actiontext 7.2.0 → 7.2.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +13 -1
  3. data/lib/action_text/content.rb +3 -2
  4. data/lib/action_text/gem_version.rb +2 -2
  5. data/lib/action_text/plain_text_conversion.rb +6 -1
  6. data/package.json +1 -1
  7. metadata +17 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d77dbdf62d70a0ee5468ec4b03146cec33d5326dbdd73f3dca7008e516ca751
4
- data.tar.gz: 40ef3f337c58d72213a1655f978793e195d03ad9fecf283115b24af2d4ee359a
3
+ metadata.gz: dff22ea29340985c645f24023a493f071bb20b46bf7219adce5116af1cb2ce09
4
+ data.tar.gz: e8d8db93776bf73f40814736dc238d5643b62434b85ddcffe1c0d9d096d1c940
5
5
  SHA512:
6
- metadata.gz: ca3c5b6008ad562a0c98cf0534fbfaadfd5e79fa97a18c7f3f5ba94e78cd782492ccc380a6a798d2e34b820f26667a01276cd4059460da157e5103d8f67ffd14
7
- data.tar.gz: 9b1190da576e6742190168cdadede33cfa915572e25ef661fcd2b29794122b91860164bc1dd4095e7d18bfa136cd05f77ecf2db36a5bb54264bb0bc172de7d91
6
+ metadata.gz: 3e6e30b5e160f1f7a3475653fd2cafca61e1ddf94320a5937cb8afe2d58feaca027885a37260f2fe96840433428a4b77f8a69435481d24eec27c3b0e9e82e407
7
+ data.tar.gz: 827a4e32168d54371c23143c469674421217b6411bedb180e7c639e643b500f44236afbf47996a82d7f5b09559838c032aaa1c296b4444265a979b15b7fcb7be
data/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
- ## Rails 7.2.0 (August 09, 2024) ##
1
+ ## Rails 7.2.1.1 (October 15, 2024) ##
2
+
3
+ * Avoid backtracing in plain_text_for_blockquote_node
4
+
5
+ [CVE-2024-47888]
6
+
7
+ ## Rails 7.2.1 (August 22, 2024) ##
2
8
 
9
+ * Strip `content` attribute if the key is present but the value is empty
10
+
11
+ *Jeremy Green*
12
+
13
+
14
+ ## Rails 7.2.0 (August 09, 2024) ##
3
15
  * Only sanitize `content` attribute when present in attachments.
4
16
 
5
17
  *Petrik de Heus*
data/lib/action_text/content.rb CHANGED
@@ -97,8 +97,9 @@ module ActionText
97
97
 
98
98
  def render_attachments(**options, &block)
99
99
  content = fragment.replace(ActionText::Attachment.tag_name) do |node|
100
- if node.key? "content"
101
- node["content"] = sanitize_content_attachment(node["content"])
100
+ if node.key?("content")
101
+ sanitized_content = sanitize_content_attachment(node.remove_attribute("content").to_s)
102
+ node["content"] = sanitized_content if sanitized_content.present?
102
103
  end
103
104
  block.call(attachment_for_node(node, **options))
104
105
  end
data/lib/action_text/gem_version.rb CHANGED
@@ -11,8 +11,8 @@ module ActionText
11
11
  module VERSION
12
12
  MAJOR = 7
13
13
  MINOR = 2
14
- TINY = 0
15
- PRE = nil
14
+ TINY = 1
15
+ PRE = "1"
16
16
 
17
17
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
18
18
  end
data/lib/action_text/plain_text_conversion.rb CHANGED
@@ -65,7 +65,12 @@ module ActionText
65
65
 
66
66
  def plain_text_for_blockquote_node(node, index)
67
67
  text = plain_text_for_block(node)
68
- text.sub(/\A(\s*)(.+?)(\s*)\Z/m, '\1“\2”\3')
68
+ return "“”" if text.blank?
69
+
70
+ text = text.dup
71
+ text.insert(text.rindex(/\S/) + 1, "”")
72
+ text.insert(text.index(/\S/), "“")
73
+ text
69
74
  end
70
75
 
