a58db74c4f
The `#csrf_meta_tags` and `#token_tag` Action View helper methods are expecting the class in which are included to explicitly define the method `#protect_against_forgery?` or else they will fail with `NoMethodError`. This is a problem if you want to use Action View outside of Rails applications. For example, in #34788 I used the `#button_to` helper inside of the error pages templates that have a custom `ActionView::Base` subclass, which did not defined `#protect_against_forgery?` and trying to call the button failed. I had to dig inside of Action View to find-out what's was going on. I think we should either set a default method implementation in the helpers or check for the method definition, but don't explicitly require the presence of `#protect_against_forgery?` in every `ActionViews::Base` subclass as the errors are hard to figure out.
5.7 KiB
-
Fix the need of
#protect_against_forgery?method defined inActionView::Basesubclasses. This prevents the use of forms and buttons.Genadi Samokovarov
-
Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms. Fixes #33889
Wolfgang Hobmaier
-
Prevent non-primary mouse keys from triggering Rails UJS click handlers. Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks. For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>Fixes #34541
Wolfgang Hobmaier
-
Prevent
ActionView::TextHelper#word_wrapfrom unexpectedly stripping white space from the left side of lines.For example, given input like this:
This is a paragraph with an initial indent, followed by additional lines that are not indented, and finally terminated with a blockquote: "A pithy saying"Calling
word_wrapshould not trim the indents on the first and last lines.Fixes #34487
Lyle Mullican
-
Add allocations to template rendering instrumentation.
Adds the allocations for template and partial rendering to the server output on render.
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004) Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654) Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)Eileen M. Uchitelle, Aaron Patterson
-
Respect the
only_pathoption passed tourl_forwhen the options are passed in as an arrayFixes #33237.
Joel Ambass
-
Deprecate calling private model methods from view helpers.
For example, in methods like
options_from_collection_for_selectandcollection_selectit is possible to call private methods from the objects used.Fixes #33546.
Ana María Martínez Gómez
-
Fix issue with
button_to'sto_form_paramsbutton_towas throwing exception when invoked withparamshash that contains symbol and string keys. The reason for the exception was thatto_form_paramswas comparing the given symbol and string keys.The issue is fixed by turning all keys to strings inside
to_form_paramsbefore comparing them.Georgi Georgiev
-
Mark arrays of translations as trusted safe by using the
_htmlsuffix.Example:
en: foo_html: - "One" - "<strong>Two</strong>" - "Three 👋 🙂"Juan Broullon
-
Add
year_formatoption to date_select tag. This option makes it possible to customize year names. Lambda should be passed to use this option.Example:
date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })The HTML produced:
<select id="user_birthday__1i" name="user_birthday[(1i)]"> <option value="1998">Heisei 10</option> <option value="1999">Heisei 11</option> <option value="2000">Heisei 12</option> </select> /* The rest is omitted */Koki Ryu
-
Fix JavaScript views rendering does not work with Firefox when using Content Security Policy.
Fixes #32577.
Yuji Yaginuma
-
Add the
nonce: trueoption forjavascript_include_taghelper to support automatic nonce generation for Content Security Policy. Works the same way asjavascript_tag nonce: truedoes.Yaroslav Markin
-
Remove
ActionView::Helpers::RecordTagHelper.Yoshiyuki Hirano
-
Disable
ActionView::Templatefinalizers in test environment.Template finalization can be expensive in large view test suites. Add a configuration option,
action_view.finalize_compiled_template_methods, and turn it off in the test environment.Simon Coffey
-
Extract the
confirmcall in its own, overridable method inrails_ujs.Example:
Rails.confirm = function(message, element) { return (my_bootstrap_modal_confirm(message)); }Mathieu Mahé
-
Enable select tag helper to mark
promptoption asselectedand/ordisabledforrequiredfield.Example:
select :post, :category, ["lifestyle", "programming", "spiritual"], { selected: "", disabled: "", prompt: "Choose one" }, { required: true }Placeholder option would be selected and disabled.
The HTML produced:
<select required="required" name="post[category]" id="post_category"> <option disabled="disabled" selected="selected" value="">Choose one</option> <option value="lifestyle">lifestyle</option> <option value="programming">programming</option> <option value="spiritual">spiritual</option></select>Sergey Prikhodko
-
Don't enforce UTF-8 by default.
With the disabling of TLS 1.0 by most major websites, continuing to run IE8 or lower becomes increasingly difficult so default to not enforcing UTF-8 encoding as it's not relevant to other browsers.
Andrew White
-
Change translation key of
submit_tagfrommodule_name_class_nametomodule_name/class_name.Rui Onodera
-
Rails 6 requires Ruby 2.5.0 or newer.
Jeremy Daer, Kasper Timm Hansen
Please check 5-2-stable for previous changes.