Merge pull request #6055 from mamhoff/fix-unsafe-html-view-component

Fix unsafe html view component, allow ViewComponent 3.21+
solidusio · Jan 6, 2025 · fc5ce71 · fc5ce71
2 parents 9aa24a5 + 7bd0860
commit fc5ce71
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 14 deletions.
diff --git a/admin/lib/solidus_admin/testing_support/component_helpers.rb b/admin/lib/solidus_admin/testing_support/component_helpers.rb
@@ -12,15 +12,9 @@ module ComponentHelpers
       #      "Rendered"
       #    end
       #  end
-      def mock_component(&definition)
-        location = caller(1, 1).first
-        component_class = Class.new(SolidusAdmin::BaseComponent)
-        # ViewComponent will complain if we don't fake a class name:
-        # @see https://github.com/ViewComponent/view_component/blob/5decd07842c48cbad82527daefa3fe9c65a4226a/lib/view_component/base.rb#L371
-        component_class.define_singleton_method(:name) { "Foo" }
-        component_class.define_singleton_method(:to_s) { "#{name} (#{location})" }
-        component_class.class_eval(&definition) if definition
-        component_class
+      def mock_component(class_name = "Foo::Component", &definition)
+        component_class = stub_const(class_name, Class.new(described_class, &definition))
+        component_class.new
       end
     end
   end

diff --git a/admin/solidus_admin.gemspec b/admin/solidus_admin.gemspec
@@ -34,5 +34,5 @@ Gem::Specification.new do |s|
   s.add_dependency 'solidus_core', '> 4.2'
   s.add_dependency 'stimulus-rails', '~> 1.2'
   s.add_dependency 'turbo-rails', '~> 2.0'
-  s.add_dependency 'view_component', ['~> 3.9', '< 3.21.0']
+  s.add_dependency 'view_component', '~> 3.9'
 end
diff --git a/admin/spec/components/solidus_admin/base_component_spec.rb b/admin/spec/components/solidus_admin/base_component_spec.rb
@@ -9,7 +9,7 @@
         def call
           icon_tag("user-line")
         end
-      end.new
+      end
 
       render_inline(component)
 
@@ -42,7 +42,7 @@ def call
 
   describe ".stimulus_id" do
     it "returns the stimulus id for the component" do
-      stub_const("SolidusAdmin::Foo::Bar::Component", Class.new(described_class))
+      mock_component("SolidusAdmin::Foo::Bar::Component") { erb_template "" }
 
       expect(SolidusAdmin::Foo::Bar::Component.stimulus_id).to eq("foo--bar")
       expect(SolidusAdmin::Foo::Bar::Component.new.stimulus_id).to eq("foo--bar")
@@ -55,8 +55,7 @@ def call
 
       allow(Rails.logger).to receive(:debug) { debug_logs << _1 }
 
-      component_class = stub_const("Foo::Component", Class.new(described_class){ erb_template "" })
-      component = component_class.new
+      component = mock_component { erb_template "" }
       render_inline(component)
       translation = component.translate("foo.bar.baz")