Merge branch 'sec-fix-master'
This commit is contained in:
commit
abcbd0bef7
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -1,15 +1,7 @@
|
||||||
## master (unreleased)
|
## 3.1.0
|
||||||
|
|
||||||
### enhancements
|
### enhancements
|
||||||
* Update foundation generator to version 5. [@jorge-d](https://github.com/jorge-d)
|
* Update foundation generator to version 5. [@jorge-d](https://github.com/jorge-d)
|
||||||
|
|
||||||
### bug fix
|
|
||||||
* Fix `full_error` when the attribute is an association. [@mvdamme](https://github.com/jorge-d)
|
|
||||||
* Fix suppport to `:namespace` and `:index` options for nested check boxes and radio buttons when the attribute is an association.
|
|
||||||
|
|
||||||
## 3.1.0.rc2
|
|
||||||
|
|
||||||
### enhancements
|
|
||||||
* Add mapping to `uuid` columns.
|
* Add mapping to `uuid` columns.
|
||||||
* Add custom namespaces for custom inputs feature. [@vala](https://github.com/vala)
|
* Add custom namespaces for custom inputs feature. [@vala](https://github.com/vala)
|
||||||
* Add `:unless_blank` option to the wrapper API. [@IanVaughan](https://github.com/IanVaughan)
|
* Add `:unless_blank` option to the wrapper API. [@IanVaughan](https://github.com/IanVaughan)
|
||||||
|
@ -39,6 +31,8 @@
|
||||||
* The default form class can now be overridden with `html: { :class }`. [@rmm5t](https://github.com/rmm5t)
|
* The default form class can now be overridden with `html: { :class }`. [@rmm5t](https://github.com/rmm5t)
|
||||||
|
|
||||||
### bug fix
|
### bug fix
|
||||||
|
* Fix `full_error` when the attribute is an association. [@mvdamme](https://github.com/jorge-d)
|
||||||
|
* Fix suppport to `:namespace` and `:index` options for nested check boxes and radio buttons when the attribute is an association.
|
||||||
* Collection input that uses automatic collection translation properly sets checked values.
|
* Collection input that uses automatic collection translation properly sets checked values.
|
||||||
Closes [#971](https://github.com/plataformatec/simple_form/issues/971) [@nashby](https://github.com/nashby)
|
Closes [#971](https://github.com/plataformatec/simple_form/issues/971) [@nashby](https://github.com/nashby)
|
||||||
* Collection input generates `required` attribute if it has `prompt` option. [@nashby](https://github.com/nashby)
|
* Collection input generates `required` attribute if it has `prompt` option. [@nashby](https://github.com/nashby)
|
||||||
|
|
|
@ -43,7 +43,7 @@ GIT
|
||||||
PATH
|
PATH
|
||||||
remote: .
|
remote: .
|
||||||
specs:
|
specs:
|
||||||
simple_form (3.1.0.rc2)
|
simple_form (3.1.0)
|
||||||
actionpack (~> 4.0)
|
actionpack (~> 4.0)
|
||||||
activemodel (~> 4.0)
|
activemodel (~> 4.0)
|
||||||
|
|
||||||
|
|
|
@ -18,13 +18,11 @@ module SimpleForm
|
||||||
def error_text
|
def error_text
|
||||||
text = has_custom_error? ? options[:error] : errors.send(error_method)
|
text = has_custom_error? ? options[:error] : errors.send(error_method)
|
||||||
|
|
||||||
"#{html_escape(options[:error_prefix])} #{text}".lstrip.html_safe
|
"#{html_escape(options[:error_prefix])} #{html_escape(text)}".lstrip.html_safe
|
||||||
end
|
end
|
||||||
|
|
||||||
def full_error_text
|
def full_error_text
|
||||||
text = has_custom_error? ? options[:error] : full_errors.send(error_method)
|
has_custom_error? ? options[:error] : full_errors.send(error_method)
|
||||||
|
|
||||||
text.html_safe
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def error_method
|
def error_method
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
module SimpleForm
|
module SimpleForm
|
||||||
VERSION = "3.1.0.rc2".freeze
|
VERSION = "3.1.0".freeze
|
||||||
end
|
end
|
||||||
|
|
|
@ -32,7 +32,7 @@ class ErrorTest < ActionView::TestCase
|
||||||
|
|
||||||
test 'error generates messages for attribute with single error' do
|
test 'error generates messages for attribute with single error' do
|
||||||
with_error_for @user, :name
|
with_error_for @user, :name
|
||||||
assert_select 'span.error', "can't be blank"
|
assert_select 'span.error', "cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'error generates messages for attribute with one error when using first' do
|
test 'error generates messages for attribute with one error when using first' do
|
||||||
|
@ -85,9 +85,19 @@ class ErrorTest < ActionView::TestCase
|
||||||
assert_no_select 'span.error b'
|
assert_no_select 'span.error b'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'error escapes error text' do
|
||||||
|
@user.errors.add(:action, 'must not contain <b>markup</b>')
|
||||||
|
|
||||||
|
