Rails 7.1.5 (October 30, 2024)
- No changes.
Rails 7.1.4.2 (October 23, 2024)
- No changes.
Rails 7.1.4.1 (October 15, 2024)
- No changes.
Rails 7.1.4 (August 22, 2024)
Action View Test Case
rendered
memoization.Sean Doyle
Restore the ability for templates to return any kind of object and not just strings
Jean Boussier
Fix threading issue with strict locals.
Robert Fletcher
Rails 7.1.3.4 (June 04, 2024)
- No changes.
Rails 7.1.3.3 (May 16, 2024)
- No changes.
Rails 7.1.3.2 (February 21, 2024)
- No changes.
Rails 7.1.3.1 (February 21, 2024)
- No changes.
Rails 7.1.3 (January 16, 2024)
Better handle SyntaxError in Action View.
Mario Caropreso
Fix
word_wrap
with empty string.Jonathan Hefner
Rename
ActionView::TestCase::Behavior::Content
to::ActionView::TestCase::Behavior::RenderedViewContent
.Make
RenderedViewContent
inherit fromString
. Make private API with:nodoc:
.Sean Doyle
Fix detection of required strict locals.
Further fix
render @collection
compatibility with strict localsJean Boussier
Rails 7.1.2 (November 10, 2023)
Fix the
number_to_human_size
view helper to correctly work with negative numbers.Earlopain
Automatically discard the implicit locals injected by collection rendering for template that can't accept them
When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.
Now they are only passed if the template will actually accept them.
Yasha Krasnou, Jean Boussier
Fix
@rails/ujs
callingstart()
an extra time when using bundlersHartley McGuire, Ryunosuke Sato
Fix the
capture
view helper compatibility with HAML and SlimWhen a blank string was captured in HAML or Slim (and possibly other template engines) it would instead return the entire buffer.
Jean Boussier
Rails 7.1.1 (October 11, 2023)
Updated
@rails/ujs
files to ignore certain data-* attributes when element is contenteditable.This fix was already landed in >= 7.0.4.3, < 7.1.0. [CVE-2023-23913]
Ryunosuke Sato
Rails 7.1.0 (October 05, 2023)
- No changes.
Rails 7.1.0.rc2 (October 01, 2023)
- No changes.
Rails 7.1.0.rc1 (September 27, 2023)
Introduce
ActionView::TestCase.register_parser
register_parser :rss, -> rendered { RSS::Parser.parse(rendered) } test "renders RSS" do article = Article.create!(title: "Hello, world") render formats: :rss, partial: article assert_equal "Hello, world", rendered.rss.items.last.title end
By default, register parsers for
:html
and:json
.Sean Doyle
Rails 7.1.0.beta1 (September 13, 2023)
Fix
simple_format
with blankwrapper_tag
option returns plain html tagBy default
simple_format
method returns the text wrapped with<p>
. But if we explicitly specify thewrapper_tag: nil
in the options, it returns the text wrapped with<></>
tag.Before:
simple_format("Hello World", {}, { wrapper_tag: nil }) # <>Hello World</>
After:
simple_format("Hello World", {}, { wrapper_tag: nil }) # <p>Hello World</p>
Akhil G Krishnan, Junichi Ito
Don't double-encode nested
field_id
andfield_name
index valuesPass
index: @options
as a default keyword argument tofield_id
andfield_name
view helper methods.Sean Doyle
Allow opting in/out of
Link preload
headers when callingstylesheet_link_tag
orjavascript_include_tag
# will exclude header, even if setting is enabled: javascript_include_tag("http://example.com/all.js", preload_links_header: false) # will include header, even if setting is disabled: stylesheet_link_tag("http://example.com/all.js", preload_links_header: true)
Alex Ghiculescu
Stop generating
Link preload
headers once it has reached 1KB.Some proxies have trouble handling large headers, but more importantly preload links have diminishing returns so it's preferable not to go overboard with them.
If tighter control is needed, it's recommended to disable automatic generation of preloads and to generate them manually from the controller or from a middleware.
Jean Boussier
simple_format
helper now handles a:sanitize_options
- any extra options you want appending to the sanitize.Before:
simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>") # => "<p><a href=\"http://example.com\">Continue</a></p>"
After:
simple_format("<a target=\"_blank\" href=\"http://example.com\">Continue</a>", {}, { sanitize_options: { attributes: %w[target href] } }) # => "<p><a target=\"_blank\" href=\"http://example.com\">Continue</a></p>"
Andrei Andriichuk
Add support for HTML5 standards-compliant sanitizers, and default to
Rails::HTML5::Sanitizer
in the Rails 7.1 configuration if it is supported.Action View's HTML sanitizers can be configured by setting
config.action_view.sanitizer_vendor
. Supported values areRails::HTML4::Sanitizer
orRails::HTML5::Sanitizer
.The Rails 7.1 configuration will set this to
Rails::HTML5::Sanitizer
when it is supported, and fall back toRails::HTML4::Sanitizer
. Previous configurations default toRails::HTML4::Sanitizer
.Mike Dalessio
config.dom_testing_default_html_version
controls the HTML parser used byActionView::TestCase#document_root_element
, which creates the DOM used by the assertions in Rails::Dom::Testing.The Rails 7.1 default configuration opts into the HTML5 parser when it is supported, to better represent what the DOM would be in a browser user agent. Previously this test helper always used Nokogiri's HTML4 parser.
