1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionview/CHANGELOG.md
2019-03-23 07:22:52 +05:30

230 lines
6.7 KiB
Markdown

## Rails 6.0.0.beta3 (March 11, 2019) ##
* Only accept formats from registered mime types
A lack of filtering on mime types could allow an attacker to read
arbitrary files on the target server or to perform a denial of service
attack.
Fixes CVE-2019-5418
Fixes CVE-2019-5419
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
## Rails 6.0.0.beta2 (February 25, 2019) ##
* ActionView::Template.finalize_compiled_template_methods is deprecated with
no replacement.
*tenderlove*
* config.action_view.finalize_compiled_template_methods is deprecated with
no replacement.
*tenderlove*
* Ensure unique DOM IDs for collection inputs with float values.
Fixes #34974
*Mark Edmondson*
## Rails 6.0.0.beta1 (January 18, 2019) ##
* [Rename npm package](https://github.com/rails/rails/pull/34905) from
[`rails-ujs`](https://www.npmjs.com/package/rails-ujs) to
[`@rails/ujs`](https://www.npmjs.com/package/@rails/ujs).
*Javan Makhmali*
* Remove deprecated `image_alt` helper.
*Rafael Mendonça França*
* Fix the need of `#protect_against_forgery?` method defined in
`ActionView::Base` subclasses. This prevents the use of forms and buttons.
*Genadi Samokovarov*
* Fix UJS permanently showing disabled text in a[data-remote][data-disable-with] elements within forms.
Fixes #33889.
*Wolfgang Hobmaier*
* Prevent non-primary mouse keys from triggering Rails UJS click handlers.
Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.
```
<%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
```
Fixes #34541.
*Wolfgang Hobmaier*
* Prevent `ActionView::TextHelper#word_wrap` from unexpectedly stripping white space from the _left_ side of lines.
For example, given input like this:
```
This is a paragraph with an initial indent,
followed by additional lines that are not indented,
and finally terminated with a blockquote:
"A pithy saying"
```
Calling `word_wrap` should not trim the indents on the first and last lines.
Fixes #34487.
*Lyle Mullican*
* Add allocations to template rendering instrumentation.
Adds the allocations for template and partial rendering to the server output on render.
```
Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
```
*Eileen M. Uchitelle*, *Aaron Patterson*
* Respect the `only_path` option passed to `url_for` when the options are passed in as an array
Fixes #33237.
*Joel Ambass*
* Deprecate calling private model methods from view helpers.
For example, in methods like `options_from_collection_for_select`
and `collection_select` it is possible to call private methods from
the objects used.
Fixes #33546.
*Ana María Martínez Gómez*
* Fix issue with `button_to`'s `to_form_params`
`button_to` was throwing exception when invoked with `params` hash that
contains symbol and string keys. The reason for the exception was that
`to_form_params` was comparing the given symbol and string keys.
The issue is fixed by turning all keys to strings inside
`to_form_params` before comparing them.
*Georgi Georgiev*
* Mark arrays of translations as trusted safe by using the `_html` suffix.
Example:
en:
foo_html:
- "One"
- "<strong>Two</strong>"
- "Three &#128075; &#128578;"
*Juan Broullon*
* Add `year_format` option to date_select tag. This option makes it possible to customize year
names. Lambda should be passed to use this option.
Example:
date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })
The HTML produced:
<select id="user_birthday__1i" name="user_birthday[(1i)]">
<option value="1998">Heisei 10</option>
<option value="1999">Heisei 11</option>
<option value="2000">Heisei 12</option>
</select>
/* The rest is omitted */
*Koki Ryu*
* Fix JavaScript views rendering does not work with Firefox when using
Content Security Policy.
Fixes #32577.
*Yuji Yaginuma*
* Add the `nonce: true` option for `javascript_include_tag` helper to
support automatic nonce generation for Content Security Policy.
Works the same way as `javascript_tag nonce: true` does.
*Yaroslav Markin*
* Remove `ActionView::Helpers::RecordTagHelper`.
*Yoshiyuki Hirano*
* Disable `ActionView::Template` finalizers in test environment.
Template finalization can be expensive in large view test suites.
Add a configuration option,
`action_view.finalize_compiled_template_methods`, and turn it off in
the test environment.
*Simon Coffey*
* Extract the `confirm` call in its own, overridable method in `rails_ujs`.
Example:
Rails.confirm = function(message, element) {
return (my_bootstrap_modal_confirm(message));
}
*Mathieu Mahé*
* Enable select tag helper to mark `prompt` option as `selected` and/or `disabled` for `required`
field.
Example:
select :post,
:category,
["lifestyle", "programming", "spiritual"],
{ selected: "", disabled: "", prompt: "Choose one" },
{ required: true }
Placeholder option would be selected and disabled.
The HTML produced:
<select required="required" name="post[category]" id="post_category">
<option disabled="disabled" selected="selected" value="">Choose one</option>
<option value="lifestyle">lifestyle</option>
<option value="programming">programming</option>
<option value="spiritual">spiritual</option></select>
*Sergey Prikhodko*
* Don't enforce UTF-8 by default.
With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.
*Andrew White*
* Change translation key of `submit_tag` from `module_name_class_name` to `module_name/class_name`.
*Rui Onodera*
* Rails 6 requires Ruby 2.5.0 or newer.
*Jeremy Daer*, *Kasper Timm Hansen*
Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md) for previous changes.