actiontext 7.1.3.4 → 7.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/lib/action_text/content.rb +4 -1
- data/lib/action_text/gem_version.rb +2 -2
- data/lib/action_text.rb +1 -1
- data/package.json +1 -1
- metadata +14 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a46c8b0cd1b2be3d1a882600d4879c8fdb39a3fb453d76107db9180d14961f96
|
4
|
+
data.tar.gz: ef742721e408cf74ce53d7a97a875afe2859afdbd9234cd19dafb45a9ca802aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 388397f9d738efe9a872d06c7f63aac7d880b31835559f21a3a18783d8eee5009dac7d725faaa90bfe842807049f8abdd8e3b51276f5ab041711d88b07239161
|
7
|
+
data.tar.gz: 0eccc5b5bdfbeb05724d050e8c6324abe1e8706cad0dd6f228582bf97b0ec5946f5ffa205e1d98ed9be73dc831b351560e4c5884881f090dd226d2b8f5bd784f
|
data/CHANGELOG.md
CHANGED
@@ -1,12 +1,24 @@
|
|
1
|
+
## Rails 7.1.4 (August 22, 2024) ##
|
2
|
+
|
3
|
+
* Strip `content` attribute if the key is present but the value is empty
|
4
|
+
|
5
|
+
*Jeremy Green*
|
6
|
+
|
7
|
+
* Only sanitize `content` attribute when present in attachments.
|
8
|
+
|
9
|
+
*Petrik de Heus*
|
10
|
+
|
11
|
+
|
1
12
|
## Rails 7.1.3.4 (June 04, 2024) ##
|
2
13
|
|
3
14
|
* Sanitize ActionText HTML ContentAttachment in Trix edit view
|
4
15
|
[CVE-2024-32464]
|
5
16
|
|
17
|
+
*Aaron Patterson*
|
6
18
|
|
7
19
|
## Rails 7.1.3.3 (May 16, 2024) ##
|
8
20
|
|
9
|
-
* Upgrade Trix to 1.
|
21
|
+
* Upgrade Trix to 2.1.1 to fix [CVE-2024-34341](https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99).
|
10
22
|
|
11
23
|
*Rafael Mendonça França*
|
12
24
|
|
data/lib/action_text/content.rb
CHANGED
@@ -94,7 +94,10 @@ module ActionText
|
|
94
94
|
|
95
95
|
def render_attachments(**options, &block)
|
96
96
|
content = fragment.replace(ActionText::Attachment.tag_name) do |node|
|
97
|
-
node
|
97
|
+
if node.key?("content")
|
98
|
+
sanitized_content = sanitize_content_attachment(node.remove_attribute("content").to_s)
|
99
|
+
node["content"] = sanitized_content if sanitized_content.present?
|
100
|
+
end
|
98
101
|
block.call(attachment_for_node(node, **options))
|
99
102
|
end
|
100
103
|
self.class.new(content, canonicalize: false)
|
data/lib/action_text.rb
CHANGED
data/package.json
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actiontext
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.1.
|
4
|
+
version: 7.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Javan Makhmali
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2024-
|
13
|
+
date: 2024-08-22 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -18,56 +18,56 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - '='
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: 7.1.
|
21
|
+
version: 7.1.4
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - '='
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: 7.1.
|
28
|
+
version: 7.1.4
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: activerecord
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
33
|
- - '='
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: 7.1.
|
35
|
+
version: 7.1.4
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - '='
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: 7.1.
|
42
|
+
version: 7.1.4
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: activestorage
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
47
|
- - '='
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: 7.1.
|
49
|
+
version: 7.1.4
|
50
50
|
type: :runtime
|
51
51
|
prerelease: false
|
52
52
|
version_requirements: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
54
|
- - '='
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: 7.1.
|
56
|
+
version: 7.1.4
|
57
57
|
- !ruby/object:Gem::Dependency
|
58
58
|
name: actionpack
|
59
59
|
requirement: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - '='
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: 7.1.
|
63
|
+
version: 7.1.4
|
64
64
|
type: :runtime
|
65
65
|
prerelease: false
|
66
66
|
version_requirements: !ruby/object:Gem::Requirement
|
67
67
|
requirements:
|
68
68
|
- - '='
|
69
69
|
- !ruby/object:Gem::Version
|
70
|
-
version: 7.1.
|
70
|
+
version: 7.1.4
|
71
71
|
- !ruby/object:Gem::Dependency
|
72
72
|
name: nokogiri
|
73
73
|
requirement: !ruby/object:Gem::Requirement
|
@@ -163,10 +163,10 @@ licenses:
|
|
163
163
|
- MIT
|
164
164
|
metadata:
|
165
165
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
166
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.1.
|
167
|
-
documentation_uri: https://api.rubyonrails.org/v7.1.
|
166
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.1.4/actiontext/CHANGELOG.md
|
167
|
+
documentation_uri: https://api.rubyonrails.org/v7.1.4/
|
168
168
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
169
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.1.
|
169
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.1.4/actiontext
|
170
170
|
rubygems_mfa_required: 'true'
|
171
171
|
post_install_message:
|
172
172
|
rdoc_options: []
|
@@ -183,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
183
183
|
- !ruby/object:Gem::Version
|
184
184
|
version: '0'
|
185
185
|
requirements: []
|
186
|
-
rubygems_version: 3.
|
186
|
+
rubygems_version: 3.5.11
|
187
187
|
signing_key:
|
188
188
|
specification_version: 4
|
189
189
|
summary: Rich text framework.
|