aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #32018 from rails/add-nonce-support-to-cspAndrew White2018-02-228-13/+68
|\ | | | | Add support for automatic nonce generation for Rails UJS
| * Add support for automatic nonce generation for Rails UJSAndrew White2018-02-198-13/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* | We should call methods with `.method_name` not `::method_name`.utilum2018-02-221-1/+1
|/ | | | | | Found several instances. Follow up on 63d530c5e68a8cf53603744789f53ccbc7ac1a0e
* Rails 6 requires Ruby 2.4.1+Jeremy Daer2018-02-173-5/+8
| | | | | | Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug. References #32028
* Clean up and consolidate .gitignoresbogdanvlviv2018-02-174-4/+5
| | | | | | | | | | | | | | | | * Global ignores at toplevel .gitignore * Component-specific ignores in each toplevel directory * Remove `actionview/test/tmp/.keep` for JRuby ``` rm actionview/test/tmp/ -fr cd actionview/ bundle exec jruby -Itest test/template/digestor_test.rb ``` Related to #11743, #30392. Closes #29978.
* Rails 6 requires Ruby 2.3+Jeremy Daer2018-02-171-6/+1
|
* Remove support to Ruby 2.2Rafael Mendonça França2018-02-161-1/+1
| | | | Rails 6 will only support Ruby >= 2.3.
* Fix `as` attribute value for preload linkbogdanvlviv2018-01-311-1/+1
| | | | | | `as` attribute value should be `style` for stylesheet preload link See https://w3c.github.io/preload/#as-attribute
* Start Rails 6.0 development!!!Rafael Mendonça França2018-01-303-81/+5
| | | | :tada::tada::tada:
* Update rails-ujs readmeMike Fiedler2018-01-291-1/+1
| | | Link to W3C reference was broken, this uses the latest URL, along with HTTPS.
* Use assert_predicate and assert_not_predicateDaniel Colson2018-01-2517-89/+89
|
* Fix typo in API document FormHelper#fieldskami-zh2018-01-251-4/+3
| | | | | - Fix typo - Adjust output example to other example's format
* Fix typos. Improve text_helper documentation.James Lovejoy2018-01-191-4/+4
| | | | [ci skip]
* Enable autocorrect for `Lint/EndAlignment` copKoichi ITO2018-01-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### Summary This PR changes .rubocop.yml. Regarding the code using `if ... else ... end`, I think the coding style that Rails expects is as follows. ```ruby var = if cond a else b end ``` However, the current .rubocop.yml setting does not offense for the following code. ```ruby var = if cond a else b end ``` I think that the above code expects offense to be warned. Moreover, the layout by autocorrect is unnatural. ```ruby var = if cond a else b end ``` This PR adds a setting to .rubocop.yml to make an offense warning and autocorrect as expected by the coding style. And this change also fixes `case ... when ... end` together. Also this PR itself is an example that arranges the layout using `rubocop -a`. ### Other Information Autocorrect of `Lint/EndAlignment` cop is `false` by default. https://github.com/bbatsov/rubocop/blob/v0.51.0/config/default.yml#L1443 This PR changes this value to `true`. Also this PR has changed it together as it is necessary to enable `Layout/ElseAlignment` cop to make this behavior.
* Fix typos, update documentationJames Lovejoy2018-01-113-24/+30
| | | | [ci skip]
* Revert unintentional change in 41e3bbdJavan Makhmali2018-01-011-1/+1
|
* Improve `preventDefault` fix for rails-ujsJavan Makhmali2018-01-011-6/+11
| | | | | | | | Improves 049a3374aa85f33091f0e7cba8635edd4b4786bd: * Attempt native `preventDefault()` before stepping in * Fix that calling `preventDefault()` more than once would throw an error * Fix that non-cancelable events could be canceled
* Bump license years for 2018Yoshiyuki Hirano2017-12-313-3/+3
|
* Remove needless blank lines [ci skip]Ryuta Kamizono2017-12-301-2/+0
| | | | This broke the doc.
