1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Merge pull request #32125 from rails/switch-to-not-enforcing-utf8-by-default

Don't enforce UTF-8 by default
This commit is contained in:
Andrew White 2018-02-27 15:54:44 +00:00 committed by GitHub
commit 70169dca8f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 202 additions and 42 deletions

View file

@ -1,5 +1,13 @@
## Rails 6.0.0.alpha (Unreleased) ##
* Don't enforce UTF-8 by default
With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.
*Andrew White*
* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
*Rui Onodera*

View file

@ -1519,10 +1519,10 @@ module ActionView
private
def html_options_for_form_with(url_for_options = nil, model = nil, html: {}, local: !form_with_generates_remote_forms,
skip_enforcing_utf8: false, **options)
skip_enforcing_utf8: nil, **options)
html_options = options.slice(:id, :class, :multipart, :method, :data).merge(html)
html_options[:method] ||= :patch if model.respond_to?(:persisted?) && model.persisted?
html_options[:enforce_utf8] = !skip_enforcing_utf8
html_options[:enforce_utf8] = !skip_enforcing_utf8 unless skip_enforcing_utf8.nil?
html_options[:enctype] = "multipart/form-data" if html_options.delete(:multipart)

View file

@ -22,6 +22,8 @@ module ActionView
mattr_accessor :embed_authenticity_token_in_remote_forms
self.embed_authenticity_token_in_remote_forms = nil
mattr_accessor :default_enforce_utf8, default: true
# Starts a form tag that points the action to a url configured with <tt>url_for_options</tt> just like
# ActionController::Base#url_for. The method for the form defaults to POST.
#
@ -866,7 +868,7 @@ module ActionView
})
end
if html_options.delete("enforce_utf8") { true }
if html_options.delete("enforce_utf8") { default_enforce_utf8 }
utf8_enforcer_tag + method_tag
else
method_tag

View file

@ -9,6 +9,7 @@ module ActionView
config.action_view = ActiveSupport::OrderedOptions.new
config.action_view.embed_authenticity_token_in_remote_forms = nil
config.action_view.debug_missing_translation = true
config.action_view.default_enforce_utf8 = nil
config.eager_load_namespaces << ActionView
@ -35,6 +36,15 @@ module ActionView
end
end
initializer "action_view.default_enforce_utf8" do |app|
ActiveSupport.on_load(:action_view) do
default_enforce_utf8 = app.config.action_view.delete(:default_enforce_utf8)
unless default_enforce_utf8.nil?
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = default_enforce_utf8
end
end
end
initializer "action_view.logger" do
ActiveSupport.on_load(:action_view) { self.logger ||= Rails.logger }
end

View file

@ -14,6 +14,16 @@ class FormWithTest < ActionView::TestCase
teardown do
ActionView::Helpers::FormHelper.form_with_generates_ids = @old_value
end
private
def with_default_enforce_utf8(value)
old_value = ActionView::Helpers::FormTagHelper.default_enforce_utf8
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = value
yield
ensure
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = old_value
end
end
class FormWithActsLikeFormTagTest < FormWithTest
@ -111,6 +121,24 @@ class FormWithActsLikeFormTagTest < FormWithTest
assert_predicate actual, :html_safe?
end
def test_form_with_default_enforce_utf8_false
with_default_enforce_utf8 false do
actual = form_with
expected = whole_form("http://www.example.com", skip_enforcing_utf8: true)
assert_dom_equal expected, actual
assert_predicate actual, :html_safe?
end
end
def test_form_with_default_enforce_utf8_true
with_default_enforce_utf8 true do
actual = form_with
expected = whole_form("http://www.example.com", skip_enforcing_utf8: false)
assert_dom_equal expected, actual
assert_predicate actual, :html_safe?
end
end
def test_form_with_with_block_in_erb
output_buffer = render_erb("<%= form_with(url: 'http://www.example.com') do %>Hello world!<% end %>")
@ -819,6 +847,34 @@ class FormWithActsLikeFormForTest < FormWithTest
assert_dom_equal expected, output_buffer
end
def test_form_with_default_enforce_utf8_true
with_default_enforce_utf8 true do
form_with(scope: :post) do |f|
concat f.text_field(:title)
end
expected = whole_form("/", skip_enforcing_utf8: false) do
"<input name='post[title]' type='text' value='Hello World' id='post_title' />"
end
assert_dom_equal expected, output_buffer
end
end
def test_form_with_default_enforce_utf8_false
with_default_enforce_utf8 false do
form_with(scope: :post) do |f|
concat f.text_field(:title)
end
expected = whole_form("/", skip_enforcing_utf8: true) do
"<input name='post[title]' type='text' value='Hello World' id='post_title' />"
end
assert_dom_equal expected, output_buffer
end
end
def test_form_with_without_object
form_with(scope: :post, id: "create-post") do |f|
concat f.text_field(:title)
@ -2291,4 +2347,13 @@ class FormWithActsLikeFormForTest < FormWithTest
ensure
I18n.locale = old_locale
end
def with_default_enforce_utf8(value)
old_value = ActionView::Helpers::FormTagHelper.default_enforce_utf8
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = value
yield
ensure
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = old_value
end
end