71
76
  def plain_text_for_li_node(node, index)
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rails/actiontext",
3
- "version": "7.2.0",
3
+ "version": "7.2.101",
4
4
  "description": "Edit and display rich text in Rails applications",
5
5
  "module": "app/assets/javascripts/actiontext.esm.js",
6
6
  "main": "app/assets/javascripts/actiontext.js",
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actiontext
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.0
4
+ version: 7.2.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Javan Makhmali
8
8
  - Sam Stephenson
9
9
  - David Heinemeier Hansson
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2024-08-09 00:00:00.000000000 Z
13
+ date: 2024-10-15 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -18,56 +18,56 @@ dependencies:
18
18
  requirements:
19
19
  - - '='
20
20
  - !ruby/object:Gem::Version
21
- version: 7.2.0
21
+ version: 7.2.1.1
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - '='
27
27
  - !ruby/object:Gem::Version
28
- version: 7.2.0
28
+ version: 7.2.1.1
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: activerecord
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - '='
34
34
  - !ruby/object:Gem::Version
35
- version: 7.2.0
35
+ version: 7.2.1.1
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - '='
41
41
  - !ruby/object:Gem::Version
42
- version: 7.2.0
42
+ version: 7.2.1.1
43
43
  - !ruby/object:Gem::Dependency
44
44
  name: activestorage
45
45
  requirement: !ruby/object:Gem::Requirement
46
46
  requirements:
47
47
  - - '='
48
48
  - !ruby/object:Gem::Version
49
- version: 7.2.0
49
+ version: 7.2.1.1
50
50
  type: :runtime
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
54
  - - '='
55
55
  - !ruby/object:Gem::Version
56
- version: 7.2.0
56
+ version: 7.2.1.1
57
57
  - !ruby/object:Gem::Dependency
58
58
  name: actionpack
59
59
  requirement: !ruby/object:Gem::Requirement
60
60
  requirements:
61
61
  - - '='
62
62
  - !ruby/object:Gem::Version
63
- version: 7.2.0
63
+ version: 7.2.1.1
64
64
  type: :runtime
65
65
  prerelease: false
66
66
  version_requirements: !ruby/object:Gem::Requirement
67
67
  requirements:
68
68
  - - '='
69
69
  - !ruby/object:Gem::Version
70
- version: 7.2.0
70
+ version: 7.2.1.1
71
71
  - !ruby/object:Gem::Dependency
72
72
  name: nokogiri
73
73
  requirement: !ruby/object:Gem::Requirement
@@ -163,12 +163,12 @@ licenses:
163
163
  - MIT
164
164
  metadata:
165
165
  bug_tracker_uri: https://github.com/rails/rails/issues
166
- changelog_uri: https://github.com/rails/rails/blob/v7.2.0/actiontext/CHANGELOG.md
167
- documentation_uri: https://api.rubyonrails.org/v7.2.0/
166
+ changelog_uri: https://github.com/rails/rails/blob/v7.2.1.1/actiontext/CHANGELOG.md
167
+ documentation_uri: https://api.rubyonrails.org/v7.2.1.1/
168
168
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
169
- source_code_uri: https://github.com/rails/rails/tree/v7.2.0/actiontext
169
+ source_code_uri: https://github.com/rails/rails/tree/v7.2.1.1/actiontext
170
170
  rubygems_mfa_required: 'true'
171
- post_install_message:
171
+ post_install_message:
172
172
  rdoc_options: []
173
173
  require_paths:
174
174
  - lib
@@ -183,8 +183,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
183
183
  - !ruby/object:Gem::Version
184
184
  version: '0'
185
185
  requirements: []
186
- rubygems_version: 3.5.11
187
- signing_key:
186
+ rubygems_version: 3.5.16
187
+ signing_key:
188
188
  specification_version: 4
189
189
  summary: Rich text framework.
190
190
  test_files: []