| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.
* Exclude these files not to auto correct false positive `Regexp#freeze`
- 'actionpack/lib/action_dispatch/journey/router/utils.rb'
- 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'
It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.
* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required
- 'actionpack/test/controller/test_case_test.rb'
- 'activemodel/test/cases/type/string_test.rb'
- 'activesupport/lib/active_support/core_ext/string/strip.rb'
- 'activesupport/test/core_ext/string_ext_test.rb'
- 'railties/test/generators/actions_test.rb'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`.
```ruby
# frozen_string_literal: true
require "bundler/inline"
gemfile(true) do
source "https://rubygems.org"
gem "benchmark-ips"
end
Benchmark.ips do |x|
x.report('+@') { +"" }
x.report('dup') { "".dup }
x.compare!
end
```
```
$ ruby -v benchmark.rb
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
Warming up --------------------------------------
+@ 282.289k i/100ms
dup 187.638k i/100ms
Calculating -------------------------------------
+@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s
dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s
Comparison:
+@: 6775299.3 i/s
dup: 3320400.7 i/s - 2.04x slower
```
|
|
|
|
| |
Caused at 9276ea89d2b0be9fdd1ad6590857f8d45a38c267.
|
|
|
|
|
|
|
| |
Or it would raise if the argument was frozen.
And even with this change, it would still reduce String allocations together with 9276ea89d2b0be9fdd1ad6590857f8d45a38c267
because `escape` should be `true` in most cases
|
|
|
|
|
| |
This method is called against each tag option for each tag,
and creates an extra garbage String per each call
|
|
|
|
|
|
|
|
| |
The spacing in these comments is fairly inconsistent. Array argument
contents are often separated with a space from the array literal
brackets but in several cases the Hash literal curly braces are tangent
to their contents which makes the documentation harder to read in some
cases.
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up to 454460e.
Rebuild the sentence so the bit about only symbols allowed comes less
out of left field and fits in better with the existing doc.
Also remove the `(Legacy syntax)` construct. The sections are properly
nested under `=== Options` with `====` and look fine on the generated
API doc site.
|
|
|
|
|
|
|
|
|
|
| |
[ci skip]
See https://github.com/rails/rails/issues/26518#issuecomment-252826489
@dhh:
> I'd support symbol-only keys going forward with these new APIs.
> We can break with the past here since the tag proxy is new and so is form_with.
|
|
|
|
|
|
| |
Freeze string literals and use String instead of
Regex inside gsub call. This should improve performance from 20% up to
50% on most cases.
|
| |
|
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
| |
Fix a link to use RDoc syntax and make sure that the titles' level
match the section we are in since we are both documenting the new
and the legacy syntax.
|
|\
| |
| | |
25543 docs cleanup
|
| |
| |
| |
| |
| |
| |
| | |
- Remove repetative docs
- Fix grammar on sentences
- Add escaping for literals
[ci skip]
|
| | |
|
| |
| |
| |
| | |
Removes littering `freeze` calls with Ruby 2.3's magic comment.
|
|\ \
| | |
| | | |
Bring Boolean Attributes list for AV Tags helper upto speed with current spec
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This is based on https://github.com/kangax/html-minifier/blob/6b2d4536d82819143b468b41a89c700b6c61631f/src/htmlminifier.js#L197 and
spec from https://www.w3.org/TR/html51/single-page.html.
Couple of other changes to tests due to support update:
- autobuffer has been dropped in favour of preload attribute, ref: https://msdn.microsoft.com/en-us/library/ff974743(v=vs.85).aspx
- pubdate attribute has been dropped from spec, ref: https://www.w3.org/html/wg/tracker/issues/185
|
|\ \
| | |
| | | |
Expand list of void elements to match spec
|
| |/
| |
| |
| | |
https://html.spec.whatwg.org/multipage/syntax.html#void-elements
|
|/
|
|
| |
create new content. This should also be inline with content being passed should not be mutable
|
| |
|
|
|
|
|
|
|
|
|
|
| |
if data attribute is nil it is ignored
if value is nil the pair is ignored
if value is nil it is skipped
Improved test for data attr nil
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the `tag_options` method, strings are continuously added to the
`output` string. Previously, we concatenated two strings and added the
generated string to `output`. By adding each of the strings to
`output`, one after the other, we will save the allocation of that
concatenated string.
Benchmark:
require 'benchmark/ips'
sep = " ".freeze
Benchmark.ips do |x|
x.report("string +") {
output = ""
output << sep + "foo"
}
x.report("string <<") {
output = ""
output << sep
output << "foo"
}
x.compare!
end
Results (Ruby 2.2.2):
Calculating -------------------------------------
string + 88.086k i/100ms
string << 94.287k i/100ms
-------------------------------------------------
string + 2.407M (± 5.8%) i/s - 12.068M
string << 2.591M (± 7.0%) i/s - 12.917M
Comparison:
string <<: 2591482.4 i/s
string +: 2406883.7 i/s - 1.08x slower
|
|
|
|
|
|
| |
In the `tag_options` method an array is used to build up elements, then `Array#*` (which is an alias for `Array#join` is called to turn the array into a string. Instead of allocating an array to build a string, we can build the string we want from the beginning.
Saved: 121,743 bytes 893 objects
|
|
|
|
|
|
|
|
|
|
| |
When an unknonwn key is passed to the hash in `PRE_CONTENT_STRINGS` it returns nil, when you call "#{nil}" it allocates a new empty string. We can get around this allocation by using a default value `Hash.new { "".freeze }`. We can avoid the `to_sym` call by pre-populating the hash with a symbol key in addition to a string key.
We can freeze some strings when using Array#* to reduce allocations.
Array#join can take frozen strings.
This change buys us 86,600 bytes of memory and 1,857 fewer objects per request.
|
| |
|
| |
|
|
|
|
|
|
| |
HTML doesn't care what order the elements are rendered in, so why should we?
Updates tests to use proper `assert_dom_equal` instead of `assert_equal` /cc @jeremy
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 6857415187810f1289068a448268264d0cf0844f we are using #safe_join to
join the content when an Array is given, so we must include the dependent
module here to make sure it's available when this module is used alone.
This was making Simple Form tests to fail with current master due to the
missing dependency.
|
|\
| |
| |
| | |
In tag helper, honor html_safe on arrays; also make safe_join more similar to Array.join
|
|/
|
|
| |
similar to Array.join by first calling flatten.
|
|
|
|
|
|
|
|
|
|
| |
before this change, we were allocating AS::SafeBuffer objects that were
being interpolated in to a string, so the safe buffer object was being
thrown away. This change only allocates a string (vs a string *and* a
safebuffer) and interpolates the string.
On my test application, this reduced the AS::SafeBuffer objects from
1527k per request to about 500 per request.
|
| |
|
| |
|
|
|
|
|
| |
Rails 3.2 API allowed arbitrary input for cdata_section;
this change re-introduces the old behaviour.
|
|
|