with_error_for @user, :action
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_no_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
test 'error generates an error message with raw HTML tags' do
|
test 'error generates an error message with raw HTML tags' do
|
||||||
with_error_for @user, :name, error_prefix: '<b>Name</b>'.html_safe
|
with_error_for @user, :name, error_prefix: '<b>Name</b>'.html_safe
|
||||||
assert_select 'span.error', "Name can't be blank"
|
assert_select 'span.error', "Name cannot be blank"
|
||||||
assert_select 'span.error b', "Name"
|
assert_select 'span.error b', "Name"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -95,7 +105,7 @@ class ErrorTest < ActionView::TestCase
|
||||||
|
|
||||||
test 'full error generates a full error tag for the attribute' do
|
test 'full error generates a full error tag for the attribute' do
|
||||||
with_full_error_for @user, :name
|
with_full_error_for @user, :name
|
||||||
assert_select 'span.error', "Super User Name! can't be blank"
|
assert_select 'span.error', "Super User Name! cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'full error generates a full error tag with a clean HTML' do
|
test 'full error generates a full error tag with a clean HTML' do
|
||||||
|
@ -105,22 +115,31 @@ class ErrorTest < ActionView::TestCase
|
||||||
|
|
||||||
test 'full error allows passing options to full error tag' do
|
test 'full error allows passing options to full error tag' do
|
||||||
with_full_error_for @user, :name, id: 'name_error', error_prefix: "Your name"
|
with_full_error_for @user, :name, id: 'name_error', error_prefix: "Your name"
|
||||||
assert_select 'span.error#name_error', "Your name can't be blank"
|
assert_select 'span.error#name_error', "Your name cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'full error does not modify the options hash' do
|
test 'full error does not modify the options hash' do
|
||||||
options = { id: 'name_error' }
|
options = { id: 'name_error' }
|
||||||
with_full_error_for @user, :name, options
|
with_full_error_for @user, :name, options
|
||||||
assert_select 'span.error#name_error', "Super User Name! can't be blank"
|
assert_select 'span.error#name_error', "Super User Name! cannot be blank"
|
||||||
assert_equal({ id: 'name_error' }, options)
|
assert_equal({ id: 'name_error' }, options)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'full error escapes error text' do
|
||||||
|
@user.errors.add(:action, 'must not contain <b>markup</b>')
|
||||||
|
|
||||||
|
with_full_error_for @user, :action
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_no_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
|
||||||
# CUSTOM WRAPPERS
|
# CUSTOM WRAPPERS
|
||||||
|
|
||||||
test 'error with custom wrappers works' do
|
test 'error with custom wrappers works' do
|
||||||
swap_wrapper do
|
swap_wrapper do
|
||||||
with_error_for @user, :name
|
with_error_for @user, :name
|
||||||
assert_select 'span.omg_error', "can't be blank"
|
assert_select 'span.omg_error', "cannot be blank"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -158,7 +177,7 @@ class ErrorTest < ActionView::TestCase
|
||||||
# CUSTOM ERRORS
|
# CUSTOM ERRORS
|
||||||
|
|
||||||
test 'input with custom error works' do
|
test 'input with custom error works' do
|
||||||
error_text = "Super User Name! can't be blank"
|
error_text = "Super User Name! cannot be blank"
|
||||||
with_form_for @user, :name, error: error_text
|
with_form_for @user, :name, error: error_text
|
||||||
|
|
||||||
assert_select 'span.error', error_text
|
assert_select 'span.error', error_text
|
||||||
|
@ -167,24 +186,56 @@ class ErrorTest < ActionView::TestCase
|
||||||
test 'input with error option as true does not use custom error' do
|
test 'input with error option as true does not use custom error' do
|
||||||
with_form_for @user, :name, error: true
|
with_form_for @user, :name, error: true
|
||||||
|
|
||||||
assert_select 'span.error', "can't be blank"
|
assert_select 'span.error', "cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'input with custom error does not generate the error if there is no error on the attribute' do
|
test 'input with custom error does not generate the error if there is no error on the attribute' do
|
||||||
with_form_for @user, :active, error: "Super User Active! can't be blank"
|
with_form_for @user, :active, error: "Super User Active! cannot be blank"
|
||||||
|
|
||||||
assert_no_select 'span.error'
|
assert_no_select 'span.error'
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'input with custom error works when using full_error component' do
