpers/capture_helper.rb b/actionview/lib/action_view/helpers/capture_helper.rb index 92f7ddb70d..c87c212cc7 100644 --- a/actionview/lib/action_view/helpers/capture_helper.rb +++ b/actionview/lib/action_view/helpers/capture_helper.rb @@ -36,6 +36,10 @@ module ActionView # </body> # </html> # + # The return of capture is the string generated by the block. For Example: + # + # @greeting # => "Welcome to my shiny new web page! The date and time is 2018-09-06 11:09:16 -0500" + # def capture(*args) value = nil buffer = with_output_buffer { value = yield(*args) } diff --git a/actionview/lib/action_view/helpers/csp_helper.rb b/actionview/lib/action_view/helpers/csp_helper.rb index e2e065c218..4415018845 100644 --- a/actionview/lib/action_view/helpers/csp_helper.rb +++ b/actionview/lib/action_view/helpers/csp_helper.rb @@ -14,9 +14,11 @@ module ActionView # This is used by the Rails UJS helper to create dynamically # loaded inline <script> elements. # - def csp_meta_tag + def csp_meta_tag(**options) if content_security_policy? - tag("meta", name: "csp-nonce", content: content_security_policy_nonce) + options[:name] = "csp-nonce" + options[:content] = content_security_policy_nonce + tag("meta", options) end end end diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb index 69c59844a6..c0422c6ff5 100644 --- a/actionview/lib/action_view/helpers/csrf_helper.rb +++ b/actionview/lib/action_view/helpers/csrf_helper.rb @@ -20,7 +20,7 @@ module ActionView # "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically. # def csrf_meta_tags - if protect_against_forgery? + if defined?(protect_against_forgery?) && protect_against_forgery? [ tag("meta", name: "csrf-param", content: request_forgery_protection_token), tag("meta", name: "csrf-token", content: form_authenticity_token) diff --git a/actionview/lib/action_view/helpers/date_helper.rb b/actionview/lib/action_view/helpers/date_helper.rb index 4de4fafde0..9d5e5eaba3 100644 --- a/actionview/lib/action_view/helpers/date_helper.rb +++ b/actionview/lib/action_view/helpers/date_helper.rb @@ -684,7 +684,7 @@ module ActionView format = options.delete(:format) || :long content = args.first || I18n.l(date_or_time, format: format) - content_tag("time".freeze, content, options.reverse_merge(datetime: date_or_time.iso8601), &block) + content_tag("time", content, options.reverse_merge(datetime: date_or_time.iso8601), &block) end private @@ -703,7 +703,7 @@ module ActionView class DateTimeSelector #:nodoc: include ActionView::Helpers::TagHelper - DEFAULT_PREFIX = "date".freeze + DEFAULT_PREFIX = "date" POSITION = { year: 1, month: 2, day: 3, hour: 4, minute: 5, second: 6 }.freeze @@ -824,7 +824,7 @@ module ActionView 1.upto(12) do |month_number| options = { value: month_number } options[:selected] = "selected" if month == month_number - month_options << content_tag("option".freeze, month_name(month_number), options) + "\n" + month_options << content_tag("option", month_name(month_number), options) + "\n" end build_select(:month, month_options.join) end @@ -1006,7 +1006,7 @@ module ActionView tag_options[:selected] = "selected" if selected == i text = options[:use_two_digit_numbers] ? sprintf("%02d", i) : value text = options[:ampm] ? AMPM_TRANSLATION[i] : text - select_options << content_tag("option".freeze, text, tag_options) + select_options << content_tag("option", text, tag_options) end (select_options.join("\n") + "\n").html_safe @@ -1034,7 +1034,7 @@ module ActionView tag_options = { value: value } tag_options[:selected] = "selected" if selected == value text = year_name(value) - select_options << content_tag("option".freeze, text, tag_options) + select_options << content_tag("option", text, tag_options) end (select_options.join("\n") + "\n").html_safe @@ -1053,12 +1053,12 @@ module ActionView select_options[:disabled] = "disabled" if @options[:disabled] select_options[:class] = css_class_attribute(type, select_options[:class], @options[:with_css_classes]) if @options[:with_css_classes] - select_html = "\n".dup - select_html << content_tag("option".freeze, "", value: "") + "\n" if @options[:include_blank] + select_html = +"\n" + select_html << content_tag("option", "", value: "") + "\n" if @options[:include_blank] select_html << prompt_option_tag(type, @options[:prompt]) + "\n" if @options[:prompt] select_html << select_options_as_html - (content_tag("select".freeze, select_html.html_safe, select_options) + "\n").html_safe + (content_tag("select", select_html.html_safe, select_options) + "\n").html_safe end # Builds the css class value for the select element @@ -1091,7 +1091,7 @@ module ActionView I18n.translate(:"datetime.prompts.#{type}", locale: @options[:locale]) end - prompt ? content_tag("option".freeze, prompt, value: "") : "" + prompt ? content_tag("option", prompt, value: "") : "" end # Builds hidden input tag for date part and value. @@ -1135,7 +1135,7 @@ module ActionView # Given an ordering of datetime components, create the selection HTML # and join them with their appropriate separators. def build_selects_from_types(order) - select = "".dup + select = +"" first_visible = order.find { |type| !