diff options
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/CHANGELOG.md | 14 | ||||
| -rw-r--r-- | actionview/actionview.gemspec | 4 | ||||
| -rw-r--r-- | actionview/app/assets/javascripts/utils/event.coffee | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/base.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/cache_helper.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/number_helper.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/template/handlers/erb.rb | 77 | ||||
| -rw-r--r-- | actionview/lib/action_view/template/handlers/erb/erubi.rb | 81 | ||||
| -rw-r--r-- | actionview/lib/action_view/template/handlers/erb/erubis.rb | 80 | ||||
| -rw-r--r-- | actionview/lib/action_view/template/resolver.rb | 4 | ||||
| -rw-r--r-- | actionview/test/template/erb/deprecated_erubis_implementation_test.rb | 11 | ||||
| -rw-r--r-- | actionview/test/template/erb/helper.rb | 2 | ||||
| -rw-r--r-- | actionview/test/template/output_safety_helper_test.rb | 18 | ||||
| -rw-r--r-- | actionview/test/template/text_test.rb | 16 | ||||
| -rw-r--r-- | actionview/test/ujs/public/test/settings.js | 2 |
15 files changed, 231 insertions, 86 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index c12fb2e5ae..b071b260c9 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,17 @@ +* Change the ERB handler from Erubis to Erubi. + + Erubi is an Erubis fork that's svelte, simple, and currently maintained. + Plus it supports `--enable-frozen-string-literal` in Ruby 2.3+. + + Compatibility: Drops support for `<%===` tags for debug output. + These were an unused, undocumented side effect of the Erubis + implementation. + + Deprecation: The Erubis handler will be removed in Rails 5.2, for the + handful of folks using it directly. + + *Jeremy Evans* + * Allow render locals to be assigned to instance variables in a view. Fixes #27480. diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec index 7bfdfbe29a..cfaa5007a1 100644 --- a/actionview/actionview.gemspec +++ b/actionview/actionview.gemspec @@ -22,8 +22,8 @@ Gem::Specification.new do |s| s.add_dependency "activesupport", version s.add_dependency "builder", "~> 3.1" - s.add_dependency "erubis", "~> 2.7.0" - s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.2" + s.add_dependency "erubi", "~> 1.4" + s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.3" s.add_dependency "rails-dom-testing", "~> 2.0" s.add_development_dependency "actionpack", version diff --git a/actionview/app/assets/javascripts/utils/event.coffee b/actionview/app/assets/javascripts/utils/event.coffee index 049b2a3ecd..d25fe8e546 100644 --- a/actionview/app/assets/javascripts/utils/event.coffee +++ b/actionview/app/assets/javascripts/utils/event.coffee @@ -13,7 +13,7 @@ if typeof CustomEvent is 'function' evt CustomEvent.prototype = window.Event.prototype -# Triggers an custom event on an element and returns false if the event result is false +# Triggers a custom event on an element and returns false if the event result is false fire = Rails.fire = (obj, name, data) -> event = new CustomEvent( name, diff --git a/actionview/lib/action_view/base.rb b/actionview/lib/action_view/base.rb index b7c05fdb88..5387174467 100644 --- a/actionview/lib/action_view/base.rb +++ b/actionview/lib/action_view/base.rb @@ -11,7 +11,7 @@ module ActionView #:nodoc: # = Action View Base # # Action View templates can be written in several ways. - # If the template file has a <tt>.erb</tt> extension, then it uses the erubis[https://rubygems.org/gems/erubis] + # If the template file has a <tt>.erb</tt> extension, then it uses the erubi[https://rubygems.org/gems/erubi] # template system which can embed Ruby into an HTML document. # If the template file has a <tt>.builder</tt> extension, then Jim Weirich's Builder::XmlMarkup library is used. # diff --git a/actionview/lib/action_view/helpers/cache_helper.rb b/actionview/lib/action_view/helpers/cache_helper.rb index 7fdf0fd0e1..15ab7e304f 100644 --- a/actionview/lib/action_view/helpers/cache_helper.rb +++ b/actionview/lib/action_view/helpers/cache_helper.rb @@ -241,8 +241,6 @@ module ActionView end def write_fragment_for(name, options) - # VIEW TODO: Make #capture usable outside of ERB - # This dance is needed because Builder can't use capture pos = output_buffer.length yield output_safe = output_buffer.html_safe? diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 9e80f0b2ee..b6bc5f4f6f 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -92,7 +92,7 @@ module ActionView # (defaults to "%u%n"). Fields are <tt>%u</tt> for the # currency, and <tt>%n</tt> for the number. # * <tt>:negative_format</tt> - Sets the format for negative - # numbers (defaults to prepending an hyphen to the formatted + # numbers (defaults to prepending a hyphen to the formatted # number given by <tt>:format</tt>). Accepts the same fields # than <tt>:format</tt>, except <tt>%n</tt> is here the # absolute value of the number. diff --git a/actionview/lib/action_view/template/handlers/erb.rb b/actionview/lib/action_view/template/handlers/erb.rb index 5d047a6991..cee5408aa9 100644 --- a/actionview/lib/action_view/template/handlers/erb.rb +++ b/actionview/lib/action_view/template/handlers/erb.rb @@ -1,79 +1,12 @@ -require "erubis" - module ActionView class Template module Handlers - class Erubis < ::Erubis::Eruby - def add_preamble(src) - @newline_pending = 0 - src << "@output_buffer = output_buffer || ActionView::OutputBuffer.new;" - end - - def add_text(src, text) - return if text.empty? - - if text == "\n" - @newline_pending += 1 - else - src << "@output_buffer.safe_append='" - src << "\n" * @newline_pending if @newline_pending > 0 - src << escape_text(text) - src << "'.freeze;" - - @newline_pending = 0 - end - end - - # Erubis toggles <%= and <%== behavior when escaping is enabled. - # We override to always treat <%== as escaped. - def add_expr(src, code, indicator) - case indicator - when "==" - add_expr_escaped(src, code) - else - super - end - end - - BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/ - - def add_expr_literal(src, code) - flush_newline_if_pending(src) - if BLOCK_EXPR.match?(code) - src << "@output_buffer.append= " << code - else - src << "@output_buffer.append=(" << code << ");" - end - end - - def add_expr_escaped(src, code) - flush_newline_if_pending(src) - if BLOCK_EXPR.match?(code) - src << "@output_buffer.safe_expr_append= " << code - else - src << "@output_buffer.safe_expr_append=(" << code << ");" - end - end - - def add_stmt(src, code) - flush_newline_if_pending(src) - super - end - - def add_postamble(src) - flush_newline_if_pending(src) - src << "@output_buffer.to_s" - end - - def flush_newline_if_pending(src) - if @newline_pending > 0 - src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;" - @newline_pending = 0 - end - end - end + Erubis = ActiveSupport::Deprecation::DeprecatedConstantProxy.new("Erubis", "ActionView::Template::Handlers::ERB::Erubis", message: "ActionView::Template::Handlers::Erubis is deprecated and will be removed from Rails 5.2. Switch to ActionView::Template::Handlers::ERB::Erubi instead.") class ERB + autoload :Erubi, "action_view/template/handlers/erb/erubi" + autoload :Erubis, "action_view/template/handlers/erb/erubis" + # Specify trim mode for the ERB compiler. Defaults to '-'. # See ERB documentation for suitable values. class_attribute :erb_trim_mode @@ -81,7 +14,7 @@ module ActionView # Default implementation used. class_attribute :erb_implementation - self.erb_implementation = Erubis + self.erb_implementation = Erubi # Do not escape templates of these mime types. class_attribute :escape_whitelist diff --git a/actionview/lib/action_view/template/handlers/erb/erubi.rb b/actionview/lib/action_view/template/handlers/erb/erubi.rb new file mode 100644 index 0000000000..755cc84015 --- /dev/null +++ b/actionview/lib/action_view/template/handlers/erb/erubi.rb @@ -0,0 +1,81 @@ +require "erubi" + +module ActionView + class Template + module Handlers + class ERB + class Erubi < ::Erubi::Engine + # :nodoc: all + def initialize(input, properties = {}) + @newline_pending = 0 + + # Dup properties so that we don't modify argument + properties = Hash[properties] + properties[:preamble] = "@output_buffer = output_buffer || ActionView::OutputBuffer.new;" + properties[:postamble] = "@output_buffer.to_s" + properties[:bufvar] = "@output_buffer" + properties[:escapefunc] = "" + + super + end + + def evaluate(action_view_erb_handler_context) + pr = eval("proc { #{@src} }", binding, @filename || "(erubi)") + action_view_erb_handler_context.instance_eval(&pr) + end + + private + def add_text(text) + return if text.empty? + + if text == "\n" + @newline_pending += 1 + else + src << "@output_buffer.safe_append='" + src << "\n" * @newline_pending if @newline_pending > 0 + src << text.gsub(/['\\]/, '\\\\\&') + src << "'.freeze;" + + @newline_pending = 0 + end + end + + BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/ + + def add_expression(indicator, code) + flush_newline_if_pending(src) + + if (indicator == "==") || @escape + src << "@output_buffer.safe_expr_append=" + else + src << "@output_buffer.append=" + end + + if BLOCK_EXPR.match?(code) + src << " " << code + else + src << "(" << code << ");" + end + end + + def add_code(code) + flush_newline_if_pending(src) + super + end + + def add_postamble(_) + flush_newline_if_pending(src) + super + end + + def flush_newline_if_pending(src) + if @newline_pending > 0 + src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;" + @newline_pending = 0 + end + end + end + end + end + end +end diff --git a/actionview/lib/action_view/template/handlers/erb/erubis.rb b/actionview/lib/action_view/template/handlers/erb/erubis.rb new file mode 100644 index 0000000000..bf316ceec5 --- /dev/null +++ b/actionview/lib/action_view/template/handlers/erb/erubis.rb @@ -0,0 +1,80 @@ +require "erubis" + +module ActionView + class Template + module Handlers + class ERB + class Erubis < ::Erubis::Eruby + # :nodoc: all + def add_preamble(src) + @newline_pending = 0 + src << "@output_buffer = output_buffer || ActionView::OutputBuffer.new;" + end + + def add_text(src, text) + return if text.empty? + + if text == "\n" + @newline_pending += 1 + else + src << "@output_buffer.safe_append='" + src << "\n" * @newline_pending if @newline_pending > 0 + src << escape_text(text) + src << "'.freeze;" + + @newline_pending = 0 + end + end + + # Erubis toggles <%= and <%== behavior when escaping is enabled. + # We override to always treat <%== as escaped. + def add_expr(src, code, indicator) + case indicator + when "==" + add_expr_escaped(src, code) + else + super + end + end + + BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/ + + def add_expr_literal(src, code) + flush_newline_if_pending(src) + if BLOCK_EXPR.match?(code) + src << "@output_buffer.append= " << code + else + src << "@output_buffer.append=(" << code << ");" + end + end + + def add_expr_escaped(src, code) + flush_newline_if_pending(src) + if BLOCK_EXPR.match?(code) + src << "@output_buffer.safe_expr_append= " << code + else + src << "@output_buffer.safe_expr_append=(" << code << ");" + end + end + + def add_stmt(src, code) + flush_newline_if_pending(src) + super + end + + def add_postamble(src) + flush_newline_if_pending(src) + src << "@output_buffer.to_s" + end + + def flush_newline_if_pending(src) + if @newline_pending > 0 + src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;" + @newline_pending = 0 + end + end + end + end + end + end +end diff --git a/actionview/lib/action_view/template/resolver.rb b/actionview/lib/action_view/template/resolver.rb index c049e8f402..d3905b5f23 100644 --- a/actionview/lib/action_view/template/resolver.rb +++ b/actionview/lib/action_view/template/resolver.rb @@ -164,8 +164,8 @@ module ActionView # This is what child classes implement. No defaults are needed # because Resolver guarantees that the arguments are present and # normalized. - def find_templates(name, prefix, partial, details) - raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details) method" + def find_templates(name, prefix, partial, details, outside_app_allowed = false) + raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details, outside_app_allowed = false) method" end # Helpers that builds a path. Useful for building virtual paths. diff --git a/actionview/test/template/erb/deprecated_erubis_implementation_test.rb b/actionview/test/template/erb/deprecated_erubis_implementation_test.rb new file mode 100644 index 0000000000..4a130e6c33 --- /dev/null +++ b/actionview/test/template/erb/deprecated_erubis_implementation_test.rb @@ -0,0 +1,11 @@ +require "abstract_unit" + +module ERBTest + class DeprecatedErubisImplementationTest < ActionView::TestCase + test "Erubis implementation is deprecated" do + assert_deprecated "ActionView::Template::Handlers::Erubis is deprecated and will be removed from Rails 5.2. Switch to ActionView::Template::Handlers::ERB::Erubi instead." do + assert_equal "ActionView::Template::Handlers::ERB::Erubis", ActionView::Template::Handlers::Erubis.to_s + end + end + end +end diff --git a/actionview/test/template/erb/helper.rb b/actionview/test/template/erb/helper.rb index a1973068d5..bc1eedc15f 100644 --- a/actionview/test/template/erb/helper.rb +++ b/actionview/test/template/erb/helper.rb @@ -14,7 +14,7 @@ module ERBTest class BlockTestCase < ActiveSupport::TestCase def render_content(start, inside) template = block_helper(start, inside) - ActionView::Template::Handlers::Erubis.new(template).evaluate(ViewContext.new) + ActionView::Template::Handlers::ERB.erb_implementation.new(template).evaluate(ViewContext.new) end def block_helper(str, rest) diff --git a/actionview/test/template/output_safety_helper_test.rb b/actionview/test/template/output_safety_helper_test.rb index 0f3288130b..537b4393ee 100644 --- a/actionview/test/template/output_safety_helper_test.rb +++ b/actionview/test/template/output_safety_helper_test.rb @@ -34,8 +34,19 @@ class OutputSafetyHelperTest < ActionView::TestCase end test "safe_join should return the safe string separated by $, when second argument is not passed" do - joined = safe_join(["a", "b"]) - assert_equal "a#{$,}b", joined + default_delimeter = $, + + begin + $, = nil + joined = safe_join(["a", "b"]) + assert_equal "ab", joined + + $, = "|" + joined = safe_join(["a", "b"]) + assert_equal "a|b", joined + ensure + $, = default_delimeter + end end test "to_sentence should escape non-html_safe values" do @@ -94,12 +105,13 @@ class OutputSafetyHelperTest < ActionView::TestCase end test "to_sentence is not affected by $," do + separator_was = $, $, = "|" begin assert_equal "one and two", to_sentence(["one", "two"]) assert_equal "one, two, and three", to_sentence(["one", "two", "three"]) ensure - $, = nil + $, = separator_was end end end diff --git a/actionview/test/template/text_test.rb b/actionview/test/template/text_test.rb index ee526dc367..72ffd5f3be 100644 --- a/actionview/test/template/text_test.rb +++ b/actionview/test/template/text_test.rb @@ -4,4 +4,20 @@ class TextTest < ActiveSupport::TestCase test "formats always return :text" do assert_equal [:text], ActionView::Template::Text.new("").formats end + + test "identifier should return 'text template'" do + assert_equal "text template", ActionView::Template::Text.new("").identifier + end + + test "inspect should return 'text template'" do + assert_equal "text template", ActionView::Template::Text.new("").inspect + end + + test "to_str should return a given string" do + assert_equal "a cat", ActionView::Template::Text.new("a cat").to_str + end + + test "render should return a given string" do + assert_equal "a dog", ActionView::Template::Text.new("a dog").render + end end diff --git a/actionview/test/ujs/public/test/settings.js b/actionview/test/ujs/public/test/settings.js index 3375456f11..c68ca24d6a 100644 --- a/actionview/test/ujs/public/test/settings.js +++ b/actionview/test/ujs/public/test/settings.js @@ -76,7 +76,7 @@ try { } $.fn.extend({ - // trigger an native click event + // trigger a native click event triggerNative: function(type, options) { var el = this[0], event, |