|
test 'input with custom error works when using full_error component' do
|
||||||
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
||||||
error_text = "Super User Name! can't be blank"
|
error_text = "Super User Name! cannot be blank"
|
||||||
with_form_for @user, :name, error: error_text
|
with_form_for @user, :name, error: error_text
|
||||||
|
|
||||||
assert_select 'span.error', error_text
|
assert_select 'span.error', error_text
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'input with custom error escapes the error text' do
|
||||||
|
with_form_for @user, :name, error: 'error must not contain <b>markup</b>'
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_no_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'input with custom error does not escape the error text if it is safe' do
|
||||||
|
with_form_for @user, :name, error: 'error must contain <b>markup</b>'.html_safe
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'input with custom error escapes the error text using full_error component' do
|
||||||
|
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
||||||
|
with_form_for @user, :name, error: 'error must not contain <b>markup</b>'
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_no_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'input with custom error does not escape the error text if it is safe using full_error component' do
|
||||||
|
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
||||||
|
with_form_for @user, :name, error: 'error must contain <b>markup</b>'.html_safe
|
||||||
|
|
||||||
|
assert_select 'span.error'
|
||||||
|
assert_select 'span.error b', 'markup'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
test 'input with custom error when using full_error component does not generate the error if there is no error on the attribute' do
|
test 'input with custom error when using full_error component does not generate the error if there is no error on the attribute' do
|
||||||
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
||||||
with_form_for @user, :active, error: "Super User Active! can't be blank"
|
with_form_for @user, :active, error: "Super User Active! can't be blank"
|
||||||
|
|
|
@ -327,7 +327,7 @@ class FormBuilderTest < ActionView::TestCase
|
||||||
|
|
||||||
test 'builder generates errors for attribute with errors' do
|
test 'builder generates errors for attribute with errors' do
|
||||||
with_form_for @user, :name
|
with_form_for @user, :name
|
||||||
assert_select 'span.error', "can't be blank"
|
assert_select 'span.error', "cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'builder is able to disable showing errors for an input' do
|
test 'builder is able to disable showing errors for an input' do
|
||||||
|
@ -337,7 +337,7 @@ class FormBuilderTest < ActionView::TestCase
|
||||||
|
|
||||||
test 'builder passes options to errors' do
|
test 'builder passes options to errors' do
|
||||||
with_form_for @user, :name, error_html: { id: "cool" }
|
with_form_for @user, :name, error_html: { id: "cool" }
|
||||||
assert_select 'span.error#cool', "can't be blank"
|
assert_select 'span.error#cool', "cannot be blank"
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'placeholder does not be generated when set to false' do
|
test 'placeholder does not be generated when set to false' do
|
||||||
|
|
|
@ -139,7 +139,7 @@ class WrapperTest < ActionView::TestCase
|
||||||
test 'custom wrappers can have full error message on attributes' do
|
test 'custom wrappers can have full error message on attributes' do
|
||||||
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
swap_wrapper :default, self.custom_wrapper_with_full_error do
|
||||||
with_form_for @user, :name
|
with_form_for @user, :name
|
||||||
assert_select 'span.error', "Name can't be blank"
|
assert_select 'span.error', "Name cannot be blank"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -175,7 +175,7 @@ class User
|
||||||
def errors
|
def errors
|
||||||
@errors ||= begin
|
@errors ||= begin
|
||||||
errors = ActiveModel::Errors.new(self)
|
errors = ActiveModel::Errors.new(self)
|
||||||
errors.add(:name, "can't be blank")
|
errors.add(:name, "cannot be blank")
|
||||||
errors.add(:description, 'must be longer than 15 characters')
|
errors.add(:description, 'must be longer than 15 characters')
|
||||||
errors.add(:age, 'is not a number')
|
errors.add(:age, 'is not a number')
|
||||||
errors.add(:age, 'must be greater than 18')
|
errors.add(:age, 'must be greater than 18')
|
||||||
|
|
Loading…
Reference in New Issue