View file

@ -1995,6 +1995,34 @@ class FormHelperTest < ActionView::TestCase
assert_dom_equal expected, output_buffer
end
def test_form_for_default_enforce_utf8_false
with_default_enforce_utf8 false do
form_for(:post) do |f|
concat f.text_field(:title)
end
expected = whole_form("/", nil, nil, enforce_utf8: false) do
"<input name='post[title]' type='text' id='post_title' value='Hello World' />"
end
assert_dom_equal expected, output_buffer
end
end
def test_form_for_default_enforce_utf8_true
with_default_enforce_utf8 true do
form_for(:post) do |f|
concat f.text_field(:title)
end
expected = whole_form("/", nil, nil, enforce_utf8: true) do
"<input name='post[title]' type='text' id='post_title' value='Hello World' />"
end
assert_dom_equal expected, output_buffer
end
end
def test_form_for_with_remote_in_html
form_for(@post, url: "/", html: { remote: true, id: "create-post", method: :patch }) do |f|
concat f.text_field(:title)
@ -3569,4 +3597,13 @@ class FormHelperTest < ActionView::TestCase
ensure
I18n.locale = old_locale
end
def with_default_enforce_utf8(value)
old_value = ActionView::Helpers::FormTagHelper.default_enforce_utf8
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = value
yield
ensure
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = old_value
end
end

View file

@ -152,6 +152,24 @@ class FormTagHelperTest < ActionView::TestCase
assert_predicate actual, :html_safe?
end
def test_form_tag_default_enforce_utf8_false
with_default_enforce_utf8 false do
actual = form_tag({})
expected = whole_form("http://www.example.com", enforce_utf8: false)
assert_dom_equal expected, actual
assert_predicate actual, :html_safe?
end
end
def test_form_tag_default_enforce_utf8_true
with_default_enforce_utf8 true do
actual = form_tag({})
expected = whole_form("http://www.example.com", enforce_utf8: true)
assert_dom_equal expected, actual
assert_predicate actual, :html_safe?
end
end
def test_form_tag_with_block_in_erb
output_buffer = render_erb("<%= form_tag('http://www.example.com') do %>Hello world!<% end %>")
@ -782,4 +800,13 @@ class FormTagHelperTest < ActionView::TestCase
def root_elem(rendered_content)
Nokogiri::HTML::DocumentFragment.parse(rendered_content).children.first # extract from nodeset
end
def with_default_enforce_utf8(value)
old_value = ActionView::Helpers::FormTagHelper.default_enforce_utf8
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = value
yield
ensure
ActionView::Helpers::FormTagHelper.default_enforce_utf8 = old_value
end
end

View file

@ -588,6 +588,8 @@ Defaults to `'signed cookie'`.
* `config.action_view.form_with_generates_ids` determines whether `form_with` generates ids on inputs. This defaults to `true`.
* `config.action_view.default_enforce_utf8` determines whether forms are generated with a hidden tag that forces older versions of Internet Explorer to submit forms encoded in UTF-8. This defaults to `false`.
### Configuring Action Mailer
There are a number of settings available on `config.action_mailer`:

View file

@ -117,6 +117,9 @@ module Rails
when "6.0"
load_defaults "5.2"
if respond_to?(:action_view)
action_view.default_enforce_utf8 = false
end
else
raise "Unknown version #{target_version.to_s.inspect}"
end

View file

@ -459,7 +459,7 @@ module Rails
def delete_new_framework_defaults
unless options[:update]
remove_file "config/initializers/new_framework_defaults_5_2.rb"
remove_file "config/initializers/new_framework_defaults_6_0.rb"
end
end