@options[:"discard_#{type}"] } order.reverse_each do |type| separator = separator(type) unless type == first_visible # don't add before first visible field diff --git a/actionview/lib/action_view/helpers/form_helper.rb b/actionview/lib/action_view/helpers/form_helper.rb index 07f3d98322..5533cef249 100644 --- a/actionview/lib/action_view/helpers/form_helper.rb +++ b/actionview/lib/action_view/helpers/form_helper.rb @@ -590,6 +590,9 @@ module ActionView # Skipped if a <tt>:url</tt> is passed. # * <tt>:scope</tt> - The scope to prefix input field names with and # thereby how the submitted parameters are grouped in controllers. + # * <tt>:namespace</tt> - A namespace for your form to ensure uniqueness of + # id attributes on form elements. The namespace attribute will be prefixed + # with underscore on the generated HTML id. # * <tt>:model</tt> - A model object to infer the <tt>:url</tt> and # <tt>:scope</tt> by, plus fill out input field values. # So if a +title+ attribute is set to "Ahoy!" then a +title+ input @@ -736,7 +739,7 @@ module ActionView # def labelled_form_with(**options, &block) # form_with(**options.merge(builder: LabellingFormBuilder), &block) # end - def form_with(model: nil, scope: nil, url: nil, format: nil, **options) + def form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block) options[:allow_method_names_outside_object] = true options[:skip_default_ids] = !form_with_generates_ids @@ -749,7 +752,7 @@ module ActionView if block_given? builder = instantiate_builder(scope, model, options) - output = capture(builder, &Proc.new) + output = capture(builder, &block) options[:multipart] ||= builder.multipart? html_options = html_options_for_form_with(url, model, options) @@ -1127,6 +1130,9 @@ module ActionView # text_field(:post, :title, class: "create_input") # # => <input type="text" id="post_title" name="post[title]" value="#{@post.title}" class="create_input" /> # + # text_field(:post, :title, maxlength: 30, class: "title_input") + # # => <input type="text" id="post_title" name="post[title]" maxlength="30" size="30" value="#{@post.title}" class="title_input" /> + # # text_field(:session, :user, onchange: "if ($('#session_user').val() === 'admin') { alert('Your login cannot be admin!'); }") # # => <input type="text" id="session_user" name="session[user]" value="#{@session.user}" onchange="if ($('#session_user').val() === 'admin') { alert('Your login cannot be admin!'); }"/> # @@ -1674,6 +1680,227 @@ module ActionView @index = options[:index] || options[:child_index] end + ## + # :method: text_field + # + # :call-seq: text_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#text_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.text_field :name %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: password_field + # + # :call-seq: password_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#password_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.password_field :password %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: text_area + # + # :call-seq: text_area(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#text_area for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.text_area :detail %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: color_field + # + # :call-seq: color_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#color_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.color_field :favorite_color %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: search_field + # + # :call-seq: search_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#search_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.search_field :name %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: telephone_field + # + # :call-seq: telephone_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#telephone_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.telephone_field :phone %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: phone_field + # + # :call-seq: phone_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#phone_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.phone_field :phone %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: date_field + # + # :call-seq: date_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#date_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.date_field :born_on %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: time_field + # + # :call-seq: time_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#time_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.time_field :borned_at %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: datetime_field + # + # :call-seq: