| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
For inform that need to add `erubis` to gemfile.
|
|
|
|
|
|
|
|
|
|
| |
There are some classes inherit from `ActionView::Template::Handlers::Erubis`.
(ex. https://github.com/haml/haml/blob/4.0.7/lib/haml/helpers/safe_erubis_template.rb#L3)
```
Class.new(ActionView::Template::Handlers::Erubis)
# => TypeError: superclass must be a Class (ActiveSupport::Deprecation::DeprecatedConstantProxy given)
```
|
|\
| |
| | |
Remove unused argument `formats`
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Erubi offers the following advantages for Rails:
* Works with ruby's --enable-frozen-string-literal option
* Has 88% smaller memory footprint
* Does no freedom patching (Erubis adds a method to Kernel)
* Has simpler internals (1 file, <150 lines of code)
* Has an open development model (Erubis doesn't have a
public source control repository or bug tracker)
* Is not dead (Erubis hasn't been updated since 2011)
Erubi is a simplified fork of Erubis that contains just the
parts that are generally needed (which includes the parts
that Rails uses). The only intentional difference in
behavior is that it does not include support for <%=== tags
for debug output. That could be added to the ActionView ERB
handler if it is desired.
The Erubis template handler remains in a deprecated state
so that code that accesses it directly does not break. It
can be removed after Rails 5.1.
|
|/ |
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
| |
|
| |
|
|
|
|
| |
Now Text class is only used to render text mime type pages
|
| |
|
|
|
|
|
|
| |
Regexp#match? should be considered to be part of the Ruby core library. We are
emulating it for < 2.4, but not having to require the extension is part of the
illusion of the emulation.
|
| |
|
|\
| |
| | |
DRYing duplicate methods
|
| | |
|
|/
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But comments was still kept absolute position. This commit aligns
comments with method definitions for consistency.
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
| |
Where appropriate, prefer the more concise Regexp#match?,
String#include?, String#start_with?, or String#end_with?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In PR #24929 the changelog was updated to make note that while the new
template handler was changed to raw this changed the behavior when
outputting plain html or js files. Previously ERB would output the files
unescaped. Changing the default handler to RAW meant that these same
files would be rendered as escaped rather than as js or html.
Because of this change in behavior and after the discussion #24949 in we
decided to change the behavior of the Raw handler to output html_safe
strings by default.
Now files rendered with the default handler (raw) render the file
unescaped.
|
|
|
|
|
|
| |
Using locals will cause layouts to be cached multiple times in the
template cache. This commit removes locals from consideration when
looking up the layout.
|
|
|
|
|
|
|
| |
Object#inspect recursively inspects instance variables, exposing all
internal state, including sensitive internal cache objects. Override
Cache#inspect to give a high-level summary that never interferes with
concurrent cache writes.
|
|
|
|
|
| |
initially set is used for template type https://github.com/rails/rails/commit/67f55e28
after this commit https://github.com/rails/rails/commit/91f2ad36 it’s not require
|
|
|
|
|
|
|
|
| |
`OptimizedFileSystemResolver` (which most Rails apps use), but did not
implement the feature on the more generic `PathResolver`, which is often
used in tests etc.
Fixes #23881
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Conceptually revert #20276
The feature was implemented for the `responders` gem. In the end,
they did not need that feature, and have found a better fix (see
plataformatec/responders#131).
`ImplicitRender` is the place where Rails specifies our default
policies for the case where the user did not explicitly tell us
what to render, essentially describing a set of heuristics. If
the gem (or the user) knows exactly what they want, they could
just perform the correct `render` to avoid falling through to
here, as `responders` did (the user called `respond_with`).
Reverting the patch allows us to avoid exploding the complexity
and defining “the fallback for a fallback” policies.
2. `respond_to` and templates are considered exhaustive enumerations
If the user specified a list of formats/variants in a `respond_to`
block, anything that is not explicitly included should result
in an `UnknownFormat` error (which is then caught upstream to
mean “406 Not Acceptable” by default). This is already how it
works before this commit.
Same goes for templates – if the user defined a set of templates
(usually in the file system), that set is now considered exhaustive,
which means that “missing” templates are considered `UnknownFormat`
errors (406).
3. To keep API endpoints simple, the implicit render behavior for
actions with no templates defined at all (regardless of formats,
locales, variants, etc) are defaulted to “204 No Content”. This
is a strictly narrower version of the feature landed in #19036 and
#19377.
4. To avoid confusion when interacting in the browser, these actions
will raise an `UnknownFormat` error for “interactive” requests
instead. (The precise definition of “interactive” requests might
change – the spirit here is to give helpful messages and avoid
confusions.)
Closes #20666, #23062, #23077, #23564
[Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having collection caching that wraps templates and automatically tries
to infer if they are cachable proved to be too much of a hassle.
We'd rather have it be something you explicitly turn on.
This removes much of the code and docs to explain the previous automatic
behavior.
This change also removes scoped cache keys and passing cache_options.
|
|
|
|
|
|
|
| |
- Changed formatted_code_for to return array of logs to be tagged for each line
- Changed some render tests to match new behaviour of return
Fixes #22979
|
|\
| |
| | |
Fix edge case with ActionView::Template::Error reraise
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you re-raise an ActionView::Template::Error, the #cause can change.
