actionview 6.0.3 → 6.0.3.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +26 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/helpers/translation_helper.rb +11 -1
- data/lib/assets/compiled/rails-ujs.js +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 89e55bc3b644f0c076f014f03e20112e8356f12e1df1499d06f05b719e0c42eb
|
|
4
|
+
data.tar.gz: 0eb23a5977758d30fe1c5e84cf8524dc2c4e44d617f220b31d30c80db4d2f19a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2a4784eaaca3f1a1cec44fcf489671f378e67495978c65bf133d9de259eada5a31dc6b668128128722503c9741368bdbdb53d353fdf17a94c645f778cc75576
|
|
7
|
+
data.tar.gz: 34cb71bc7d56e1a74ef58201cbb111319361f4159139c00650ea0c4b89b77fb7bc04fc34cd320b501ed37d42c4dc1b789d4c89dc39f1755a249a98499a3c5361
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,29 @@
|
|
|
1
|
+
## Rails 6.0.3.5 (February 10, 2021) ##
|
|
2
|
+
|
|
3
|
+
* No changes.
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
## Rails 6.0.3.4 (October 07, 2020) ##
|
|
7
|
+
|
|
8
|
+
* No changes.
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
## Rails 6.0.3.3 (September 09, 2020) ##
|
|
12
|
+
|
|
13
|
+
* [CVE-2020-8185] Fix potential XSS vulnerability in the `translate`/`t` helper.
|
|
14
|
+
|
|
15
|
+
*Jonathan Hefner*
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
## Rails 6.0.3.2 (June 17, 2020) ##
|
|
19
|
+
|
|
20
|
+
* No changes.
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
## Rails 6.0.3.1 (May 18, 2020) ##
|
|
24
|
+
|
|
25
|
+
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
|
|
26
|
+
|
|
1
27
|
## Rails 6.0.3 (May 06, 2020) ##
|
|
2
28
|
|
|
3
29
|
* annotated_source_code returns an empty array so TemplateErrors without a
|
|
@@ -76,13 +76,20 @@ module ActionView
|
|
|
76
76
|
|
|
77
77
|
if html_safe_translation_key?(key)
|
|
78
78
|
html_safe_options = options.dup
|
|
79
|
+
|
|
79
80
|
options.except(*I18n::RESERVED_KEYS).each do |name, value|
|
|
80
81
|
unless name == :count && value.is_a?(Numeric)
|
|
81
82
|
html_safe_options[name] = ERB::Util.html_escape(value.to_s)
|
|
82
83
|
end
|
|
83
84
|
end
|
|
85
|
+
|
|
86
|
+
html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank?
|
|
87
|
+
|
|
84
88
|
translation = I18n.translate(scope_key_by_partial(key), **html_safe_options.merge(raise: i18n_raise))
|
|
85
|
-
|
|
89
|
+
|
|
90
|
+
if translation.equal?(MISSING_TRANSLATION)
|
|
91
|
+
options[:default].first
|
|
92
|
+
elsif translation.respond_to?(:map)
|
|
86
93
|
translation.map { |element| element.respond_to?(:html_safe) ? element.html_safe : element }
|
|
87
94
|
else
|
|
88
95
|
translation.respond_to?(:html_safe) ? translation.html_safe : translation
|
|
@@ -121,6 +128,9 @@ module ActionView
|
|
|
121
128
|
alias :l :localize
|
|
122
129
|
|
|
123
130
|
private
|
|
131
|
+
MISSING_TRANSLATION = Object.new
|
|
132
|
+
private_constant :MISSING_TRANSLATION
|
|
133
|
+
|
|
124
134
|
def scope_key_by_partial(key)
|
|
125
135
|
stringified_key = key.to_s
|
|
126
136
|
if stringified_key.first == "."
|
|
@@ -247,8 +247,8 @@ Released under the MIT license
|
|
|
247
247
|
}
|
|
248
248
|
if (!options.crossDomain) {
|
|
249
249
|
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
|
|
250
|
+
CSRFProtection(xhr);
|
|
250
251
|
}
|
|
251
|
-
CSRFProtection(xhr);
|
|
252
252
|
xhr.withCredentials = !!options.withCredentials;
|
|
253
253
|
xhr.onreadystatechange = function() {
|
|
254
254
|
if (xhr.readyState === XMLHttpRequest.DONE) {
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionview
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.0.3
|
|
4
|
+
version: 6.0.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 6.0.3
|
|
19
|
+
version: 6.0.3.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 6.0.3
|
|
26
|
+
version: 6.0.3.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: builder
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -92,28 +92,28 @@ dependencies:
|
|
|
92
92
|
requirements:
|
|
93
93
|
- - '='
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 6.0.3
|
|
95
|
+
version: 6.0.3.5
|
|
96
96
|
type: :development
|
|
97
97
|
prerelease: false
|
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
|
99
99
|
requirements:
|
|
100
100
|
- - '='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
|
-
version: 6.0.3
|
|
102
|
+
version: 6.0.3.5
|
|
103
103
|
- !ruby/object:Gem::Dependency
|
|
104
104
|
name: activemodel
|
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
|
106
106
|
requirements:
|
|
107
107
|
- - '='
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 6.0.3
|
|
109
|
+
version: 6.0.3.5
|
|
110
110
|
type: :development
|
|
111
111
|
prerelease: false
|
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
|
113
113
|
requirements:
|
|
114
114
|
- - '='
|
|
115
115
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: 6.0.3
|
|
116
|
+
version: 6.0.3.5
|
|
117
117
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
|
118
118
|
email: david@loudthinking.com
|
|
119
119
|
executables: []
|
|
@@ -236,10 +236,10 @@ licenses:
|
|
|
236
236
|
- MIT
|
|
237
237
|
metadata:
|
|
238
238
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
|
239
|
-
changelog_uri: https://github.com/rails/rails/blob/v6.0.3/actionview/CHANGELOG.md
|
|
240
|
-
documentation_uri: https://api.rubyonrails.org/v6.0.3/
|
|
239
|
+
changelog_uri: https://github.com/rails/rails/blob/v6.0.3.5/actionview/CHANGELOG.md
|
|
240
|
+
documentation_uri: https://api.rubyonrails.org/v6.0.3.5/
|
|
241
241
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
|
242
|
-
source_code_uri: https://github.com/rails/rails/tree/v6.0.3/actionview
|
|
242
|
+
source_code_uri: https://github.com/rails/rails/tree/v6.0.3.5/actionview
|
|
243
243
|
post_install_message:
|
|
244
244
|
rdoc_options: []
|
|
245
245
|
require_paths:
|
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements:
|
|
258
258
|
- none
|
|
259
|
-
rubygems_version: 3.
|
|
259
|
+
rubygems_version: 3.0.3
|
|
260
260
|
signing_key:
|
|
261
261
|
specification_version: 4
|
|
262
262
|
summary: Rendering framework putting the V in MVC (part of Rails).
|