* Merge pull request #31578 from ↵George Claghorn2017-12-293-4/+34
|\ | | | | | | | | Aquaj/feature/allow-callables-in-select-group-methods Allow the use of callable objects as group methods for grouped selects.
| * Allow the use of callable objects as group methods for grouped selects.Jérémie Bonal2017-12-273-4/+34
| | | | | | | | | | | | Replaced the uses of `group.send(...)` in `option_groups_from_collection_for_select` by calls to `value_for_collection(group, ...)`, allowing the use of procs, lambdas and other callable objects as parameters.
* | Fix IE 10 and IE 11's broken `preventDefault`Yuri S2017-12-271-0/+5
| | | | | | | | https://github.com/turbolinks/turbolinks/issues/233 https://stackoverflow.com/questions/23349191/event-preventdefault-is-not-working-in-ie-11-for-custom-events
* | Suppress `warning: BigDecimal.new is deprecated`Yasuo Honda2017-12-152-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `BigDecimal.new` has been deprecated in BigDecimal 1.3.3 which will be a default for Ruby 2.5. Refer https://github.com/ruby/bigdecimal/commit/533737338db915b00dc7168c3602e4b462b23503 * This commit has been made as follows: ``` cd rails git grep -l BigDecimal.new | grep -v guides/source/5_0_release_notes.md | grep -v activesupport/test/xml_mini_test.rb | xargs sed -i -e "s/BigDecimal.new/BigDecimal/g" ``` - `activesupport/test/xml_mini_test.rb` Editmanually to remove `.new` and `::` - guides/source/5_0_release_notes.md This is a Rails 5.0 release notes.
* | Merge pull request #31289 from witlessbird/fips-compatibilityEileen M. Uchitelle2017-12-141-1/+1
|\ \ | | | | | | Initial support for running Rails on FIPS-certified systems
| * | Introduced `ActiveSupport::Digest` that allows to specify hash function ↵Dmitri Dolguikh2017-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | implementation and defaults to `Digest::MD5`. Replaced calls to `::Digest::MD5.hexdigest` with calls to `ActiveSupport::Digest.hexdigest`.
* | | Enable `Layout/LeadingCommentSpace` to not allow cosmetic changes in the futureRyuta Kamizono2017-12-143-3/+3
| | | | | | | | | | | | Follow up of #31432.
* | | Enable `Layout/SpaceBeforeComma` rubocop rule, and fixed moreRyuta Kamizono2017-12-123-5/+5
| | | | | | | | | | | | Follow up of #31390.
* | | Merge pull request #30361 from mfo/masterEileen M. Uchitelle2017-12-114-1/+25
|\ \ \ | | | | | | | | StreamingTemplateRenderer fails to forward I18n.locale in layouts
| * | | fix(streaming_template_renderer): I18n.locale broken in layout. I18n gem ↵mfo2017-11-254-1/+25
| | | | | | | | | | | | | | | | stores the current locale in Thread.current[:local] (see: https://github.com/svenfuchs/i18n/blob/master/lib/i18n.rb#L23). StreamingTemplateRenderer is implemented with Fiber which have its own stack of locals and can not access Thread.current.locals(keys, see: https://ruby-doc.org/core-2.2.0/Thread.html#class-Thread-label-Fiber-local+vs.+Thread-local).