datetime_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#datetime_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.datetime_field :graduation_day %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: datetime_local_field + # + # :call-seq: datetime_local_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#datetime_local_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.datetime_local_field :graduation_day %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: month_field + # + # :call-seq: month_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#month_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.month_field :birthday_month %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: week_field + # + # :call-seq: week_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#week_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.week_field :birthday_week %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: url_field + # + # :call-seq: url_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#url_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.url_field :homepage %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: email_field + # + # :call-seq: email_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#email_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.email_field :address %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: number_field + # + # :call-seq: number_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#number_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.number_field :age %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + + ## + # :method: range_field + # + # :call-seq: range_field(method, options = {}) + # + # Wraps ActionView::Helpers::FormHelper#range_field for form builders: + # + # <%= form_with model: @user do |f| %> + # <%= f.range_field :age %> + # <% end %> + # + # Please refer to the documentation of the base helper for details. + (field_helpers - [:label, :check_box, :radio_button, :fields_for, :fields, :hidden_field, :file_field]).each do |selector| class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1 def #{selector}(method, options = {}) # def text_field(method, options = {}) diff --git a/actionview/lib/action_view/helpers/form_options_helper.rb b/actionview/lib/action_view/helpers/form_options_helper.rb index 7884a8d997..a7747456a4 100644 --- a/actionview/lib/action_view/helpers/form_options_helper.rb +++ b/actionview/lib/action_view/helpers/form_options_helper.rb @@ -463,7 +463,7 @@ module ActionView option_tags = options_from_collection_for_select( value_for_collection(group, group_method), option_key_method, option_value_method, selected_key) - content_tag("optgroup".freeze, option_tags, label: value_for_collection(group, group_label_method)) + content_tag("optgroup", option_tags, label: value_for_collection(group, group_label_method)) end.join.html_safe end @@ -535,7 +535,7 @@ module ActionView body = "".html_safe if prompt - body.safe_concat content_tag("option".freeze, prompt_text(prompt), value: "") + body.safe_concat content_tag("option", prompt_text(prompt), value: "") end grouped_options.each do |container| @@ -548,7 +548,7 @@ module ActionView end html_attributes = { label: label }.merge!(html_attributes) - body.safe_concat content_tag("optgroup".freeze, options_for_select(container, selected_key), html_attributes) + body.safe_concat content_tag("optgroup", options_for_select(container, selected_key), html_attributes) end body @@ -584,7 +584,7 @@ module ActionView end zone_options.safe_concat options_for_select(convert_zones[priority_zones], selected) - zone_options.safe_concat content_tag("option".freeze, "-------------", value: "", disabled: true) + zone_options.safe_concat content_tag("option", "-------------", value: "", disabled: true) zone_options.safe_concat "\n" zones = zones - priority_zones @@ -654,7 +654,7 @@ module ActionView # # ==== Gotcha # - # The HTML specification says when nothing is select on a collection of radio buttons + # The HTML specification says when nothing is selected on a collection of radio buttons # web browsers do not send any value to server. # Unfortunately this introduces a gotcha: # if a +User+ model has a +category_id+ field and in the form no category is selected, no +category_id+ parameter is sent. So, @@ -794,7 +794,7 @@ module ActionView def extract_values_from_collection(collection, value_method, selected) if selected.is_a?(Proc) collection.map do |element| - element.send(value_method) if selected.call(element) + public_or_deprecated_send(element, value_method) if selected.call(element) end.compact else selected @@ -802,7 +802,15 @@ module ActionView end def value_for_collection(item, value) - value.respond_to?(:call) ? value.call(item) : item.send(value) + value.respond_to?(:call) ? value.call(item) : public_or_deprecated_send(item, value) + end + + def public_or_deprecated_send(item, value) + item.public_send(value) + rescue NoMethodError + raise unless item.respond_to?