View file

@ -1,30 +0,0 @@
# Be sure to restart your server when you modify this file.
#
# This file contains migration options to ease your Rails 5.2 upgrade.
#
# Once upgraded flip defaults one by one to migrate to the new default.
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
# Make Active Record use stable #cache_key alongside new #cache_version method.
# This is needed for recyclable cache keys.
# Rails.application.config.active_record.cache_versioning = true
# Use AES-256-GCM authenticated encryption for encrypted cookies.
# Existing cookies will be converted on read then written with the new scheme.
# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true
# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
# Rails.application.config.active_support.use_authenticated_message_encryption = true
# Add default protection from forgery to ActionController::Base instead of in
# ApplicationController.
# Rails.application.config.action_controller.default_protect_from_forgery = true
# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and
# 'f' after migrating old data.
# Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
# Rails.application.config.active_support.use_sha1_digests = true

View file

@ -0,0 +1,10 @@
# Be sure to restart your server when you modify this file.
#
# This file contains migration options to ease your Rails 6.0 upgrade.
#
# Once upgraded flip defaults one by one to migrate to the new default.
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
# Don't force requests from old versions of IE to be UTF-8 encoded
# Rails.application.config.action_controller.default_enforce_utf8 = false

View file

@ -1766,7 +1766,7 @@ module ApplicationTests
test "represent_boolean_as_integer should be able to set via config.active_record.sqlite3.represent_boolean_as_integer" do
remove_from_config '.*config\.load_defaults.*\n'
app_file "config/initializers/new_framework_defaults_5_2.rb", <<-RUBY
app_file "config/initializers/new_framework_defaults_6_0.rb", <<-RUBY
Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
RUBY
@ -1905,7 +1905,7 @@ module ApplicationTests
test "ActiveSupport::MessageEncryptor.use_authenticated_message_encryption can be configured via config.active_support.use_authenticated_message_encryption" do
remove_from_config '.*config\.load_defaults.*\n'
app_file "config/initializers/new_framework_defaults_5_2.rb", <<-RUBY
app_file "config/initializers/new_framework_defaults_6_0.rb", <<-RUBY
Rails.application.config.active_support.use_authenticated_message_encryption = true
RUBY
@ -1931,7 +1931,7 @@ module ApplicationTests
test "ActiveSupport::Digest.hash_digest_class can be configured via config.active_support.use_sha1_digests" do
remove_from_config '.*config\.load_defaults.*\n'
app_file "config/initializers/new_framework_defaults_5_2.rb", <<-RUBY
app_file "config/initializers/new_framework_defaults_6_0.rb", <<-RUBY
Rails.application.config.active_support.use_sha1_digests = true
RUBY
@ -1952,6 +1952,32 @@ module ApplicationTests
assert_includes ActiveJob::Serializers.serializers, DummySerializer
end
test "ActionView::Helpers::FormTagHelper.default_enforce_utf8 is false by default" do
app "development"
assert_equal false, ActionView::Helpers::FormTagHelper.default_enforce_utf8
end
test "ActionView::Helpers::FormTagHelper.default_enforce_utf8 is true in an upgraded app" do
remove_from_config '.*config\.load_defaults.*\n'
add_to_config 'config.load_defaults "5.2"'
app "development"
assert_equal true, ActionView::Helpers::FormTagHelper.default_enforce_utf8
end
test "ActionView::Helpers::FormTagHelper.default_enforce_utf8 can be configured via config.action_view.default_enforce_utf8" do
remove_from_config '.*config\.load_defaults.*\n'
app_file "config/initializers/new_framework_defaults_6_0.rb", <<-RUBY
Rails.application.config.action_view.default_enforce_utf8 = true
RUBY
app "development"
assert_equal true, ActionView::Helpers::FormTagHelper.default_enforce_utf8
end
private
def force_lazy_load_hooks
yield # Tasty clarifying sugar, homie! We only need to reference a constant to load it.

View file

@ -211,7 +211,7 @@ class AppGeneratorTest < Rails::Generators::TestCase
end
def test_new_application_doesnt_need_defaults
assert_no_file "config/initializers/new_framework_defaults_5_2.rb"
assert_no_file "config/initializers/new_framework_defaults_6_0.rb"
end
def test_new_application_load_defaults
@ -259,14 +259,14 @@ class AppGeneratorTest < Rails::Generators::TestCase
app_root = File.join(destination_root, "myapp")
run_generator [app_root]
assert_no_file "#{app_root}/config/initializers/new_framework_defaults_5_2.rb"
assert_no_file "#{app_root}/config/initializers/new_framework_defaults_6_0.rb"
stub_rails_application(app_root) do
generator = Rails::Generators::AppGenerator.new ["rails"], { update: true }, { destination_root: app_root, shell: @shell }
generator.send(:app_const)
quietly { generator.send(:update_config_files) }
assert_file "#{app_root}/config/initializers/new_framework_defaults_5_2.rb"
assert_file "#{app_root}/config/initializers/new_framework_defaults_6_0.rb"
end
end