actionview 6.0.3.rc1 → 6.0.3.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionview might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8eafe5ec8eee9ac7ae7c2a412a01e25ecf75d6895cb3a0719b00585e5d9415f3
4
- data.tar.gz: c643fd1d07cea723cb3d19e999b27d5946ec4b4eb278f15e1b952b7de120453d
3
+ metadata.gz: e6282f389eee279f6440f9f50afaf82451b879cc361b88a8d9ef6b87c1e0b8be
4
+ data.tar.gz: 520b6458a6d53f4624567f56b5ded7ee33fe4cec7baa2b203ff1d43935d947d9
5
5
  SHA512:
6
- metadata.gz: 642b3a371281cae6d3d1d88f1761cf74b9ad562d7a8bbe0764aa5b1dd2d4c367bfb229cbc6ee9ebb60d235e44670b68451a72fd8563efe9c640faced6f8d9f5d
7
- data.tar.gz: 82f51fe028a6ab597daa5ba942efabc3d23690c5479740a72f7cc21167e11c4de5463450a9030897c0c743fc9d29feeae8b46c9b0a359d2686f59ff2c9fe7482
6
+ metadata.gz: fb5f8f4244443405de3555039f1a57766eecc9d6c682ffd7103871251c897a81a59d816824de7046eca0ae3479060baebd2921299465f41caaef20614d18bac6
7
+ data.tar.gz: ab3d33e56c39c3f196f8f2fdd0b8d20a6eeda87d7364e448a7e3a8fc01c0668a31c9368a9ce248ac384851c4b2d0fb9f5d93ecfec8520dcd2c479cbdba78d6a8
@@ -1,4 +1,25 @@
1
- ## Rails 6.0.3.rc1 (April 30, 2020) ##
1
+ ## Rails 6.0.3.4 (October 07, 2020) ##
2
+
3
+ * No changes.
4
+
5
+
6
+ ## Rails 6.0.3.3 (September 09, 2020) ##
7
+
8
+ * [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
9
+
10
+ *Jonathan Hefner*
11
+
12
+
13
+ ## Rails 6.0.3.2 (June 17, 2020) ##
14
+
15
+ * No changes.
16
+
17
+
18
+ ## Rails 6.0.3.1 (May 18, 2020) ##
19
+
20
+ * [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
21
+
22
+ ## Rails 6.0.3 (May 06, 2020) ##
2
23
 
3
24
  * annotated_source_code returns an empty array so TemplateErrors without a
4
25
  template in the backtrace are surfaced properly by DebugExceptions.
@@ -10,7 +10,7 @@ module ActionView
10
10
  MAJOR = 6
11
11
  MINOR = 0
12
12
  TINY = 3
13
- PRE = "rc1"
13
+ PRE = "4"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -76,13 +76,20 @@ module ActionView
76
76
 
77
77
  if html_safe_translation_key?(key)
78
78
  html_safe_options = options.dup
79
+
79
80
  options.except(*I18n::RESERVED_KEYS).each do |name, value|
80
81
  unless name == :count && value.is_a?(Numeric)
81
82
  html_safe_options[name] = ERB::Util.html_escape(value.to_s)
82
83
  end
83
84
  end
85
+
86
+ html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank?
87
+
84
88
  translation = I18n.translate(scope_key_by_partial(key), **html_safe_options.merge(raise: i18n_raise))
85
- if translation.respond_to?(:map)
89
+
90
+ if translation.equal?(MISSING_TRANSLATION)
91
+ options[:default].first
92
+ elsif translation.respond_to?(:map)
86
93
  translation.map { |element| element.respond_to?(:html_safe) ? element.html_safe : element }
87
94
  else
88
95
  translation.respond_to?(:html_safe) ? translation.html_safe : translation
@@ -121,6 +128,9 @@ module ActionView
121
128
  alias :l :localize
122
129
 
123
130
  private
131
+ MISSING_TRANSLATION = Object.new
132
+ private_constant :MISSING_TRANSLATION
133
+
124
134
  def scope_key_by_partial(key)
125
135
  stringified_key = key.to_s
126
136
  if stringified_key.first == "."
@@ -247,8 +247,8 @@ Released under the MIT license
247
247
  }
248
248
  if (!options.crossDomain) {
249
249
  xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
250
+ CSRFProtection(xhr);
250
251
  }
251
- CSRFProtection(xhr);
252
252
  xhr.withCredentials = !!options.withCredentials;
253
253
  xhr.onreadystatechange = function() {
254
254
  if (xhr.readyState === XMLHttpRequest.DONE) {
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.3.rc1
4
+ version: 6.0.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-01 00:00:00.000000000 Z
11
+ date: 2020-10-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.0.3.rc1
19
+ version: 6.0.3.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.0.3.rc1
26
+ version: 6.0.3.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
92
92
  requirements:
93
93
  - - '='
94
94
  - !ruby/object:Gem::Version
95
- version: 6.0.3.rc1
95
+ version: 6.0.3.4
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 6.0.3.rc1
102
+ version: 6.0.3.4
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: activemodel
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 6.0.3.rc1
109
+ version: 6.0.3.4
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 6.0.3.rc1
116
+ version: 6.0.3.4
117
117
  description: Simple, battle-tested conventions and helpers for building web pages.
118
118
  email: david@loudthinking.com
119
119
  executables: []
@@ -236,11 +236,11 @@ licenses:
236
236
  - MIT
237
237
  metadata:
238
238
  bug_tracker_uri: https://github.com/rails/rails/issues
239
- changelog_uri: https://github.com/rails/rails/blob/v6.0.3.rc1/actionview/CHANGELOG.md
240
- documentation_uri: https://api.rubyonrails.org/v6.0.3.rc1/
239
+ changelog_uri: https://github.com/rails/rails/blob/v6.0.3.4/actionview/CHANGELOG.md
240
+ documentation_uri: https://api.rubyonrails.org/v6.0.3.4/
241
241
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
242
- source_code_uri: https://github.com/rails/rails/tree/v6.0.3.rc1/actionview
243
- post_install_message:
242
+ source_code_uri: https://github.com/rails/rails/tree/v6.0.3.4/actionview
243
+ post_install_message:
244
244
  rdoc_options: []
245
245
  require_paths:
246
246
  - lib
@@ -251,13 +251,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
251
251
  version: 2.5.0
252
252
  required_rubygems_version: !ruby/object:Gem::Requirement
253
253
  requirements:
254
- - - ">"
254
+ - - ">="
255
255
  - !ruby/object:Gem::Version
256
- version: 1.3.1
256
+ version: '0'
257
257
  requirements:
258
258
  - none
259
- rubygems_version: 3.1.2
260
- signing_key:
259
+ rubygems_version: 3.1.4
260
+ signing_key:
261
261
  specification_version: 4
262
262
  summary: Rendering framework putting the V in MVC (part of Rails).
263
263
  test_files: []