(value, true) && !item.respond_to?(value) + ActiveSupport::Deprecation.warn "Using private methods from view helpers is deprecated (calling private #{item.class}##{value})" + item.send(value) end def prompt_text(prompt) diff --git a/actionview/lib/action_view/helpers/form_tag_helper.rb b/actionview/lib/action_view/helpers/form_tag_helper.rb index ba09738beb..5d4ff36425 100644 --- a/actionview/lib/action_view/helpers/form_tag_helper.rb +++ b/actionview/lib/action_view/helpers/form_tag_helper.rb @@ -24,7 +24,7 @@ module ActionView mattr_accessor :default_enforce_utf8, default: true - # Starts a form tag that points the action to a url configured with <tt>url_for_options</tt> just like + # Starts a form tag that points the action to a URL configured with <tt>url_for_options</tt> just like # ActionController::Base#url_for. The method for the form defaults to POST. # # ==== Options @@ -146,15 +146,15 @@ module ActionView end if include_blank - option_tags = content_tag("option".freeze, include_blank, options_for_blank_options_tag).safe_concat(option_tags) + option_tags = content_tag("option", include_blank, options_for_blank_options_tag).safe_concat(option_tags) end end if prompt = options.delete(:prompt) - option_tags = content_tag("option".freeze, prompt, value: "").safe_concat(option_tags) + option_tags = content_tag("option", prompt, value: "").safe_concat(option_tags) end - content_tag "select".freeze, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys) + content_tag "select", option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys) end # Creates a standard text field; use these text fields to input smaller chunks of text like a username @@ -577,7 +577,7 @@ module ActionView # # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset> def field_set_tag(legend = nil, options = nil, &block) output = tag(:fieldset, options, true) - output.safe_concat(content_tag("legend".freeze, legend)) unless legend.blank? + output.safe_concat(content_tag("legend", legend)) unless legend.blank? output.concat(capture(&block)) if block_given? output.safe_concat("</fieldset>") end diff --git a/actionview/lib/action_view/helpers/javascript_helper.rb b/actionview/lib/action_view/helpers/javascript_helper.rb index 830088bea3..b680cb1bd3 100644 --- a/actionview/lib/action_view/helpers/javascript_helper.rb +++ b/actionview/lib/action_view/helpers/javascript_helper.rb @@ -15,8 +15,8 @@ module ActionView "'" => "\\'" } - JS_ESCAPE_MAP["\342\200\250".dup.force_encoding(Encoding::UTF_8).encode!] = "
" - JS_ESCAPE_MAP["\342\200\251".dup.force_encoding(Encoding::UTF_8).encode!] = "
" + JS_ESCAPE_MAP[(+"\342\200\250").force_encoding(Encoding::UTF_8).encode!] = "
" + JS_ESCAPE_MAP[(+"\342\200\251").force_encoding(Encoding::UTF_8).encode!] = "
" # Escapes carriage returns and single and double quotes for JavaScript segments. # @@ -25,12 +25,13 @@ module ActionView # # $('some_element').replaceWith('<%= j render 'some/element_template' %>'); def escape_javascript(javascript) - if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] } - javascript.html_safe? ? result.html_safe : result + javascript = javascript.to_s + if javascript.empty? + result = "" else - "" + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] } end + javascript.html_safe? ? result.html_safe : result end alias_method :j, :escape_javascript @@ -83,7 +84,7 @@ module ActionView html_options[:nonce] = content_security_policy_nonce end - content_tag("script".freeze, javascript_cdata_section(content), html_options) + content_tag("script", javascript_cdata_section(content), html_options) end def javascript_cdata_section(content) #:nodoc: diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 4b53b8fe6e..35206b7e48 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -100,6 +100,9 @@ module ActionView # absolute value of the number. # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when # the argument is invalid. + # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes + # insignificant zeros after the decimal separator (defaults to + # +false+). # # ==== Examples # @@ -117,6 +120,8 @@ module ActionView # # => R$1234567890,50 # number_to_currency(1234567890.50, unit: "R$", separator: ",", delimiter: "", format: "%n %u") # # => 1234567890,50 R$ + # number_to_currency(1234567890.50, strip_insignificant_zeros: true) + # # => "$1,234,567,890.5" def number_to_currency(number, options = {}) delegate_number_helper_method(:number_to_currency, number, options) end diff --git a/actionview/lib/action_view/helpers/output_safety_helper.rb b/actionview/lib/action_view/helpers/output_safety_helper.rb index 279cde5e76..52a951b2ca 100644 --- a/actionview/lib/action_view/helpers/output_safety_helper.rb +++ b/actionview/lib/action_view/helpers/output_safety_helper.rb @@ -38,7 +38,7 @@ module ActionView #:nodoc: # Converts the