Rails 7.0.6 (June 29, 2023)
- No changes.
Rails 7.0.5.1 (June 26, 2023)
- No changes.
Rails 7.0.5 (May 24, 2023)
FormBuilder#id
finds id set byform_for
andform_with
.Matt Polito
Allow all available locales for template lookups.
Ben Dilley
Choices of
select
can optionally contain html attributes as the last element
of the child arrays when using grouped/nested collections<%= form.select :foo, [["North America", [["United States","US"],["Canada","CA"]], { disabled: "disabled" }]] %> # => United StatesCanada
Chris Gunther
Rails 7.0.4.3 (March 13, 2023)
Ignore certain data-* attributes in rails-ujs when element is contenteditable
[CVE-2023-23913]
Rails 7.0.4.2 (January 24, 2023)
- No changes.
Rails 7.0.4.1 (January 17, 2023)
- No changes.
Rails 7.0.4 (September 09, 2022)
Guard against
ActionView::Helpers::FormTagHelper#field_name
calls with nil
object_name
arguments. For example:<%= fields do |f| %> <%= f.field_name :body %> <% end %>
Sean Doyle
Strings returned from
strip_tags
are correctly taggedhtml_safe?
Because these strings contain no HTML elements and the basic entities are escaped, they are safe
to be included as-is as PCDATA in HTML content. Tagging them as html-safe avoids double-escaping
entities when being concatenated to a SafeBuffer during rendering.Fixes rails/rails-html-sanitizer#124
Mike Dalessio
Rails 7.0.3.1 (July 12, 2022)
- No changes.
Rails 7.0.3 (May 09, 2022)
Ensure models passed to
form_for
attempt to callto_model
.Sean Doyle
Rails 7.0.2.4 (April 26, 2022)
Fix and add protections for XSS in
ActionView::Helpers
andERB::Util
.Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
:escape_attributes
to:escape
, to simplify by applying the option to the
whole tag.Álvaro Martín Fraguas
Rails 7.0.2.3 (March 08, 2022)
- No changes.
Rails 7.0.2.2 (February 11, 2022)
- No changes.
Rails 7.0.2.1 (February 11, 2022)
- No changes.
Rails 7.0.2 (February 08, 2022)
Ensure
preload_link_tag
preloads JavaScript modules correctly.Máximo Mussini
Fix
stylesheet_link_tag
and similar helpers are being used to work in objects with
aresponse
method.dark-panda
Rails 7.0.1 (January 06, 2022)
Fix
button_to
to work with a hash parameter as URL.MingyuanQin
Fix
link_to
with a model passed as an argument twice.Alex Ghiculescu
Rails 7.0.0 (December 15, 2021)
Support
include_hidden:
option in calls to
ActionView::Helper::FormBuilder#file_field
withmultiple: true
to
support submitting an empty collection of files.form.file_field :attachments, multiple: true # => form.file_field :attachments, multiple: true, include_hidden: false # =>
Sean Doyle
Fix
number_with_precision(raise: true)
always raising even on valid numbers.Pedro Moreira
Rails 7.0.0.rc3 (December 14, 2021)
- No changes.
Rails 7.0.0.rc2 (December 14, 2021)
- No changes.
Rails 7.0.0.rc1 (December 06, 2021)
Support
fields model: [@nested, @model]
the same way asform_with model:
.
[@nested, @model]Sean Doyle
Infer HTTP verb
[method]
from a model or Array with model as the first
argument tobutton_to
when combined with a block:button_to(Workshop.find(1)){ "Update" } #=> #=> #=> Update #=> button_to([ Workshop.find(1), Session.find(1) ]) { "Update" } #=> #=> #=> Update #=>
Sean Doyle
Support passing a Symbol as the first argument to
FormBuilder#button
:form.button(:draft, value: true) # => Create post form.button(:draft, value: true) do content_tag(:strong, "Save as draft") end # => # <strong>Save as draft</strong> #
Sean Doyle
Introduce the
field_name
view helper, along with the
FormBuilder#field_name
counterpart:form_for @post do |f| f.field_tag :tag, name: f.field_name(:tag, multiple: true) # => end
Sean Doyle
Execute the
ActionView::Base.field_error_proc
within the context of the
ActionView::Base
instance:config.action_view.field_error_proc = proc { |html| content_tag(:div, html, class: "field_with_errors") }
Sean Doyle
Add support for
button_to ..., authenticity_token: false
button_to "Create", Post.new, authenticity_token: false # => Create button_to "Create", Post.new, authenticity_token: true # => Create button_to "Create", Post.new, authenticity_token: "secret" # => Create
Sean Doyle
Support rendering `
elements _without_
[action]` attributes by:form_with url: false
orform_with ..., html: { action: false }
form_for ..., url: false
orform_for ..., html: { action: false }
form_tag false
orform_tag ..., action: false
button_to "...", false
orbutton_to(false) { ... }
Sean Doyle
Add
:day_format
option todate_select
date_select(“article”, “written_on”, day_format: ->(day) { day.ordinalize })
# generates day options like 1st\n2nd…Shunichi Ikegami
Allow
link_to
helper to infer link name fromModel#to_s
when it
is used with a single argument:link_to @profile
#=> EileenThis assumes the model class implements a
to_s
method like this:class Profile < ApplicationRecord
# …
def to_s
name
end
endPreviously you had to supply a second argument even if the
Profile
model implemented a#to_s
method that called thename
method.link_to @profile, @profile.name
#=> EileenOlivier Lacan
Support svg unpaired tags for
tag
helper.tag.svg { tag.use(‘href’ => “#cool-icon”) }
# =>Oleksii Vasyliev
Rails 7.0.0.alpha2 (September 15, 2021)
- No changes.
