Releases: phlex-ruby/phlex
1.1.1
This release fixed a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. CVE-2024-28199
1.0.1
This release fixed a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. CVE-2024-28199
1.9.0
- Improved documentation
- Fixed an issue with flushing to the buffer while capturing
- Added
<canvas>element - Very minor performance improvements by using
blockinstead ofblock_given?where a block has already been captured Integerobjects are now handled by theformat_objectmethod, which you can override to customise how various objects are rendered- You can now use
renderwithStringandMethodobjects
1.8.1
Fixed a bug that affects the use of render? predicate to prevent rendering.
Summary: https://github.com/phlex-ruby/phlex/blob/main/CHANGELOG.md#181-2024-04-19
Full Changelog: 1.8.0...1.8.1
1.8.0
Hot on the heels of 1.7.0 since we unintentionally removed the ability to use Integers and Floats as attribute values. This release brings that back.
Summary: https://github.com/phlex-ruby/phlex/blob/main/CHANGELOG.md#180-2024-04-19
Full Changelog: 1.7.0...1.8.1
1.7.0
1.6.1
Under-the-hood performance improvements and improved element register for future phlex-compiler compatibility.
What's Changed
- Avoid redundant
@_context.targetcalls by @joeldrapper in #532 - Improved element register by @joeldrapper in #531
Full Changelog: 1.6.0...1.6.1
Contributors
Assets 2
1.6.0
Highlights
Significantly improved memory utilisation when capturing
This was causing issues for some users.
Added support for rendering enumerables of renderables
Instead of iterating over an enumerable of renderables, rendering each item, you can now just render the list.
Added support for rendering Procs
When you pass render a Proc, it forwards it to yield_content
What's Changed
- Introduce global context by @joeldrapper in #526
__vanish__should yield args by @joeldrapper in #527- Support rendering enumerables by @joeldrapper in #521
- Support rendering procs by @joeldrapper in #528
Full Changelog: 1.5.1...1.6.0
Contributors
Assets 2
1.5.1
Quick bug fix release.
1.5.0
Highlights
Rename text → plain
We recently added support for SVGs and the SVG spec includes a <text> element. In order to support this tag and be consistent across SVG and HTML, we renamed text to plain. You can still use text in Phlex::HTML components for now, but it will be removed from the next minor release.
Switch to ERB::Escape and depend on ERB 4
Rails, in its infinite wisdom, decided to patch ERB::Util.html_escape so it doesn’t HTML-escape certain strings. In order to bypass this patch, later versions of ERB provide ERB::Escape.html_escape, which they (and we) hope Rails will not patch. Phlex switched to using this new html_escape method, which means we now depend on ERB 4. Luckily ERB is now a gem which can be upgraded independently of Ruby itself so I hope this won’t cause any issues. In fact, upgrading ERB should make your app faster even if you’re stuck on an older version of Ruby.
Make the capture method global
The capture method used to only support blocks from the same exact component instance, since it worked by temporarily replacing the component's buffer with a new string. Now, instead of temporarily pointing at a new string, it makes a copy of the original buffer, clears it, yields the block, makes another copy of the buffer, clears it again, pushes the original copy back onto the buffer and returns the new copy. This means we can yield blocks from other components and still capture the output.
As part of this change, we've also had to update the way Phlex works with explicitly provided buffers. We now maintain an internal buffer and write it to the external buffer so the external buffer only needs to support the method <<(String): -> self. This covers Strings, Arrays and Enumerators out-of-the-box. The default is a mutable string and you usually don't need to think about it.
Custom attribute pre-processing
You can now define the method process_attributes(**attributes) to return a Hash of processed attributes if you want to do your own custom processing. This method should be deterministic, since attributes will still be cached based on the original Hash not the processed Hash. If you define the process_attributes method, the attributes cache will also be isolated to the class, which comes with a ~10% performance cost compared with a shared attribute cache.
Underlying improvements to storing a registry of elements
We also made some underlying improvements to how Phlex remembers which elements have been registered. In the future, this will allow us to compile custom elements you’ve registered yourself. It also means you can register custom elements in modules that extend Phlex::Rails::Elements, which is great for the plugin ecosystem.
What's Changed
- Rename
texttoplainby @joeldrapper in #504 - Use
ERB::Escapeby @joeldrapper in #505 - Specify ERB dependency by @joeldrapper in #506
- Shim
Phlex::HTML#textmethod including deprecation warning by @marcoroth in #507 - Mention another repos on README.md by @stephannv in #509
- Refactor away the need for storing a list of registered elements by @willcosgrove in #511
- Change strategy of determining the origin of an element method by @willcosgrove in #512
- Fix element original method name change not applied to void elements by @willcosgrove in #514
- Global capture by @joeldrapper in #513
- Pre-process attributes with a class-isolated attribute cache by @joeldrapper in #515
Full Changelog: 1.4.0...1.5.0
