diff options
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/CHANGELOG.md | 8 | ||||
-rw-r--r-- | actionview/lib/action_view/dependency_tracker.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/digestor.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/asset_tag_helper.rb | 4 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/url_helper.rb | 14 | ||||
-rw-r--r-- | actionview/lib/action_view/lookup_context.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/renderer/partial_renderer.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/template.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/template/error.rb | 19 | ||||
-rw-r--r-- | actionview/test/template/asset_tag_helper_test.rb | 2 | ||||
-rw-r--r-- | actionview/test/template/render_test.rb | 8 | ||||
-rw-r--r-- | actionview/test/template/template_error_test.rb | 25 | ||||
-rw-r--r-- | actionview/test/template/url_helper_test.rb | 31 |
13 files changed, 97 insertions, 24 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 65314184c8..bb1103b173 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,11 @@ +* Allow `host` option in `javascript_include_tag` and `stylesheet_link_tag` helpers + + *Grzegorz Witek* + +* Restrict `url_for :back` to valid, non-JavaScript URLs. GH#14444 + + *Damien Burke* + * Allow `date_select` helper selected option to accept hash like the default options. *Lecky Lao* diff --git a/actionview/lib/action_view/dependency_tracker.rb b/actionview/lib/action_view/dependency_tracker.rb index 7716955fd9..5a4c3ea3fe 100644 --- a/actionview/lib/action_view/dependency_tracker.rb +++ b/actionview/lib/action_view/dependency_tracker.rb @@ -1,4 +1,4 @@ -require 'concurrent' +require 'concurrent/map' require 'action_view/path_set' module ActionView diff --git a/actionview/lib/action_view/digestor.rb b/actionview/lib/action_view/digestor.rb index 12e9723a02..6f2f9ca53c 100644 --- a/actionview/lib/action_view/digestor.rb +++ b/actionview/lib/action_view/digestor.rb @@ -1,4 +1,4 @@ -require 'concurrent' +require 'concurrent/map' require 'action_view/dependency_tracker' require 'monitor' diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index fa46a22500..2ffed6b395 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -55,7 +55,7 @@ module ActionView # # => <script src="http://www.example.com/xmlhr.js"></script> def javascript_include_tag(*sources) options = sources.extract_options!.stringify_keys - path_options = options.extract!('protocol', 'extname').symbolize_keys + path_options = options.extract!('protocol', 'extname', 'host').symbolize_keys sources.uniq.map { |source| tag_options = { "src" => path_to_javascript(source, path_options) @@ -91,7 +91,7 @@ module ActionView # # <link href="/css/stylish.css" media="screen" rel="stylesheet" /> def stylesheet_link_tag(*sources) options = sources.extract_options!.stringify_keys - path_options = options.extract!('protocol').symbolize_keys + path_options = options.extract!('protocol', 'host').symbolize_keys sources.uniq.map { |source| tag_options = { diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb index 5684de35e8..baebc34b4b 100644 --- a/actionview/lib/action_view/helpers/url_helper.rb +++ b/actionview/lib/action_view/helpers/url_helper.rb @@ -41,11 +41,21 @@ module ActionView end def _back_url # :nodoc: - referrer = controller.respond_to?(:request) && controller.request.env["HTTP_REFERER"] - referrer || 'javascript:history.back()' + _filtered_referrer || 'javascript:history.back()' end protected :_back_url + def _filtered_referrer # :nodoc: + if controller.respond_to?(:request) + referrer = controller.request.env["HTTP_REFERER"] + if referrer && URI(referrer).scheme != 'javascript' + referrer + end + end + rescue URI::InvalidURIError + end + protected :_filtered_referrer + # Creates an anchor element of the given +name+ using a URL created by the set of +options+. # See the valid options in the documentation for +url_for+. It's also possible to # pass a String instead of an options hash, which generates an anchor element that uses the diff --git a/actionview/lib/action_view/lookup_context.rb b/actionview/lib/action_view/lookup_context.rb index ec6edfaaa3..d3935788ef 100644 --- a/actionview/lib/action_view/lookup_context.rb +++ b/actionview/lib/action_view/lookup_context.rb @@ -1,4 +1,4 @@ -require 'concurrent' +require 'concurrent/map' require 