| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
Where appropriate, prefer the more concise Regexp#match?,
String#include?, String#start_with?, or String#end_with?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In PR #24929 the changelog was updated to make note that while the new
template handler was changed to raw this changed the behavior when
outputting plain html or js files. Previously ERB would output the files
unescaped. Changing the default handler to RAW meant that these same
files would be rendered as escaped rather than as js or html.
Because of this change in behavior and after the discussion #24949 in we
decided to change the behavior of the Raw handler to output html_safe
strings by default.
Now files rendered with the default handler (raw) render the file
unescaped.
|
|
|
|
|
|
| |
Using locals will cause layouts to be cached multiple times in the
template cache. This commit removes locals from consideration when
looking up the layout.
|
|
|
|
|
|
|
| |
Object#inspect recursively inspects instance variables, exposing all
internal state, including sensitive internal cache objects. Override
Cache#inspect to give a high-level summary that never interferes with
concurrent cache writes.
|
|
|
|
|
| |
initially set is used for template type https://github.com/rails/rails/commit/67f55e28
after this commit https://github.com/rails/rails/commit/91f2ad36 it’s not require
|
|
|
|
|
|
|
|
| |
`OptimizedFileSystemResolver` (which most Rails apps use), but did not
implement the feature on the more generic `PathResolver`, which is often
used in tests etc.
Fixes #23881
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Conceptually revert #20276
The feature was implemented for the `responders` gem. In the end,
they did not need that feature, and have found a better fix (see
plataformatec/responders#131).
`ImplicitRender` is the place where Rails specifies our default
policies for the case where the user did not explicitly tell us
what to render, essentially describing a set of heuristics. If
the gem (or the user) knows exactly what they want, they could
just perform the correct `render` to avoid falling through to
here, as `responders` did (the user called `respond_with`).
Reverting the patch allows us to avoid exploding the complexity
and defining “the fallback for a fallback” policies.
2. `respond_to` and templates are considered exhaustive enumerations
If the user specified a list of formats/variants in a `respond_to`
block, anything that is not explicitly included should result
in an `UnknownFormat` error (which is then caught upstream to
mean “406 Not Acceptable” by default). This is already how it
works before this commit.
Same goes for templates – if the user defined a set of templates
(usually in the file system), that set is now considered exhaustive,
which means that “missing” templates are considered `UnknownFormat`
errors (406).
3. To keep API endpoints simple, the implicit render behavior for
actions with no templates defined at all (regardless of formats,
locales, variants, etc) are defaulted to “204 No Content”. This
is a strictly narrower version of the feature landed in #19036 and
#19377.
4. To avoid confusion when interacting in the browser, these actions
will raise an `UnknownFormat` error for “interactive” requests
instead. (The precise definition of “interactive” requests might
change – the spirit here is to give helpful messages and avoid
confusions.)
Closes #20666, #23062, #23077, #23564
[Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having collection caching that wraps templates and automatically tries
to infer if they are cachable proved to be too much of a hassle.
We'd rather have it be something you explicitly turn on.
This removes much of the code and docs to explain the previous automatic
behavior.
This change also removes scoped cache keys and passing cache_options.
|
|
|
|
|
|
|
| |
- Changed formatted_code_for to return array of logs to be tagged for each line
- Changed some render tests to match new behaviour of return
Fixes #22979
|
|\
| |
| | |
Fix edge case with ActionView::Template::Error reraise
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you re-raise an ActionView::Template::Error, the #cause can change.
You can see this behaviour with [nack]. Currently, `web-console` doesn't
run the console in the proper binding in the case of errors in the
views, because when we follow the `#cause` of the exception it is an
[`EOFError`][EOFError].
This also affects [pow] as it runs on [nack].
[nack]: https://github.com/josh/nack
[pow]: http://pow.cx/
[EOFError]: https://github.com/josh/nack/blob/d523cc870c0a11dcf349388a15adfecba9314f97/lib/nack/server.rb#L108
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| |/
| |
| |
| |
| |
| | |
rails view directory
CVE-2016-0752
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A Set can't be implicitly converted into an Array:
```
irb(main):012:0> formats = [ :rss ]
=> [:rss]
irb(main):013:0> formats &= SET.symbols
TypeError: no implicit conversion of Set into Array
from (irb):13:in `&'
from (irb):13
from /Users/kasperhansen/.rbenv/versions/2.2.3/bin/irb:11:in `<main>'
```
Besides `Mime::SET.symbols` returns an Array, so we're closer to that.
|
| |
| |
| |
| | |
Match `Mime::SET.symbols`.
|
| |
| |
| |
| | |
If they aren't symbols, then they aren't likely to be in the set anyway.
|
| |
| |
| |
| | |
We'll be using this to map over to Action Dispatch's Mime::Set.
|
| |
| |
| |
| |
| | |
The template types is a private abstraction to fill in basic blanks from Action Dispatch's
mime types. As such we can modify the data structure ourselves.
|
| |
| |
| |
| |
| |
| | |
Spares a to_sym call by aliasing to_sym to ref.
Then the delegate felt meager for one method; ditch and define method ourselves.
|
| |
| |
| |
| |
| |
| |
| | |
The @symbol has already been converted to a symbol in initialize, so no need to call to_sym
when comparing it.
Ditch early return for a simple unless statement.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We delegate to_sym to the internal symbol, which we've already called to_sym on in
initialize, so we don't need to do that.
We also know to_sym will never return a falsy value, so we'll never hit to_s.
