actiontext 7.2.0.beta2 → 7.2.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/action_text/content.rb +3 -1
- data/lib/action_text/gem_version.rb +1 -1
- data/package.json +1 -1
- metadata +16 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 65724c998d6b019bb85d677b268775d32c2186626222f56a3020f832adb8927f
|
4
|
+
data.tar.gz: 365d4797f49ba681aefd35e8326e88b1aa1a06b1d8809c1f7d52baa7a8fd8708
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 19644ed4010376665015b5ac97079d66e23f520be347f5e763b78b24633b8be564f26ab5a99443467d6996c20933791be5c433d8bcce13e75182433f47b26057
|
7
|
+
data.tar.gz: fd5ad4003f16c44430f2bf320f1b2dc666a063d3e6fd7bba2e81be7b9c672988260f1de1a2a03ee3a0b55ed024a67e4353d53d067dfb4f703dcfc1dd3ec3fdf4
|
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,17 @@
|
|
1
|
+
## Rails 7.2.0.beta3 (July 11, 2024) ##
|
2
|
+
|
3
|
+
* Only sanitize `content` attribute when present in attachments.
|
4
|
+
|
5
|
+
*Petrik de Heus*
|
6
|
+
|
7
|
+
|
1
8
|
## Rails 7.2.0.beta2 (June 04, 2024) ##
|
2
9
|
|
3
10
|
* Sanitize ActionText HTML ContentAttachment in Trix edit view
|
4
11
|
[CVE-2024-32464]
|
5
12
|
|
13
|
+
*Aaron Patterson*, *Zack Deveau*
|
14
|
+
|
6
15
|
|
7
16
|
## Rails 7.2.0.beta1 (May 29, 2024) ##
|
8
17
|
|
data/lib/action_text/content.rb
CHANGED
@@ -97,7 +97,9 @@ module ActionText
|
|
97
97
|
|
98
98
|
def render_attachments(**options, &block)
|
99
99
|
content = fragment.replace(ActionText::Attachment.tag_name) do |node|
|
100
|
-
node
|
100
|
+
if node.key? "content"
|
101
|
+
node["content"] = sanitize_content_attachment(node["content"])
|
102
|
+
end
|
101
103
|
block.call(attachment_for_node(node, **options))
|
102
104
|
end
|
103
105
|
self.class.new(content, canonicalize: false)
|
data/package.json
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actiontext
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.2.0.
|
4
|
+
version: 7.2.0.beta3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Javan Makhmali
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2024-
|
13
|
+
date: 2024-07-11 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -18,56 +18,56 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - '='
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: 7.2.0.
|
21
|
+
version: 7.2.0.beta3
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - '='
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: 7.2.0.
|
28
|
+
version: 7.2.0.beta3
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: activerecord
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
33
|
- - '='
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: 7.2.0.
|
35
|
+
version: 7.2.0.beta3
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - '='
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: 7.2.0.
|
42
|
+
version: 7.2.0.beta3
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: activestorage
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
47
|
- - '='
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: 7.2.0.
|
49
|
+
version: 7.2.0.beta3
|
50
50
|
type: :runtime
|
51
51
|
prerelease: false
|
52
52
|
version_requirements: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
54
|
- - '='
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: 7.2.0.
|
56
|
+
version: 7.2.0.beta3
|
57
57
|
- !ruby/object:Gem::Dependency
|
58
58
|
name: actionpack
|
59
59
|
requirement: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - '='
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: 7.2.0.
|
63
|
+
version: 7.2.0.beta3
|
64
64
|
type: :runtime
|
65
65
|
prerelease: false
|
66
66
|
version_requirements: !ruby/object:Gem::Requirement
|
67
67
|
requirements:
|
68
68
|
- - '='
|
69
69
|
- !ruby/object:Gem::Version
|
70
|
-
version: 7.2.0.
|
70
|
+
version: 7.2.0.beta3
|
71
71
|
- !ruby/object:Gem::Dependency
|
72
72
|
name: nokogiri
|
73
73
|
requirement: !ruby/object:Gem::Requirement
|
@@ -163,10 +163,10 @@ licenses:
|
|
163
163
|
- MIT
|
164
164
|
metadata:
|
165
165
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
166
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.2.0.
|
167
|
-
documentation_uri: https://api.rubyonrails.org/v7.2.0.
|
166
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.2.0.beta3/actiontext/CHANGELOG.md
|
167
|
+
documentation_uri: https://api.rubyonrails.org/v7.2.0.beta3/
|
168
168
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
169
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.2.0.
|
169
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.2.0.beta3/actiontext
|
170
170
|
rubygems_mfa_required: 'true'
|
171
171
|
post_install_message:
|
172
172
|
rdoc_options: []
|
@@ -179,11 +179,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
179
179
|
version: 3.1.0
|
180
180
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
181
181
|
requirements:
|
182
|
-
- - "
|
182
|
+
- - ">="
|
183
183
|
- !ruby/object:Gem::Version
|
184
|
-
version:
|
184
|
+
version: '0'
|
185
185
|
requirements: []
|
186
|
-
rubygems_version: 3.
|
186
|
+
rubygems_version: 3.5.11
|
187
187
|
signing_key:
|
188
188
|
specification_version: 4
|
189
189
|
summary: Rich text framework.
|