mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
rails/actionview/CHANGELOG.md

3.4 KiB
Raw Blame History

  • Report :locals as part of the data returned by ActionView render instrumentation.

    Before:

    {
identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
layout: "layouts/application"
}

    After:

    {
identifier: "/Users/adam/projects/notifications/app/views/posts/index.html.erb",
layout: "layouts/application",
locals: {foo: "bar"}
}

    Aaron Gough

  • Strip break_sequence at the end of word_wrap.

    This fixes a bug where word_wrap didn't properly strip off break sequences that had printable characters.

    For example, compare the outputs of this template:

    # <%= word_wrap("11 22\n33 44", line_width: 2, break_sequence: "\n# ") %>

    Before:

    # 11
# 22
#
# 33
# 44
#

    After:

    # 11
# 22
# 33
# 44

    Max Chernyak

  • Allow templates to set strict locals.

    By default, templates will accept any locals as keyword arguments. To define what locals a template accepts, add a locals magic comment:

    <%# locals: (message:) -%>
<%= message %>

    Default values can also be provided:

    <%# locals: (message: "Hello, world!") -%>
<%= message %>

    Or locals can be disabled entirely:

    <%# locals: () %>

    Joel Hawksley

  • Add include_seconds option for datetime_local_field

    This allows to omit seconds part in the input field, by passing include_seconds: false

    Wojciech Wnętrzak

  • Guard against ActionView::Helpers::FormTagHelper#field_name calls with nil object_name arguments. For example:

    <%= fields do |f| %>
  <%= f.field_name :body %>
<% end %>

    Sean Doyle

  • Strings returned from strip_tags are correctly tagged html_safe?

    Because these strings contain no HTML elements and the basic entities are escaped, they are safe to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping entities when being concatenated to a SafeBuffer during rendering.

    Fixes rails/rails-html-sanitizer#124

    Mike Dalessio

  • Move convert_to_model call from form_for into form_with

    Now that form_for is implemented in terms of form_with, remove the convert_to_model call from form_for.

    Sean Doyle

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag.

    Álvaro Martín Fraguas

  • Extend audio_tag and video_tag to accept Active Storage attachments.

    Now it's possible to write

    audio_tag(user.audio_file)
video_tag(user.video_file)

    Instead of

    audio_tag(polymorphic_path(user.audio_file))
video_tag(polymorphic_path(user.video_file))

    image_tag already supported that, so this follows the same pattern.

    Matheus Richard

  • Ensure models passed to form_for attempt to call to_model.

    Sean Doyle

Please check 7-0-stable for previous changes.