array to a comma-separated sentence where the last element is # joined by the connector word. This is the html_safe-aware version of - # ActiveSupport's {Array#to_sentence}[http://api.rubyonrails.org/classes/Array.html#method-i-to_sentence]. + # ActiveSupport's {Array#to_sentence}[https://api.rubyonrails.org/classes/Array.html#method-i-to_sentence]. # def to_sentence(array, options = {}) options.assert_valid_keys(:words_connector, :two_words_connector, :last_word_connector, :locale) diff --git a/actionview/lib/action_view/helpers/rendering_helper.rb b/actionview/lib/action_view/helpers/rendering_helper.rb index 1e12aa2736..7ead691113 100644 --- a/actionview/lib/action_view/helpers/rendering_helper.rb +++ b/actionview/lib/action_view/helpers/rendering_helper.rb @@ -27,10 +27,12 @@ module ActionView def render(options = {}, locals = {}, &block) case options when Hash - if block_given? - view_renderer.render_partial(self, options.merge(partial: options[:layout]), &block) - else - view_renderer.render(self, options) + in_rendering_context(options) do |renderer| + if block_given? + view_renderer.render_partial(self, options.merge(partial: options[:layout]), &block) + else + view_renderer.render(self, options) + end end else view_renderer.render_partial(self, partial: options, locals: locals, &block) diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index cb0c99c4cf..f4fa133f55 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -10,7 +10,7 @@ module ActionView # These helper methods extend Action View making them callable within your template files. module SanitizeHelper extend ActiveSupport::Concern - # Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted. + # Sanitizes HTML input, stripping all but known-safe tags and attributes. # # It also strips href/src attributes with unsafe protocols like # <tt>javascript:</tt>, while also protecting against attempts to use Unicode, @@ -40,7 +40,7 @@ module ActionView # # <%= sanitize @comment.body %> # - # Providing custom whitelisted tags and attributes: + # Providing custom lists of permitted tags and attributes: # # <%= sanitize @comment.body, tags: %w(strong em a), attributes: %w(href) %> # diff --git a/actionview/lib/action_view/helpers/tag_helper.rb b/actionview/lib/action_view/helpers/tag_helper.rb index d12989ea64..3979721d34 100644 --- a/actionview/lib/action_view/helpers/tag_helper.rb +++ b/actionview/lib/action_view/helpers/tag_helper.rb @@ -58,7 +58,7 @@ module ActionView def tag_options(options, escape = true) return if options.blank? - output = "".dup + output = +"" sep = " " options.each_pair do |key, value| if TAG_PREFIXES.include?(key) && value.is_a?(Hash) @@ -86,11 +86,11 @@ module ActionView def tag_option(key, value, escape) if value.is_a?(Array) - value = escape ? safe_join(value, " ".freeze) : value.join(" ".freeze) + value = escape ? safe_join(value, " ") : value.join(" ") else value = escape ? ERB::Util.unwrapped_html_escape(value) : value.to_s.dup end - value.gsub!('"'.freeze, """.freeze) + value.gsub!('"', """) %(#{key}="#{value}") end diff --git a/actionview/lib/action_view/helpers/tags/base.rb b/actionview/lib/action_view/helpers/tags/base.rb index eef527d36f..b58e1a6680 100644 --- a/actionview/lib/action_view/helpers/tags/base.rb +++ b/actionview/lib/action_view/helpers/tags/base.rb @@ -138,7 +138,7 @@ module ActionView end def sanitized_value(value) - value.to_s.gsub(/\s/, "_").gsub(/[^-[[:word:]]]/, "").mb_chars.downcase.to_s + value.to_s.gsub(/[\s\.]/, "_").gsub(/[^-[[:word:]]]/, "").downcase end def select_content_tag(option_tags, options, html_options) diff --git a/actionview/lib/action_view/helpers/tags/color_field.rb b/actionview/lib/action_view/helpers/tags/color_field.rb index c5f0bb6bbb..39ab1285c3 100644 --- a/actionview/lib/action_view/helpers/tags/color_field.rb +++ b/actionview/lib/action_view/helpers/tags/color_field.rb @@ -15,7 +15,7 @@ module ActionView def validate_color_string(string) regex = /#[0-9a-fA-F]{6}/ - if regex.match(string) + if regex.match?(string) string.downcase else "#000000" diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index 34138de00e..c282505e13 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -188,7 +188,7 @@ module ActionView unless separator.empty? text.split(separator).each do |value| - if value.match(regex) + if value.match?(regex) phrase = value break end @@ -228,7 +228,7 @@ module ActionView # pluralize(2, 'Person', locale: :de) # # => 2 Personen def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale) - word = if (count == 1 || count =~ /^1(\.0+)?$/) + word = if count == 1 || count.to_s =~ /^1(\.0+)?$/ singular else plural || singular.pluralize(locale) @@ -259,7 +259,7 @@ module ActionView # # => Once\r\nupon\r\na\r\ntime def word_wrap(text, line_width: 80, break_sequence: "\n") text.split("\n").collect! do |line| - line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1#{break_sequence}").strip : line + line.length > line_width ? line.gsub(/(.