## Rails 4.2.5.2 (February 26, 2016) ##
* Do not allow render with unpermitted parameter.
Fixes CVE-2016-2098.
*Arthur Neves*
## Rails 4.2.5.1 (January 25, 2015) ##
* Adds boolean argument outside_app_allowed to `ActionView::Resolver#find_templates`
method.
*Aaron Patterson*
## Rails 4.2.5 (November 12, 2015) ##
* Fix `mail_to` when called with `nil` as argument.
*Rafael Mendonça França*
* `url_for` does not modify its arguments when generating polymorphic URLs.
*Bernerd Schaefer*
## Rails 4.2.4 (August 24, 2015) ##
* No Changes *
## Rails 4.2.3 (June 25, 2015) ##
* `translate` should handle `raise` flag correctly in case of both main and default
translation is missing.
Fixes #19967
*Bernard Potocki*
* `translate` allows `default: [[]]` again for a default value of `[]`.
Fixes #19640.
*Adam Prescott*
* `translate` should accept nils as members of the `:default`
parameter without raising a translation missing error. Fixes a
regression introduced 362557e.
Fixes #19419
*Justin Coyne*
* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY`
as input when `precision: 0` is used.
Fixes #19227.
*Yves Senn*
## Rails 4.2.2 (June 16, 2015) ##
* No Changes *
## Rails 4.2.1 (March 19, 2015) ##
* Default translations that have a lower precedence than an html safe default,
but are not themselves safe, should not be marked as html_safe.
*Justin Coyne*
* Added an explicit error message, in `ActionView::PartialRenderer`
for partial `rendering`, when the value of option `as` has invalid characters.
*Angelo Capilleri*
## Rails 4.2.0 (December 20, 2014) ##
* Local variable in a partial is now available even if a falsy value is
passed to `:object` when rendering a partial.
Fixes #17373.
*Agis Anastasopoulos*
* Add support for `:enforce_utf8` option in `form_for`.
This is the same option that was added in 06388b0 to `form_tag` and allows
users to skip the insertion of the UTF8 enforcer tag in a form.
* claudiob *
* Fix a bug that <%= foo(){ %> and <%= foo()do %> in view templates were not regarded
as Ruby block calls.
* Akira Matsuda *
* Update `select_tag` to work correctly with `:include_blank` option passing a string.
Fixes #16483.
*Frank Groeneveld*
* Changed the meaning of `render "foo/bar"`.
Previously, calling `render "foo/bar"` in a controller action is equivalent
to `render file: "foo/bar"`. In Rails 4.2, this has been changed to mean
`render template: "foo/bar"` instead. If you need to render a file, please
change your code to use the explicit form (`render file: "foo/bar"`) instead.
*Jeremy Jackson*
* Add support for ARIA attributes in tags.
Example:
<%= f.text_field :name, aria: { required: "true", hidden: "false" } %>
now generates:
*Paola Garcia Casadiego*
* Provide a `builder` object when using the `label` form helper in block form.
The new `builder` object responds to `translation`, allowing I18n fallback support
when you want to customize how a particular label is presented.
*Alex Robbin*
* Add I18n support for input/textarea placeholder text.
Placeholder I18n follows the same convention as `label` I18n.
*Alex Robbin*
* Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree.
*DHH*
* Add `PartialIteration` object used when rendering collections.
The iteration object is available as the local variable
`#{template_name}_iteration` when rendering partials with collections.
It gives access to the `size` of the collection being iterated over,
the current `index` and two convenience methods `first?` and `last?`.
*Joel Junström*, *Lucas Uyezu*
* Return an absolute instead of relative path from an asset url in the case
of the `asset_host` proc returning nil.
*Jolyon Pawlyn*
* Fix `html_escape_once` to properly handle hex escape sequences (e.g. ᨫ).
*John F. Douthat*
* Added String support for min and max properties for date field helpers.
*Todd Bealmear*
* The `highlight` helper now accepts a block to be used instead of the `highlighter`
option.
*Lucas Mazza*
* The `except` and `highlight` helpers now accept regular expressions.
*Jan Szumiec*
* Flatten the array parameter in `safe_join`, so it behaves consistently with
`Array#join`.
*Paul Grayson*
* Honor `html_safe` on array elements in tag values, as we do for plain string
values.
*Paul Grayson*
* Add `ActionView::Template::Handler.unregister_template_handler`.
It performs the opposite of `ActionView::Template::Handler.register_template_handler`.
*Zuhao Wan*
* Bring `cache_digest` rake tasks up-to-date with the latest API changes.
*Jiri Pospisil*
* Allow custom `:host` option to be passed to `asset_url` helper that
overwrites `config.action_controller.asset_host` for particular asset.
*Hubert Łępicki*
* Deprecate `AbstractController::Base.parent_prefixes`.
Override `AbstractController::Base.local_prefixes` when you want to change
where to find views.
*Nick Sutterer*
* Take label values into account when doing I18n lookups for model attributes.
The following:
# form.html.erb
<%= form_for @post do |f| %>
<%= f.label :type, value: "long" %>
<% end %>
# en.yml
en:
activerecord:
attributes:
post/long: "Long-form Post"
Used to simply return "long", but now it will return "Long-form
Post".
*Joshua Cody*
* Change `asset_path` to use File.join to create proper paths:
Before:
https://some.host.com//assets/some.js
After:
https://some.host.com/assets/some.js
*Peter Schröder*
* Change `favicon_link_tag` default mimetype from `image/vnd.microsoft.icon` to
`image/x-icon`.
Before:
# => favicon_link_tag 'myicon.ico'
After:
# => favicon_link_tag 'myicon.ico'
*Geoffroy Lorieux*
* Remove wrapping div with inline styles for hidden form fields.
We are dropping HTML 4.01 and XHTML strict compliance since input tags directly
inside a form are valid HTML5, and the absence of inline styles help in validating
for Content Security Policy.
*Joost Baaij*
* `collection_check_boxes` respects `:index` option for the hidden field name.
Fixes #14147.
*Vasiliy Ermolovich*
* `date_select` helper with option `with_css_classes: true` does not overwrite other classes.
*Izumi Wong-Horiuchi*
* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY`
as input.
Fixes #14405.
*Yves Senn*
* Add `include_hidden` option to `collection_check_boxes` helper.
*Vasiliy Ermolovich*
* Fixed a problem where the default options for the `button_tag` helper are not
applied correctly.
Fixes #14254.
*Sergey Prikhodko*
* Take variants into account when calculating template digests in ActionView::Digestor.
The arguments to ActionView::Digestor#digest are now being passed as a hash
to support variants and allow more flexibility in the future. The support for
regular (required) arguments is deprecated and will be removed in Rails 5.0 or later.
*Piotr Chmolowski, Łukasz Strzałkowski*
Please check [4-1-stable](https://github.com/rails/rails/blob/4-1-stable/actionview/CHANGELOG.md) for previous changes.