Just return the symbolized symbol.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This fixes the case when you try to render an html you know safe and the
file is named something.html. With this commit the content of the html
won't be escaped anymore because AV won't use Raw handler and choose
Html handler instead.
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
The thread_safe gem is being deprecated and all its code has been merged
into the concurrent-ruby gem. The new class, Concurrent::Map, is exactly
the same as its predecessor except for fixes to two bugs discovered
during the merge.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I wrote a utility that helps find areas where you could optimize your program using a frozen string instead of a string literal, it's called [let_it_go](https://github.com/schneems/let_it_go). After going through the output and adding `.freeze` I was able to eliminate the creation of 1,114 string objects on EVERY request to [codetriage](codetriage.com). How does this impact execution?
To look at memory:
```ruby
require 'get_process_mem'
mem = GetProcessMem.new
GC.start
GC.disable
1_114.times { " " }
before = mem.mb
after = mem.mb
GC.enable
puts "Diff: #{after - before} mb"
```
Creating 1,114 string objects results in `Diff: 0.03125 mb` of RAM allocated on every request. Or 1mb every 32 requests.
To look at raw speed:
```ruby
require 'benchmark/ips'
number_of_objects_reduced = 1_114
Benchmark.ips do |x|
x.report("freeze") { number_of_objects_reduced.times { " ".freeze } }
x.report("no-freeze") { number_of_objects_reduced.times { " " } }
end
```
We get the results
```
Calculating -------------------------------------
freeze 1.428k i/100ms
no-freeze 609.000 i/100ms
-------------------------------------------------
freeze 14.363k (± 8.5%) i/s - 71.400k
no-freeze 6.084k (± 8.1%) i/s - 30.450k
```
Now we can do some maths:
```ruby
ips = 6_226k # iterations / 1 second
call_time_before = 1.0 / ips # seconds per iteration
ips = 15_254 # iterations / 1 second
call_time_after = 1.0 / ips # seconds per iteration
diff = call_time_before - call_time_after
number_of_objects_reduced * diff * 100
# => 0.4530373333993266 miliseconds saved per request
```
So we're shaving off 1 second of execution time for every 220 requests.
Is this going to be an insane speed boost to any Rails app: nope. Should we merge it: yep.
p.s. If you know of a method call that doesn't modify a string input such as [String#gsub](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37) please [give me a pull request to the appropriate file](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37), or open an issue in LetItGo so we can track and freeze more strings.
Keep those strings Frozen
![](https://www.dropbox.com/s/z4dj9fdsv213r4v/let-it-go.gif?dl=1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a template includes `# Template Collection: ...` anywhere in its
source, that name will be used as the cache name for the partial that is
rendered for the collection.
This allows users to enable collection caching even if the template
doesn't start with `<% cache ... do %>`.
Moreover, the `# Template Collection: ...` notation is recognized in all
template types (and template types other than ERB can define a
resource_cache_call_pattern method to allow the `cache ... do` pattern
to be recognized too).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The regular expression which was used to detect partial templates that
begin with a `<% cache ... do %>` call missed some cases. This commits
attempts to improve the detection for some cases such as multi-line
comments at the beginning of the template. The different templates are
listed in two new unit test methods.
Note that specially crafted Ruby code can still evade such `cache`-call
detection: for example, a user might have its own method which itself
calls the Rails `cache` helper. In such a case, the template's code
doesn't start with a literal `cache` string and therefore will not be
eligible for collection caching.
|
|
|
|
| |
Just saw these in passing while reading this file.
|
|
|
|
| |
Colons are not metacharacters.
|
|\
| |
| |
| |
| | |
JackDanger/danger/use-default-view-pattern-in-docs
[docs] Using the real resolver pattern in docs
|
| |
| |
| |
| |
| |
| |
| |
| | |
If someone copies the docs into their app they'll find it simply doesn't
work because the locale pattern doesn't have the same logic. This makes
the doc examples work exactly as written.
[ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://github.com/ruby/ruby/pull/579 - there is a new optimization
since ruby 2.2
Previously regexp patterns were faster (since a string was converted to
regexp underneath anyway). But now string patterns are faster and
better reflect the purpose.
Benchmark.ips do |bm|
bm.report('regexp') { 'this is ::a random string'.gsub(/::/, '/') }
bm.report('string') { 'this is ::a random string'.gsub('::', '/') }
bm.compare!
end
# string: 753724.4 i/s
# regexp: 501443.1 i/s - 1.50x slower
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Collections can take advantage of `multi_read` if they render one template
and their partials begin with a cache call.
The cache call must correspond to either what the collections elements are
rendered as, or match the inferred name of the partial.
So with a notifications/_notification.html.erb template like:
```ruby
<% cache notification %>
<%# ... %>
<% end %>
```
A collection would be able to use `multi_read` if rendered like:
```ruby
<%= render @notifications %>
<%= render partial: 'notifications/notification', collection: @notifications, as: :notification %>
```
|
| |
| |
| |
| |
| | |
Now that we only support Ruby 2.2+ we don't need this conditional
anymore
|
| |
| |
| |
| | |
These requires were added only to change deprecation message
|
| |
| |
| |
| |
| | |
Files without a template handler in their extension will be rended
using the raw handler instead of ERB.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
I grepped the source code for code snippets wrapped in backticks in the comments
and replaced the backticks with plus signs so they are correctly displayed in
the Rails documentation.
[ci skip]
|
|/
|
|
| |
Now ActionView accepts <%= foo(){ %> and <%= foo()do %> :golf:
|
| |
|