* Document the :ignore_date option on time_select
* split documentation comment into two lines
Co-authored-by: Rafael Mendonça França <rafael@franca.dev>
This commit adds support for composite identifiers in `to_key`.
Rails 7.1 adds support for composite primary key which means that
composite primary key models' `#id` method returns an `Array` and
`to_key` needs to avoid double-wrapping the value.
Before this would raise: `NoMethodError: undefined method `to_key' for nil:NilClass`
After it raises `ArumentError: dom_id must be passed a record_or_class as the first parameter, you passed 'nil'`
Rails 7 ships with Turbo enabled by default. Instead of using
`data-method` and `data-confirm`, Turbo now uses `data-turbo-method` and
`data-turbo-confirm` to perform a link visit with the specified HTTP
method and show confirmation dialog respective.
The deprecated legacy options are documented but the new options are
not.
This commit documents the `data-turbo-method` and `data-turbo-confirm`
for the `link_to` method.
The `button_to` documentation has also been updated to reference the
new `link_to` options.
Followup: https://github.com/rails/rails/pull/48645
Some template engines such as `jbuilder` use these Action View primitives
with types other than strings, which breaks a bunch of assumptions.
I wish I could add a test for this, but this is deep in private methods
I don't see a way to cover this.
Using `initializer` in the railtie ran the block before application
initializers. Instead, use `after_initialize` to ensure that
application initializers take effect properly.
The existing content_tag tests document how to use content_tag outside
of erb views with data attributes. But for those who need to use
content_tag with nested content_tags and data attributes outside of
erb views, it can be challenging to find out how to do that.
When I had to do this in a project, it took me longer than I wanted.
Hopefully adding this test with an explicit example of how to achieve that
will others some time.
Running gsub! 5 times with string arguments seems to be faster than
running it once with a regex and Hash.
When there are matches to the regex (there are characters to escape)
this is faster in part because CRuby will allocate a new match object
and string as a key to lookup in the map hash provided. It's possible
that could be optimized upstream, but at the moment this avoids those
allocations.
Surprisingly (at least to me) this is still much faster when there is no
replacement needed: in my test ~3x faster on a short ~200 byte string,
and ~5x faster on a pre-escaped ~600k twitter.json.
Ref: https://github.com/rails/rails/issues/48611
Individual fragments have been cached as bare string since forever,
but somehow fragment cached via collection caching were stored
as `ActionView::OutputBuffer` instances.
This is both bad for performance, but also can cause issues on
Rails upgrades if the internal representation of `AV::OutputBuffer`
changes.
Closes https://github.com/rails/rails/issues/45483
Closes https://github.com/rails/rails/pull/45523
To quote #45483:
> `field_name` is adding an extra index parameter, the extra `[0]` in
> `parent[children_attributes][0][0][grandchildren_attributes][]`
To resolve that issue, this commit reads its default `field_id` and
`field_name` method's `index:` option directly from the `@options`.
Prior to this commit, that value was read from the `@index` instance
variable.
The FormOptionsHelper is only needed in classes where a <select> tag is rendered. It was previously included in the Tags::Base class which unnecessarily included it every child Tag class.
3 methods that originally lived in the Tags::Base class are only used by tags that output a <select> tag. These were extracted into a SelectRenderer module which is now only added to the tags that need it.
Fix: https://github.com/rails/rails/issues/48402
Some HTTP client and proxies have a 4kiB header limit, but more importantly
including preload links has diminishing returns so it's best to not go overboard
1kB worth of preload links should be plenty.
I noticed that during our application's boot we were spending more time
than desirable matching against this BLOCK_EXPR regex. This was slower
than necessary because even though this regex engine only cares about
the end of the string, Ruby's regex engine only works forward, and this
regex would match whitespace anywhere inside the string using two
ambiguous adjacent whitespace repetitions.
We don't expect untrusted code here (this is Ruby in our ERB which we
are going to execute), but with realistic strings this still causes
unnecessary backtracking.
This commit fixes the problem by removing the initial "\s*" (since this
is optional we don't need to capture it, we can just find the match
later if it exists) and replacing the following "\s+" with just "\s"
(similarly we don't care how many whitespace appear in a row, we can
just match later if there is more than one).
Testing against all the ERB expressions in our app this is 10x faster:
from 1.5 seconds to 0.1 seconds.
This test was failing because the parameter `a` in the accept header
is now being correctly extracted as a mime type.
This test was expecting that Rails would extract it an an empty accept
header, that will only happen now if the `q` parameter that has special
meaning in used.
* new config value: action_view.sanitizer_vendor
* SanitizerHelper defaults to Rails::HTML4::Sanitizer
* 7.1 config defaults to Rails::HTML5::Sanitizer if it's supported
to avoid testing specific sanitizations and instead:
- unit test SanitizeHelper using a mock vendor and mock sanitizers
- integration test support vendors
Note that we only have one supported vendor today --
Rails::Html::Sanitizer -- but this commit helps prepare the codebase
so we can add another, Rails::HTML5::Sanitizer.
The upstream vendor, rails-html-sanitizer, is adequately testing the
sanitization behavior expected by Rails and so this commit removes all
but the most basic expectations for each sanitizer type.
Equivalent tests exist upstream in rails-html-sanitizer, and leaving
these here mean our tests are coupled to r-h-s and are liable to break
as the allowlists evolve.
Text tokens may be conditionally appended to the output buffer. For
example if we have a template like this:
```erb
<h1>Oh no!</h1>
This template has a runtime error
<b>
<% if true %>
<%= method_that_does_not_exist %>
<% end %>
</b>
Yikes!
```
In the above case, a string literal (`" "`) will be conditionally
appended to the output buffer with some code like below:
```ruby
@output_buffer.safe_append=' '.freeze
```
This commit teaches text tokens (string literals) to scan forward in the
compiled template until it finds the literal, thereby skipping the code
generated for appending to the output buffer.
Related to:
* Bug: https://github.com/rails/rails/issues/48173
* PR: https://github.com/rails/rails/pull/48184
This method previously maintained the `html_safe?` property of a string on the return
value. Because this string has been escaped, however, not marking it as `html_safe` causes
entities to be double-escaped.
As an example, take this view snippet:
```html
<p><%= html_escape_once("this & that & the other") %></p>
```
Before this change, that would be double-escaped and render as:
```html
<p>this &amp; that &amp; the other</p>
```
After this change, it renders correctly as:
```html
<p>this & that & the other</p>
```
[Fix#48256]