Review and improve Action View Overview guide. [ci-skip]
* Samples that use Proc.new {} can likely be simplified to just use proc {}
* Link to the validations guide where we mention it under conditional callbacks
* after_find callbacks are also triggered by a few other methods: take, sole, find_by!
* We could potentially add some more examples on different types of callbacks that aren't there.
* Updated some sections for clarity
Co-authored-by: Petrik de Heus <petrik@deheus.net>
Co-authored-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Co-authored-by: hatsu <hajiwata0308@gmail.com>
Previously if `assert_difference` called with a proc fails, the inspect
output of the proc object was shown. This is not helpful to identify
what went wrong.
With this commit we leverage the experimental
`RubyVM::AbstractSyntaxTree` api of MRI to print the source code of the
proc that was passed to `assert_difference`. On all other platforms the
behavior stays the same.
The same applies to `assert_changes`.
Add examples and explain that RecordNotDestroyed triggered by throwing
:abort in callbacks.
Co-authored-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Improve RTL language support, specifically focused on Arabic (MSA), Farsi, and Hebrew languages, including custom fonts for those languages, a javascript to detect auto-translation and shift the dir attribute, and other cleanup based on volunteer feedback.
Co-authored-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
As of Ruby 2.6, ::Time supports rich timezone objects and expects them
to follow a similar API to tzinfo. Mostly we already do this with
ActiveSupport::TimeZone, delegating to the underlying tzinfo object,
except we were missing the API to display the timezone's name.
Calling strftime with "%Z" will try the following on the timezone:
* zone.abbr(time)
* zone.strftime("%Z", time)
* zone.name
Because we only implemented name, a ::Time created with an
ActiveSupport::TimeZone would "abbreviate" awkwardly to the full tz
identifier (like "12:34:00 America/Vancouver" instead of "12:34:00
PDT"). This commit implements abbr to make these Times format the same
way as TimeWithZone.
Co-authored-by: Jason Kim <jasonkim@github.com>
This is getting the same treatment as `base64`, `mutex_m`, etc.
In Ruby 3.4 it will start to warn: d7e558e3c4
Remoce require from two files that don't seem to need it
And stop exposing the capybara server port to all interfaces.
We were using this just to make sure the selenium container can access
the capybara server but it can with the default bridge network.
[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.
This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.
[CVE-2024-28103]
The application configurable Permissions-Policy is only
served on responses with an HTML related Content-Type.
This change allows all Content-Types to serve the
configured Permissions-Policy as there are many non-HTML
Content-Types that would benefit from this header.
(examples include image/svg+xml and application/xml)
Executes the first routes reload in middleware, or when the route set
url_helpers is called. Previously, this was executed unconditionally on
boot, which can slow down boot time unnecessarily for larger apps with
lots of routes.