Rails 7.0.0.alpha1 (September 15, 2021)
Improves the performance of ActionView::Helpers::NumberHelper formatters by avoiding the use of
exceptions as flow control.Mike Dalessio
preload_link_tag
properly insertsas
attributes for files withimage
MIME types, such as JPG or SVG.Nate Berkopec
Add
weekday_options_for_select
andweekday_select
helper methods. Also addsweekday_select
toFormBuilder
.Drew Bragg, Dana Kashubeck, Kasper Timm Hansen
Add
caching?
helper that returns whether the current code path is being cached anduncacheable!
to denote helper methods that can’t participate in fragment caching.Ben Toews, John Hawthorn, Kasper Timm Hansen, Joel Hawksley
Add
include_seconds
option fortime_field
.<%= form.time_field :foo, include_seconds: false %>
# =>Default includes seconds:
<%= form.time_field :foo %>
# =>This allows you to take advantage of different rendering options in some browsers.
Alex Ghiculescu
Improve error messages when template file does not exist at absolute filepath.
Ted Whang
Add
:country_code
option tosms_to
for consistency withphone_to
.Jonathan Hefner
OpenSSL constants are now used for Digest computations.
Dirkjan Bussink
The
translate
helper now passesdefault
values that aren’t
translation keys throughI18n.translate
for interpolation.Jonathan Hefner
Adds option
extname
tostylesheet_link_tag
to skip default
.css
extension appended to the stylesheet path.Before:
stylesheet_link_tag "style.less" #
After:
stylesheet_link_tag "style.less", extname: false, skip_pipeline: true, rel: "stylesheet/less" #
Abhay Nikam
Deprecate
render
locals to be assigned to instance variables.Petrik de Heus
Remove legacy default
media=screen
fromstylesheet_link_tag
.André Luis Leal Cardoso Junior
Change
ActionView::Helpers::FormBuilder#button
to transformformmethod
attributes into_method="$VERB"
Form Data to enable varied same-form actions:<%= form_with model: post, method: :put do %>
<%= form.button “Update” %>
<%= form.button “Delete”, formmethod: :delete %>
<% end %>
<%# =>
=>
=> Update
=> Delete
=>
%>Sean Doyle
Change
ActionView::Helpers::UrlHelper#button_to
to always render a
“ element, regardless of whether or not the content is passed as
the first argument or as a block.<%= button_to "Delete”, post_path(@post), method: :delete %>
# => Delete<%= button_to post_path(@post), method: :delete do %>
Delete
<% end %>
# => DeleteSean Doyle, Dusan Orlovic
Add
config.action_view.preload_links_header
to allow disabling of
theLink
header being added by default when usingstylesheet_link_tag
andjavascript_include_tag
.Andrew White
The
translate
helper now resolvesdefault
values when anil
key is
specified, instead of always returningnil
.Jonathan Hefner
Add
config.action_view.image_loading
to configure the default value of
theimage_tag
:loading
option.By setting
config.action_view.image_loading = "lazy"
, an application can opt in to
lazy loading images sitewide, without changing view code.Jonathan Hefner
ActionView::Helpers::FormBuilder#id
returns the value
of the `element's
idattribute. With a
methodargument, returns
id` attribute for a form field with that name.
the<%= form_for @post do |f| %>
<%# … %><% content_for :sticky_footer do %>
<%= form.button(form: f.id) %>
<% end %>
<% end %>Sean Doyle
ActionView::Helpers::FormBuilder#field_id
returns the value generated by
the FormBuilder for the given attribute name.<%= form_for @post do |f| %>
<%= f.label :title %>
<%= f.text_field :title, aria: { describedby: f.field_id(:title, :error) } %>
<%= tag.span(“is blank”, id: f.field_id(:title, :error) %>
<% end %>Sean Doyle
Add
tag.attributes
to transform a Hash into HTML Attributes, ready to be
interpolated into ERB.>
# =>Sean Doyle
Please check 6-1-stable for previous changes.