* | | | docs: add example for a nil name in link_tomaciej-ka2017-12-071-0/+5
| |_|/ |/| |
* | | Tweaks CHANGELOGs [ci skip]Ryuta Kamizono2017-12-011-1/+1
| |/ |/|
* | Add preload_link_tag helper.Guillermo Iguaran2017-11-283-0/+98
| | | | | | | | | | | | | | | | | | | | | | This helper creates a link tag with preload keyword that allows to browser to initiate early fetch of resources. Additionally this send Early Hints if supported. See https://github.com/rails/rails/pull/30744/commits/59a02fb7bcbe68f26e1e7fdcec45c00c66e4a065 for more details about Early Hints. Preload spec: https://w3c.github.io/preload/
* | Make sure the request exist befoe trying to send early hintsRafael Mendonça França2017-11-282-2/+32
| | | | | | | | | | | | | | Action Mailer context for example responds to request but don't have a a request object. Fixes #31265
* | Preparing for 5.2.0.beta2 releaseRafael Mendonça França2017-11-283-2/+7
| |
* | Fix typos and add a few suggestionsFatos Morina2017-11-283-13/+13
| |
* | Preparing for 5.2.0.beta1 releaseRafael Mendonça França2017-11-273-2/+4
| |
* | Make form_with_generates_ids default value to be falseRafael Mendonça França2017-11-272-1/+10
| | | | | | | | | | This will keep the behavior of an application with the defaults of a 4.2 or 5.0 application behaving the same when upgrading to 5.2.
* | Enable `Style/DefWithParentheses` rubocop ruleRyuta Kamizono2017-11-272-2/+2
|/ | | | | | | The def with blank `()` was newly added in #31176, but we have not used the blank `()` style in most part of our code base. So I've enabled `Style/DefWithParentheses` to prevent to newly added the code.
* Add test to make sure form_for is not affected byRafael Mendonça França2017-11-251-0/+32
| | | | form_with_generates_ids
* Make sure that form_with_generates_ids only affects form_withRafael Mendonça França2017-11-255-3/+9
|
* Make form_with_generates_ids default in Rails 5.2Rafael Mendonça França2017-11-251-3/+1
| | | | | When the defaults being loaded are the 5.0 or 5.1 we disable generation of ids with form_with.
* Change `form_with` to generates ids by defaultnpezza932017-11-259-225/+245
| | | | | | | | | | When `form_with` was introduced we disabled the automatic generation of ids that was enabled in `form_for`. This usually is not an good idea since labels don't work when the input doesn't have an id and it made harder to test with Capybara. You can still disable the automatic generation of ids setting `config.action_view.form_with_generates_ids` to `false.`
* Fix asset url examples [ci skip]Ryuta Kamizono2017-11-151-6/+6
|
* Merge pull request #30963 from ↵Rafael França2017-11-141-1/+14
|\ | | | | | | | | q-centrix/performance-improvements-add_method_to_attributes Performance improvements for add_method_to_attributes!
| * Performance improvements for add_method_to_attributes!Dillon Welch2017-11-071-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents two string allocations per method call for common REST verbs plus a ~1.5x speedup for :get in particular ```ruby begin require "bundler/inline" rescue LoadError => e $stderr.puts "Bundler version 1.10 or later is required. Please update your Bundler" raise e end gemfile(true) do source "https://rubygems.org" gem "benchmark-ips" gem "rails" end def allocate_count GC.disable before = ObjectSpace.count_objects yield after = ObjectSpace.count_objects after.each { |k,v| after[k] = v - before[k] } after[:T_HASH] -= 1 # probe effect - we created the before hash. GC.enable result = after.reject { |k,v| v == 0 } GC.start result end @html_options = {} def master_version if @method && @method.to_s.downcase != "get" && @html_options["rel".freeze] !~ /nofollow/ @html_options["rel".freeze] = "#{@html_options["rel".freeze]} nofollow".lstrip end @html_options["data-method".freeze] = @method end def fast_version if method_not_get_method?(@method) && @html_options["rel".freeze] !