| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
gsamokovarov/views-without-defined-protect-against-forgery
Don't expect defined protect_against_forgery? in {token,csrf_meta}_tag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `#csrf_meta_tags` and `#token_tag` Action View helper methods are
expecting the class in which are included to explicitly define the
method `#protect_against_forgery?` or else they will fail with
`NoMethodError`.
This is a problem if you want to use Action View outside of Rails
applications. For example, in #34788 I used the `#button_to` helper
inside of the error pages templates that have a custom
`ActionView::Base` subclass, which did not defined
`#protect_against_forgery?` and trying to call the button failed.
I had to dig inside of Action View to find-out what's was going on. I
think we should either set a default method implementation in the
helpers or check for the method definition, but don't explicitly require
the presence of `#protect_against_forgery?` in every `ActionViews::Base`
subclass as the errors are hard to figure out.
|
|/ |
|
|
|
|
|
|
|
|
| |
Because method arguments are different in the methods provided by form
helpers and form builders, I think these are necessary to prevent
confusion.
Fixes #34787
|
|
|
|
|
| |
* Fix integer regex deprecation warnings for Ruby 2.6.0
* Define =~ in FakeZone to avoid warnings from Ruby 2.6.0
|
|
|
|
|
|
| |
since Ruby 2.5
https://bugs.ruby-lang.org/issues/14133
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
side of long lines; Fixes #34487
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of maxlength in the text_field helper adds a size attribute
to the generated text_field input with the same value as the maxlength.
This implicit addition of size attribute by the method gives a false
impression that it may be bug. By adding the implementation of the
maxlength to the api docs, we explicitly tell the reader referring the
api doc that addition of size along with maxlength is the expected behaviour.
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This PR adds the allocations to the instrumentation for template and
partial rendering.
Before:
```
Rendering posts/new.html.erb within layouts/application
Rendered posts/_form.html.erb (9.7ms)
Rendered posts/new.html.erb within layouts/application (10.9ms)
Completed 200 OK in 902ms (Views: 890.8ms | ActiveRecord: 0.8ms)
```
After:
```
Rendering posts/new.html.erb within layouts/application
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
```
|
|\
| |
| |
| |
| | |
Jcambass/fix-only-path-option-in-url-for-with-arrays
respect only_path option when an array is passed into url_for
|
| |
| |
| |
| |
| |
| |
| |
| | |
The url_for method is now extracting the path_only option in order to determine if polymorphic_path or polymorphic_url should be called.
If the path_only option is not set it will be set to true unless the host option is set. This behaviour is the same as when a Hash or Params object is passed.
To support this unifying the code responsible for setting this default value has been extracted into a private method
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: `Layout/TrailingWhitespace: Trailing whitespace detected.
See https://codeclimate.com/github/rails/rails/issues
Releted to b707a6d0eb7
|
| | |
|
|\ \
| | |
| | | |
Add `Style/RedundantFreeze` to remove redudant `.freeze`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.
* Exclude these files not to auto correct false positive `Regexp#freeze`
- 'actionpack/lib/action_dispatch/journey/router/utils.rb'
- 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'
It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.
* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required
- 'actionpack/test/controller/test_case_test.rb'
- 'activemodel/test/cases/type/string_test.rb'
- 'activesupport/lib/active_support/core_ext/string/strip.rb'
- 'activesupport/test/core_ext/string_ext_test.rb'
- 'railties/test/generators/actions_test.rb'
|
| | |
|
|/
|
|
| |
the parallel tests (#34030)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`.
```ruby
# frozen_string_literal: true
require "bundler/inline"
gemfile(true) do
source "https://rubygems.org"
gem "benchmark-ips"
end
Benchmark.ips do |x|
x.report('+@') { +"" }
x.report('dup') { "".dup }
x.compare!
end
```
```
$ ruby -v benchmark.rb
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
Warming up --------------------------------------
+@ 282.289k i/100ms
dup 187.638k i/100ms
Calculating -------------------------------------
+@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s
dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s
Comparison:
+@: 6775299.3 i/s
dup: 3320400.7 i/s - 2.04x slower
```
|
|\
| |
| | |
Let escape_javascript handle conversion to string
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This brings `escape_javascript` in line with the behavior of `json_escape` and
allows other value types to be output without needing explicit casting in the
view template.
Example:
<%= javascript_tag do %>
var locale = '<%== j I18n.locale %>'; // locale is a symbol
<% end %>
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On every iteration of generating a cache for a collection a “digest path” is calculated even though it’s exactly the same for every element.
This PR exposes a method `digest_path_from_virtual` that returns back a “digest_path”. This can in turn be passed back into `cache_fragment_name`. This not only does less work, but it also (you guessed it) uses less memory.
before: Total allocated: 762539 bytes (7035 objects)
after: Total allocated: 743590 bytes (6621 objects)
(762539 - 743590)/ 762539.0 # => 2.4% faster ⚡️⚡️
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When no dependencies are present to be digested there is no reason to build an array just to turn around and turn it back into a string.
The dependencies array is not mutated in this method so we can use the same empty array across all invocations.
Total allocated: 791402 bytes (7294 objects)
Total allocated: 777442 bytes (7132 objects)
(791402 - 777442) / 791402.0 # => 1.76 % speed improvement
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Finish converting whitelist and blacklist references
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
|\ \
| | |
| | |
| | | |
Use public_send in value_for_collection
|
| | |
| | |
| | |
| | |
| | | |
Instead of dropping it completely in case someone is relying (probably
inadvertenly) on it.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid exposing private methods in view's helpers. However, as
`extract_values_from_collection` is only called from
`options_from_collection_for_select` where `value_for_collection` is
previously called, this case was already covered. The change makes
anyway sense for consistency and in case the code changes in the
future.
|
| |/
| |
| |
| |
| |
| | |
Avoid exposing private methods in view's helpers.
Fixes https://github.com/rails/rails/issues/33546
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
emaxi/feature/add-missing-documentation-option-to-number-to-currency
Add missing documentation option to number_to_currency
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | | |
To prevent style check in review like https://github.com/rails/rails/pull/33608#discussion_r211087605.
|
| |/
|/| |
|
| |
| |
| |
| |
| | |
This commit follows the path we started at commit #ea4f0e2
and continued at PR #33229.
|
| |
| |
| |
| |
| | |
In cases where the MatchData object is not used, this provides a speed-up:
https://github.com/JuanitoFatas/fast-ruby/#stringmatch-vs-stringmatch-vs-stringstart_withstringend_with-code-start-code-end
|
|\ \
| | |
| | | |
Keep time_tag docs up-to-date.
|
| | |
| | |
| | |
| | |
| | | |
The pubdate attribute was removed from the spec, see
940eec417f20e53abd3e3114c7fa845dac0d3a62 for context.
|
| | |
| | |
| | |
| | |
| | | |
Special form_with attributes `skip_default_ids` and `allow_method_names_outside_object`
attributes are leaking into html attributes of option select tag helpers.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`button_to` was throwing exception when invoked with `params` hash that
contains symbol and string keys. The reason for the exception was that
`to_form_params` was comparing the given symbol and string keys.
The issue is fixed by turning all keys to strings inside
`to_form_params` before comparing them.
|
| | |
| | |
| | | |
Related to https://github.com/rails/rails/pull/24386#issuecomment-403926683
|