- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.
Benchmarking the existing code:
```ruby
{ :only_path => options[:host].nil? }.merge!(options.symbolize_keys))
```
Against optimized code, that does not require a new hash or a merge:
```ruby
options = options.symbolize_keys
options[:only_path] = options[:host].nil? unless options.key?(:only_path)
options
```
We see a statistically significant performance gain:
Updated to not mutate incoming parameters
Email does not support relative links since there is no implicit host. Therefore all links inside of emails must be fully qualified URLs. All path helpers are now deprecated. When removed, the error will give early indication to developers to use `*_url` methods instead.
Currently if a developer uses a `*_path` helper, their tests and `mail_view` will not catch the mistake. The only way to see the error is by sending emails in production. Preventing sending out emails with non-working path's is the desired end goal of this PR.
Currently path helpers are mixed-in to controllers (the ActionMailer::Base acts as a controller). All `*_url` and `*_path` helpers are made available through the same module. This PR separates this behavior into two modules so we can extend the `*_path` methods to add a Deprecation to them. Once deprecated we can use this same area to raise a NoMethodError and add an informative message directing the developer to use `*_url` instead.
The module with warnings is only mixed in when a controller returns false from the newly added `supports_relative_path?`.
Paired @sgrif & @schneems
[Jonas Baumann & Yves Senn]
The submitted params from a select with `multiple: true` look as follows:
```
{post: {category: [""]}}
{post: {category: ["", "Category 1", "Category 2"]}}
```
This is a follow up to #1552.
The performance is almost the same with both implementations but this is
clear.
Before this patch:
Calculating -------------------------------------
small erb template 1452 i/100ms
-------------------------------------------------
small erb template 17462.1 (±13.3%) i/s - 85668 in 5.031395s
.Calculating -------------------------------------
small erb template with 1 partial
887 i/100ms
-------------------------------------------------
small erb template with 1 partial
8899.6 (±18.8%) i/s - 42576 in 5.009453s
.Calculating -------------------------------------
small erb template with 2 partials
666 i/100ms
-------------------------------------------------
small erb template with 2 partials
6821.5 (±8.8%) i/s - 33966 in 5.020791s
After the patch:
Calculating -------------------------------------
small erb template 1479 i/100ms
-------------------------------------------------
small erb template 15956.6 (±7.6%) i/s - 79866 in 5.036001s
.Calculating -------------------------------------
small erb template with 1 partial
841 i/100ms
-------------------------------------------------
small erb template with 1 partial
9242.2 (±6.9%) i/s - 46255 in 5.029497s
.Calculating -------------------------------------
small erb template with 2 partials
615 i/100ms
-------------------------------------------------
small erb template with 2 partials
6524.7 (±6.8%) i/s - 32595 in 5.020456s
You can find the benchmark code at
https://gist.github.com/rafaelfranca/dee31120cfdb1ddc3b56
The iteration object is available as the local variable
"template_name_iteration" when rendering partials with collections.
It gives access to the +size+ of the collection beeing iterated over,
the current +index+ and two convinicence methods +first?+ and +last?+
"template_name_counter" variable is kept but is deprecated.
[Joel Junström + Lucas Uyezu]
Since 6857415187810f1289068a448268264d0cf0844f we are using #safe_join to
join the content when an Array is given, so we must include the dependent
module here to make sure it's available when this module is used alone.
This was making Simple Form tests to fail with current master due to the
missing dependency.
Rename `include_seconds_or_options` to `options` to match 6b9356a (which removed the deprecation introduced by #6077). This has no functional impact because the parameter is passed directly through, but makes it clearer that the parameter no longer supports a boolean as input.
Using ruby-prof, I noticed that Set#add had the largest 'self time'
percentage (5% of the overall time spent rendering) when
benchmarking the rendering of a small cached ERB template that was 3
lines long. It turns out it was from this line. I don't believe the
Set is necessary, either. Removing this line increases the rendering
ips using Benchmark::ips accordingly.
Original implementation has bugs if the regex contains a match group.
Example:
excerpt('This is a beautiful? morning', /\b(beau\w*)\b/i, :radius => 5)
Expected: "...is a beautiful? mor..."
Actual: "...is a beautifulbeaut..."
The original phrase was being converted to a regex and returning the text
either side of the phrase as expected:
'This is a beautiful? morning'.split(/beautiful/i, 2)
# => ["This is a ", "? morning"]
When we have a match with groups the match is returned in the array.
Quoting the ruby docs: "If pattern is a Regexp, str is divided where the
pattern matches. [...] If pattern contains groups, the respective matches will
be returned in the array as well."
'This is a beautiful? morning'.split(/\b(beau\w*)\b/iu, 2)
# => ["This is a ", "beautiful", "? morning"]
If we assume we want to split on the first match – this fix makes that
assumption – we can pass the already assigned `phrase` variable as the place
to split (because we already know that a match exists from line 168).
Originally spotted by Louise Crow (@crowbot) at
https://github.com/mysociety/alaveteli/pull/1557
The helper will yield each matched word, and you can use this instead of the
':highlighter' option for more complex replacing logic:
highlight('My email is me@work.com', EMAIL_REGEXP) { |m| mail_to(m) }
# => 'My email is <a href="mailto:me@work.com">me@work.com</a>'