{1,#{line_width}})(\s+|$)/, "\\1#{break_sequence}").rstrip : line end * break_sequence end diff --git a/actionview/lib/action_view/helpers/translation_helper.rb b/actionview/lib/action_view/helpers/translation_helper.rb index ba82dcab3e..d5b0a9263f 100644 --- a/actionview/lib/action_view/helpers/translation_helper.rb +++ b/actionview/lib/action_view/helpers/translation_helper.rb @@ -98,7 +98,7 @@ module ActionView raise e if raise_error keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope]) - title = "translation missing: #{keys.join('.')}".dup + title = +"translation missing: #{keys.join('.')}" interpolations = options.except(:default, :scope) if interpolations.any? @@ -114,7 +114,7 @@ module ActionView # Delegates to <tt>I18n.localize</tt> with no additional functionality. # - # See http://rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize + # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize # for more information. def localize(*args) I18n.localize(*args) @@ -138,7 +138,7 @@ module ActionView end def html_safe_translation_key?(key) - /(\b|_|\.)html$/.match?(key.to_s) + /(?:_|\b)html\z/.match?(key.to_s) end end end diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb index 52bffaab84..df83dff681 100644 --- a/actionview/lib/action_view/helpers/url_helper.rb +++ b/actionview/lib/action_view/helpers/url_helper.rb @@ -200,9 +200,9 @@ module ActionView html_options = convert_options_to_data_attributes(options, html_options) url = url_for(options) - html_options["href".freeze] ||= url + html_options["href"] ||= url - content_tag("a".freeze, name || url, html_options, &block) + content_tag("a", name || url, html_options, &block) end # Generates a form containing a single button that submits to the URL created @@ -308,7 +308,7 @@ module ActionView params = html_options.delete("params") method = html_options.delete("method").to_s - method_tag = BUTTON_TAG_METHOD_VERBS.include?(method) ? method_tag(method) : "".freeze.html_safe + method_tag = BUTTON_TAG_METHOD_VERBS.include?(method) ? method_tag(method) : "".html_safe form_method = method == "get" ? "get" : "post" form_options = html_options.delete("form") || {} @@ -321,7 +321,7 @@ module ActionView request_method = method.empty? ? "post" : method token_tag(nil, form_options: { action: url, method: request_method }) else - "".freeze + "" end html_options = convert_options_to_data_attributes(options, html_options) @@ -487,12 +487,12 @@ module ActionView option = html_options.delete(item).presence || next "#{item.dasherize}=#{ERB::Util.url_encode(option)}" }.compact - extras = extras.empty? ? "".freeze : "?" + extras.join("&") + extras = extras.empty? ? "" : "?" + extras.join("&") encoded_email_address = ERB::Util.url_encode(email_address).gsub("%40", "@") html_options["href"] = "mailto:#{encoded_email_address}#{extras}" - content_tag("a".freeze, name || email_address, html_options, &block) + content_tag("a", name || email_address, html_options, &block) end # True if the current request URI was generated by the given +options+. @@ -553,7 +553,7 @@ module ActionView url_string = URI.parser.unescape(url_for(options)).force_encoding(Encoding::BINARY) # We ignore any extra parameters in the request_uri if the - # submitted url doesn't have any either. This lets the function + # submitted URL doesn't have any either. This lets the function # work with things like ?order=asc # the behaviour can be disabled with check_parameters: true request_uri = url_string.index("?") || check_parameters ? request.fullpath : request.path @@ -575,21 +575,21 @@ module ActionView def convert_options_to_data_attributes(options, html_options) if html_options html_options = html_options.stringify_keys - html_options["data-remote"] = "true".freeze if link_to_remote_options?(options) || link_to_remote_options?(html_options) + html_options["data-remote"] = "true" if link_to_remote_options?(options) || link_to_remote_options?(html_options) - method = html_options.delete("method".freeze) + method = html_options.delete("method") add_method_to_attributes!(html_options, method) if method html_options else - link_to_remote_options?(options) ? { "data-remote" => "true".freeze } : {} + link_to_remote_options?(options) ? { "data-remote" => "true" } : {} end end def link_to_remote_options?(options) if options.is_a?(Hash) - options.delete("remote".freeze) || options.delete(:remote) + options.delete("remote") || options.delete(:remote) end end @@ -618,11 +618,11 @@ module ActionView end def token_tag(token = nil, form_options: {}) - if token != false && protect_against_forgery? + if token != false && defined?(protect_against_forgery?) && protect_against_forgery? token ||= form_authenticity_token(form_options: form_options) tag(:input, type: "hidden", name: request_forgery_protection_token.to_s, value: token) else - "".freeze + "" end end |