Mike Dalessio
Add support for the HTML picture tag. It supports passing a
String
, anArray
or a Block. Supports passing properties directly to the img tag via the:image
key. Since the picture tag requires an img tag, the last element you provide will be used for the img tag. For complete control over the picture tag, a block can be passed, which will populate the contents of the tag accordingly.Can be used like this for a single source:
<%= picture_tag("picture.webp") %>
which will generate the following:
<picture> <img src="/images/picture.webp" /> </picture>
For multiple sources:
<%= picture_tag("picture.webp", "picture.png", :class => "mt-2", :image => { alt: "Image", class: "responsive-img" }) %>
will generate:
<picture class="mt-2"> <source srcset="/images/picture.webp" /> <source srcset="/images/picture.png" /> <img alt="Image" class="responsive-img" src="/images/picture.png" /> </picture>
Full control via a block:
<%= picture_tag(:class => "my-class") do %> <%= tag(:source, :srcset => image_path("picture.webp")) %> <%= tag(:source, :srcset => image_path("picture.png")) %> <%= image_tag("picture.png", :alt => "Image") %> <% end %>
will generate:
<picture class="my-class"> <source srcset="/images/picture.webp" /> <source srcset="/images/picture.png" /> <img alt="Image" src="/images/picture.png" /> </picture>
Juan Pablo Balarini
Remove deprecated support to passing instance variables as locals to partials.
Rafael Mendonça França
Remove deprecated constant
ActionView::Path
.Rafael Mendonça França
Guard
token_list
calls from escaping HTML too oftenSean Doyle
select
can now be called with a single hash containing options and some HTML optionsPreviously this would not work as expected:
<%= select :post, :author, authors, required: true %>
Instead you needed to do this:
<%= select :post, :author, authors, {}, required: true %>
Now, either form is accepted, for the following HTML attributes:
required
,multiple
,size
.Alex Ghiculescu
Datetime form helpers (
time_field
,date_field
,datetime_field
,week_field
,month_field
) now accept an instance of Time/Date/DateTime as:value
option.Before:
<%= form.datetime_field :written_at, value: Time.current.strftime("%Y-%m-%dT%T") %>
After:
<%= form.datetime_field :written_at, value: Time.current %>
Andrey Samsonov
Choices of
select
can optionally contain html attributes as the last element of the child arrays when using grouped/nested collections<%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %> # => <select><optgroup label="North America" disabled="disabled"><option value="US">United States</option><option value="CA">Canada</option></optgroup></select>
Chris Gunther
check_box_tag
andradio_button_tag
now acceptchecked
as a keyword argumentThis is to make the API more consistent with the
FormHelper
variants. You can now providechecked
as a positional or keyword argument:= check_box_tag "admin", "1", false = check_box_tag "admin", "1", checked: false = radio_button_tag 'favorite_color', 'maroon', false = radio_button_tag 'favorite_color', 'maroon', checked: false
Alex Ghiculescu
Allow passing a class to
dom_id
. You no longer need to callnew
when passing a class todom_id
. This makesdom_id
behave likedom_class
in this regard. Apart from saving a few keystrokes, it prevents Ruby from needing to instantiate a whole new object just to generate a string.Before:
dom_id(Post) # => NoMethodError: undefined method `to_key' for Post:Class
After:
dom_id(Post) # => "new_post"
Goulven Champenois
Report
:locals
as part of the data returned byActionView
render instrumentation.Before:
{ identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb", layout: "layouts/application" }
After:
{ identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb", layout: "layouts/application", locals: {foo: "bar"} }
Aaron Gough
Strip
break_sequence
at the end ofword_wrap
.This fixes a bug where
word_wrap
didn't properly strip off break sequences that had printable characters.For example, compare the outputs of this template:
# <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>
Before:
# 11 # 22 # # 33 # 44 #
After:
# 11 # 22 # 33 # 44
Max Chernyak
Allow templates to set strict
locals
.By default, templates will accept any
locals
as keyword arguments. To define whatlocals
a template accepts, add alocals
magic comment:<%# locals: (message:) -%> <%= message %>
Default values can also be provided:
<%# locals: (message: "Hello, world!") -%> <%= message %>
Or
locals
can be disabled entirely:<%# locals: () %>
Joel Hawksley
Add
include_seconds
option fordatetime_local_field
This allows to omit seconds part in the input field, by passing
include_seconds: false
Wojciech Wnętrzak
Guard against ActionView::Helpers::FormTagHelper#field_name calls with nil
object_name
arguments. For example:<%= fields do |f| %> <%= f.field_name :body %> <% end %>
Sean Doyle
Strings returned from
strip_tags
are correctly taggedhtml_safe?
Because these strings contain no HTML elements and the basic entities are escaped, they are safe to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping entities when being concatenated to a SafeBuffer during rendering.
Fixes rails/rails-html-sanitizer#124
Mike Dalessio
Move
convert_to_model
call fromform_for
intoform_with
Now that
form_for
is implemented in terms ofform_with
, remove theconvert_to_model
call fromform_for
.Sean Doyle
Fix and add protections for XSS in
::ActionView::Helpers
and::ERB::Util
.Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option
:escape_attributes
to:escape
, to simplify by applying the option to the whole tag.Álvaro Martín Fraguas
Extend audio_tag and video_tag to accept Active Storage attachments.
Now it's possible to write
audio_tag(user.audio_file) video_tag(user.video_file)
Instead of
audio_tag(polymorphic_path(user.audio_file)) video_tag(polymorphic_path(user.video_file))
image_tag
already supported that, so this follows the same pattern.Matheus Richard
Ensure models passed to
form_for
attempt to callto_model
.Sean Doyle
Please check [7-0-stable]) for previous changes.