~ /nofollow/ @html_options["rel".freeze] = "#{@html_options["rel".freeze]} nofollow".lstrip end @html_options["data-method".freeze] = @method end STRINGIFIED_COMMON_METHODS = { get: 'get', delete: 'delete', patch: 'patch', post: 'post', put: 'put', }.freeze def method_not_get_method?(method) return false unless method (STRINGIFIED_COMMON_METHODS[method] || method.to_s.downcase) != 'get' end puts 'get' @method = :get puts "master_version" puts allocate_count { 1000.times { master_version } } puts "fast_version" puts allocate_count { 1000.times { fast_version } } Benchmark.ips do |x| x.report("master_version") { master_version } x.report("fast_version") { fast_version } x.compare! end puts 'delete' @method = :delete puts "master_version" puts allocate_count { 1000.times { master_version } } puts "fast_version" puts allocate_count { 1000.times { fast_version } } Benchmark.ips do |x| x.report("master_version") { master_version } x.report("fast_version") { fast_version } x.compare! end ``` ``` get master_version {:FREE=>-1819, :T_STRING=>2052} fast_version {:FREE=>-1} Warming up -------------------------------------- master_version 140.839k i/100ms fast_version 175.639k i/100ms Calculating ------------------------------------- master_version 2.683M (± 7.1%) i/s - 13.380M in 5.013447s fast_version 3.988M (±10.1%) i/s - 19.847M in 5.039580s Comparison: fast_version: 3988340.3 i/s master_version: 2683336.2 i/s - 1.49x slower delete master_version {:FREE=>-5003, :T_STRING=>3003, :T_MATCH=>999, :T_IMEMO=>1000} fast_version {:FREE=>-3002, :T_STRING=>1001, :T_MATCH=>1000, :T_IMEMO=>1000} Warming up -------------------------------------- master_version 47.221k i/100ms fast_version 44.153k i/100ms Calculating ------------------------------------- master_version 597.881k (±11.4%) i/s - 2.975M in 5.047200s fast_version 686.014k (±11.6%) i/s - 3.400M in 5.036564s Comparison: fast_version: 686014.5 i/s master_version: 597881.4 i/s - same-ish: difference falls within error ```
* | Use new Rake URL of Ruby core [ci skip]aycabta2017-11-101-1/+1
| |
* | Merge pull request #31088 from neumayr/am-helper-missing-field_with_errorsRafael França2017-11-094-3/+104
|\ \ | | | | | | field_error_proc wrap form select optgroup and separator option
| * | Fix field_error_proc wrap form select optgroup and divider option tagneumayr2017-11-094-3/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### Summary The [`:field_error_proc`](https://github.com/rails/rails/blob/master/actionview/lib/action_view/base.rb#L145) is responsible for decorating input tags that refer to attributes with errors. This default build-in rails feature wrap invalid form elements with additional markup: `<div class="field_with_errors">[…]</div>`. * Fix for `field_error_proc` wraps form select `optgroup` * Fix for `field_error_proc` wraps form select divider `option` * Add tests for uncovered elements with errors [Fixes #31088] #### Test coverage * `test_select_grouped_options_with_errors` * `test_time_zone_select_with_priority_zones_and_errors` #### Extend test coverage * `test_collection_select_with_errors` * `test_label_with_errors` * `test_check_box_with_errors` * `test_check_boxes_with_errors` * `test_radio_button_with_errors` * `test_radio_buttons_with_errors` * `test_collection_check_boxes_with_errors` * `test_collection_radio_buttons_with_errors`
* | | Correctly kill the server started with ujs testyuuji.yaginuma2017-11-091-2/+2
|/ / | | | | | | | | | | | | | | | | | | `Kernel.#spawn` execute command via the shell if contains shell metacharacters in the command. In that case, return value of `spawn` is pid of the shell, not the server. Therefore, just killing the pid will leave the process of server. In order to correctly kill the server, send a signal to the process group, not the process.
* / Fix output of `select_tag` with `include_blank: true` [ci skip]yuuji.yaginuma2017-11-081-1/+1
|/ | | | | Since #24923, if use `select_tag` with `include_blank: true`, an empty label is added.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 20:21:23 +0000