This commit fixes the bug convering `false` to `locals[as]` when
`options[:object]` is `false` (close #22260).

According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.

[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week

According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.

[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week

Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option
to provide custom host for the asset

`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`

This commit restricts the back URL to valid
non-javascript URLs.

https://github.com/rails/rails/issues/14444

making selected value to accept Hash like the default option. E.g. selected: {day: params[:day].to_i, month: params[:month].to_id}

Adds in test test_date_select_with_selected_in_hash and change log

fixes typo in CHANGELOG

Stumbled upon this one while trying to deprecate the String/Symbol
passing to `form_for`.

This test passed on an accident, because the signature of `form_for`
currently accepts 2 positional arguments and a block. Calling it with
the wrong number of arguments caused:

```ruby
(byebug) form_for(:post, @post, html: { id: 'create-post' })
*** ArgumentError Exception: wrong number of arguments (3 for 1..2)
```

This made the test pass, because it was still an `ArgumentError`. :-)

It's already represented in the key name. Demonstrate with a test.

Also test that the default isn't output.

Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.

`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.

Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.

Ref. efc6dd55

as string

This will avoid a error be raised when the only input on the form is the
`collection_radio_buttons`.

Earlier
when `data-disable-with` option is added direclty as in options then

```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." data-disable-with="Processing..." />
```

Now
when `data-disable-with` option is added direclty as in options then

```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." />
```

`hfvalue` parts should always be percent encoded, so lets do that!

Revert "use path escaping for email addresses"

This reverts commit 21ffef38.

Due to e25fdad2, we are correctly using
path escaping for email addresses.  This commit fixes the tests to
expect path escaping.

The `url_for` methods in `actionpack` and `actionview`
now make a copy of the provided options
before generating polymorphic paths or URLs.

The bug in the previous behavior
is most noticeable in a case like:

    url_options = [:new, :post, param: 'value']

    if current_page?(url_options)
      css_class = "active"
    end

    link_to "New Post", url_options, class: css_class

In case of the form with nested fields_for, i. e.

<%= form_for :foos, url: root_path do |f| %>
    <% @foos.each do |foo| %>
        <%= f.fields_for 'foo[]', foo do |f2| %>
            <%= f2.text_field :id %>
            <% foo.bars.each do |bar| %>
                <%= f2.fields_for 'bar[]', bar do |b| %>
                    <%= b.text_field :id %>
                <% end %>
            <% end %>
        <% end %>
     <% end %>
    <%= f.submit %>
<% end %>

rails doesn't add index for 'foo' in the inner fields_for block, so field names
in the outer fields_for looks like "foos[foo][#{foo_index}][id]" and in the
inner "foos[foo[]][bar][#{bar_index}][id]". Submitting of such form leads to an
error like:
>ActionController::BadRequest (Invalid request parameters: expected Array
>(got Rack::QueryParser::Params) for param `foo'):

This commit adds indexes for the foos in the inner blocks, so field names
become "foos[foo][#{foo_index}][bar][#{bar_index}][id]" and submitting of such
form works fine as expected.

Fixes #15332

- Extracted `DELIMITED_REGEX` to `delimited_regex` method and made use of  user passed `options[:delimited_regex]` if available. Changed `DELIMITED_REGEX` to `DEFAULT)DELIMITED_REGEX` to signify what it means.
- Added tests for number to delimited and number to currency in both actionview and activesupport.

Changes

Changes

Oops, I broke the build :(

Fixes the method signature of `assign_parameters` which now takes 6
arguments instead of 4. We likely will end up chaning the method
signature further so good to know this test is here.

Prevents double submission by making disable_with the default.

Default disable_with option will only be applied if user has not
specified her/his own disable_with option, whether that is in the
`data-disable-with` string form or the
`:data => { :disable_with => "Saving..." }` hash form. disable_with
will default to the value attribute.

A configuration option was added to opt out of this functionality if
the user so desires.
`config.action_view.automatically_disable_submit_tag = false`

Sometimes you need a specific break sequence while using word wrap and as today the only option we have is "\n" and is hardcoded.

With this change you will be able to specify any break sequence ("\r\n" for example) as an option.

adding proper documentation for break_sequence in ActionView::Helpers::TextHelper.word_wrap

adding some more documentation for word_wrap custom break sequence and making sure we use new hash syntax

Avoid computing the same fragment digest many times when looping over templates.

The cache is cleared on every request so template changes are still picked up.

This is already supported in `ActiveSupport::Inflector#pluralize` and `String#pluralize`, so we just forward the locale.

If a template includes `# Template Collection: ...` anywhere in its
source, that name will be used as the cache name for the partial that is
rendered for the collection.

This allows users to enable collection caching even if the template
doesn't start with `<% cache ... do %>`.

Moreover, the `# Template Collection: ...` notation is recognized in all
template types (and template types other than ERB can define a
resource_cache_call_pattern method to allow the `cache ... do` pattern
to be recognized too).