You can see this behaviour with [nack]. Currently, `web-console` doesn't
run the console in the proper binding in the case of errors in the
views, because when we follow the `#cause` of the exception it is an
[`EOFError`][EOFError].
This also affects [pow] as it runs on [nack].
[nack]: https://github.com/josh/nack
[pow]: http://pow.cx/
[EOFError]: https://github.com/josh/nack/blob/d523cc870c0a11dcf349388a15adfecba9314f97/lib/nack/server.rb#L108
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| |/
| |
| |
| |
| |
| | |
rails view directory
CVE-2016-0752
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A Set can't be implicitly converted into an Array:
```
irb(main):012:0> formats = [ :rss ]
=> [:rss]
irb(main):013:0> formats &= SET.symbols
TypeError: no implicit conversion of Set into Array
from (irb):13:in `&'
from (irb):13
from /Users/kasperhansen/.rbenv/versions/2.2.3/bin/irb:11:in `<main>'
```
Besides `Mime::SET.symbols` returns an Array, so we're closer to that.
|
| |
| |
| |
| | |
Match `Mime::SET.symbols`.
|
| |
| |
| |
| | |
If they aren't symbols, then they aren't likely to be in the set anyway.
|
| |
| |
| |
| | |
We'll be using this to map over to Action Dispatch's Mime::Set.
|
| |
| |
| |
| |
| | |
The template types is a private abstraction to fill in basic blanks from Action Dispatch's
mime types. As such we can modify the data structure ourselves.
|
| |
| |
| |
| |
| |
| | |
Spares a to_sym call by aliasing to_sym to ref.
Then the delegate felt meager for one method; ditch and define method ourselves.
|
| |
| |
| |
| |
| |
| |
| | |
The @symbol has already been converted to a symbol in initialize, so no need to call to_sym
when comparing it.
Ditch early return for a simple unless statement.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We delegate to_sym to the internal symbol, which we've already called to_sym on in
initialize, so we don't need to do that.
We also know to_sym will never return a falsy value, so we'll never hit to_s.
Just return the symbolized symbol.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This fixes the case when you try to render an html you know safe and the
file is named something.html. With this commit the content of the html
won't be escaped anymore because AV won't use Raw handler and choose
Html handler instead.
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
The thread_safe gem is being deprecated and all its code has been merged
into the concurrent-ruby gem. The new class, Concurrent::Map, is exactly
the same as its predecessor except for fixes to two bugs discovered
during the merge.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I wrote a utility that helps find areas where you could optimize your program using a frozen string instead of a string literal, it's called [let_it_go](https://github.com/schneems/let_it_go). After going through the output and adding `.freeze` I was able to eliminate the creation of 1,114 string objects on EVERY request to [codetriage](codetriage.com). How does this impact execution?
To look at memory:
```ruby
require 'get_process_mem'
mem = GetProcessMem.new
GC.start
GC.disable
1_114.times { " " }
before = mem.mb
after = mem.mb
GC.enable
puts "Diff: #{after - before} mb"
```
Creating 1,114 string objects results in `Diff: 0.03125 mb` of RAM allocated on every request. Or 1mb every 32 requests.
To look at raw speed:
```ruby
require 'benchmark/ips'
number_of_objects_reduced = 1_114
Benchmark.ips do |x|
x.report("freeze") { number_of_objects_reduced.times { " ".freeze } }
x.report("no-freeze") { number_of_objects_reduced.times { " " } }
end
```
We get the results
```
Calculating -------------------------------------
freeze 1.428k i/100ms
no-freeze 609.000 i/100ms
-------------------------------------------------
freeze 14.363k (± 8.5%) i/s - 71.400k
no-freeze 6.084k (± 8.1%) i/s - 30.450k
```
Now we can do some maths:
```ruby
ips = 6_226k # iterations / 1 second
call_time_before = 1.0 / ips # seconds per iteration
ips = 15_254 # iterations / 1 second
call_time_after = 1.0 / ips # seconds per iteration
diff = call_time_before - call_time_after
number_of_objects_reduced * diff * 100
# => 0.4530373333993266 miliseconds saved per request
```
So we're shaving off 1 second of execution time for every 220 requests.
Is this going to be an insane speed boost to any Rails app: nope. Should we merge it: yep.
p.s. If you know of a method call that doesn't modify a string input such as [String#gsub](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37) please [give me a pull request to the appropriate file](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37), or open an issue in LetItGo so we can track and freeze more strings.
Keep those strings Frozen
![](https://www.dropbox.com/s/z4dj9fdsv213r4v/let-it-go.gif?dl=1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a template includes `# Template Collection: ...` anywhere in its
source, that name will be used as the cache name for the partial that is
rendered for the collection.
This allows users to enable collection caching even if the template
doesn't start with `<% cache ... do %>`.
Moreover, the `# Template Collection: ...` notation is recognized in all
template types (and template types other than ERB can define a
resource_cache_call_pattern method to allow the `cache ... do` pattern
to be recognized too).
|