'active_support/core_ext/module/remove_method' require 'active_support/core_ext/module/attribute_accessors' require 'action_view/template/resolver' diff --git a/actionview/lib/action_view/renderer/partial_renderer.rb b/actionview/lib/action_view/renderer/partial_renderer.rb index 39c8658ffe..a78bf0a6e9 100644 --- a/actionview/lib/action_view/renderer/partial_renderer.rb +++ b/actionview/lib/action_view/renderer/partial_renderer.rb @@ -1,5 +1,5 @@ require 'action_view/renderer/partial_renderer/collection_caching' -require 'concurrent' +require 'concurrent/map' module ActionView class PartialIteration diff --git a/actionview/lib/action_view/template.rb b/actionview/lib/action_view/template.rb index 0ed208f27e..15fc2b71a3 100644 --- a/actionview/lib/action_view/template.rb +++ b/actionview/lib/action_view/template.rb @@ -325,7 +325,7 @@ module ActionView template = refresh(view) template.encode! end - raise Template::Error.new(template, e) + raise Template::Error.new(template) end end diff --git a/actionview/lib/action_view/template/error.rb b/actionview/lib/action_view/template/error.rb index 390bce98a2..b03b197cb5 100644 --- a/actionview/lib/action_view/template/error.rb +++ b/actionview/lib/action_view/template/error.rb @@ -59,13 +59,20 @@ module ActionView class Error < ActionViewError #:nodoc: SOURCE_CODE_RADIUS = 3 - attr_reader :original_exception + def initialize(template, original_exception = nil) + if original_exception + ActiveSupport::Deprecation.warn("Passing #original_exception is deprecated and has no effect. " \ + "Exceptions will automatically capture the original exception.", caller) + end + + super($!.message) + set_backtrace($!.backtrace) + @template, @sub_templates = template, nil + end - def initialize(template, original_exception) - super(original_exception.message) - @template, @original_exception = template, original_exception - @sub_templates = nil - set_backtrace(original_exception.backtrace) + def original_exception + ActiveSupport::Deprecation.warn("#original_exception is deprecated. Use #cause instead.", caller) + cause end def file_name diff --git a/actionview/test/template/asset_tag_helper_test.rb b/actionview/test/template/asset_tag_helper_test.rb index 496b33b35e..a63ac442cd 100644 --- a/actionview/test/template/asset_tag_helper_test.rb +++ b/actionview/test/template/asset_tag_helper_test.rb @@ -97,6 +97,7 @@ class AssetTagHelperTest < ActionView::TestCase %(javascript_include_tag("bank")) => %(<script src="/javascripts/bank.js" ></script>), %(javascript_include_tag("bank.js")) => %(<script src="/javascripts/bank.js" ></script>), %(javascript_include_tag("bank", :lang => "vbscript")) => %(<script lang="vbscript" src="/javascripts/bank.js" ></script>), + %(javascript_include_tag("bank", :host => "assets.example.com")) => %(<script src="http://assets.example.com/javascripts/bank.js"></script>), %(javascript_include_tag("http://example.com/all")) => %(<script src="http://example.com/all"></script>), %(javascript_include_tag("http://example.com/all.js")) => %(<script src="http://example.com/all.js"></script>), @@ -141,6 +142,7 @@ class AssetTagHelperTest < ActionView::TestCase %(stylesheet_link_tag("/elsewhere/file")) => %(<link href="/elsewhere/file.css" media="screen" rel="stylesheet" />), %(stylesheet_link_tag("subdir/subdir")) => %(<link href="/stylesheets/subdir/subdir.css" media="screen" rel="stylesheet" />), %(stylesheet_link_tag("bank", :media => "all")) => %(<link href="/stylesheets/bank.css" media="all" rel="stylesheet" />), + %(stylesheet_link_tag("bank", :host => "assets.example.com")) => %(<link href="http://assets.example.com/stylesheets/bank.css" media="screen" rel="stylesheet" />), %(stylesheet_link_tag("http://www.example.com/styles/style")) => %(<link href="http://www.example.com/styles/style" media="screen" rel="stylesheet" />), %(stylesheet_link_tag("http://www.example.com/styles/style.css")) => %(<link href="http://www.example.com/styles/style.css" media="screen" rel="stylesheet" />), diff --git a/actionview/test/template/render_test.rb b/actionview/test/template/render_test.rb index 00fc28a522..51bc59edae 100644 --- a/actionview/test/template/render_test.rb +++ b/actionview/test/template/render_test.rb @@ -352,8 +352,8 @@ module RenderTestCases exception = assert_raises ActionView::Template::Error do @controller_view.render("partial_name_local_variable") end - assert_instance_of NameError, exception.original_exception - assert_equal :partial_name_local_variable, exception.original_exception.name + assert_instance_of NameError, exception.cause + assert_equal :partial_name_local_variable, exception.cause.name end # TODO: The reason for this test is unclear, improve documentation @@ -590,14 +590,14 @@ class LazyViewRenderTest < ActiveSupport::TestCase def test_render_utf8_template_with_incompatible_external_encoding with_external_encoding Encoding::SHIFT_JIS do e = assert_raises(ActionView::Template::Error) { @view.render(:file => "test/utf8", :formats => [:html], :layouts => "layouts/yield") } - assert_match 'Your template was not saved as valid Shift_JIS', e.original_exception.message + assert_match 'Your template was not saved as valid Shift_JIS', e.cause.message end end def test_render_utf8_template_with_partial_with_incompatible_encoding with_external_encoding Encoding::SHIFT_JIS do e = assert_raises(ActionView::Template::Error) { @view.render(:file => "test/utf8_magic_with_bare_partial", :formats => [:html], :layouts => "layouts/yield") } - assert_match 'Your template was not saved as valid Shift_JIS', e.original_exception.message + assert_match 'Your template was not saved as valid Shift_JIS', e.cause.message end end diff --git a/actionview/test/template/template_error_test.rb b/actionview/test/template/template_error_test.rb index 3971ec809c..54c1d53b60 100644 --- a/actionview/test/template/template_error_test.rb +++ b/actionview/test/template/template_error_test.rb @@ -2,19 +2,34 @@ require "abstract_unit" class TemplateErrorTest < ActiveSupport::TestCase def test_provides_original_message - error = ActionView::Template::Error.new("test", Exception.new("original")) + error = begin + raise Exception.new("original") + rescue Exception + raise ActionView::Template::Error.new("test") rescue $! + end + assert_equal "original", error.message end def test_provides_original_backtrace - original_exception = Exception.new - original_exception.set_backtrace(%W[ foo bar baz ]) - error = ActionView::Template::Error.new("test", original_exception) + error = begin + original_exception = Exception.new + original_exception.set_backtrace(%W[ foo bar baz ]) + raise original_exception + rescue Exception + raise ActionView::Template::Error.new("test") rescue $! + end + assert_equal %W[ foo bar baz ], error.backtrace end def test_provides_useful_inspect - error = ActionView::Template::Error.new("test", Exception.new("original")) + error = begin + raise Exception.new("original") + rescue Exception + raise ActionView::Template::Error.new("test") rescue $! + end + assert_equal "#<ActionView::Template::Error: original>", error.inspect end end diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb index 50b7865f88..48d0a9a47a 100644 --- a/actionview/test/template/url_helper_test.rb +++ b/actionview/test/template/url_helper_test.rb @@ -50,6 +50,23 @@ class UrlHelperTest < ActiveSupport::TestCase assert_equal 'javascript:history.back()', url_for(:back) end + def test_url_for_with_back_and_no_controller + @controller = nil + assert_equal 'javascript:history.back()', url_for(:back) + end + + def test_url_for_with_back_and_javascript_referer + referer = 'javascript:alert(document.cookie)' + @controller = Struct.new(:request).new(Struct.new(:env).new("HTTP_REFERER" => referer)) + assert_equal 'javascript:history.back()', url_for(:back) + end + + def test_url_for_with_invalid_referer + referer = 'THIS IS NOT A URL' + @controller = Struct.new(:request).new(Struct.new(:env).new("HTTP_REFERER" => referer)) + assert_equal 'javascript:history.back()', url_for(:back) + end + def test_button_to_with_straight_url assert_dom_equal %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>}, button_to("Hello", "http://www.example.com") end @@ -523,6 +540,20 @@ class UrlHelperTest < ActiveSupport::TestCase mail_to('feedback@example.com', '<img src="/feedback.png" />'.html_safe) end + def test_mail_to_with_html_safe_string + assert_dom_equal( + %{<a href="mailto:david@loudthinking.com">david@loudthinking.com</a>}, + mail_to("david@loudthinking.com".html_safe) + ) + end + + def test_mail_to_with_nil + assert_dom_equal( + %{<a href="mailto:"></a>}, + mail_to(nil) + ) + end + def test_mail_to_returns_html_safe_string assert mail_to("david@loudthinking.com").html_safe? end |