actionview 7.1.0 → 7.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/app/assets/javascripts/rails-ujs.esm.js +26 -1
  4. data/app/assets/javascripts/rails-ujs.js +24 -0
  5. data/lib/action_view/gem_version.rb +1 -1
  6. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32185e4d0d7cd6d977741871632481ac24d5e8dc510ffdd91738c704c6a7713f
4
- data.tar.gz: 18f1a181d6ca4aa6f0572e269b79046384ce61a76eaa3a7d8c94535de1119d4c
3
+ metadata.gz: ee3c480e4d31e8f0993748f63f865fdc83fd933b17cc38cdcf40bb6f2f5a851f
4
+ data.tar.gz: 55cc85a03a85c26914ca1efcf502749f7d68d2c60ccb9ff1d7da04817f9d3abf
5
5
  SHA512:
6
- metadata.gz: db7eeb976f3e336aec8472acd0a4a4cb9fbfb7aded98236c671d98d0c081fd1331be49a67127c619691931c7f8317b0fa7af0205bd26627f11d61dfe313f2bd4
7
- data.tar.gz: abd1bff9bf3b89b81fb8008641cd77299892b856b19a2788bd25d913af2c2d78963bdda2157b14aa7c7ac03a3300ef41e6acdf2ac836580406df2710d08ee6e1
6
+ metadata.gz: 458e12bf5a056fa2302d7be0b8fe01ba73403a1d02e442adaecb9dc791400b08bf8ec8cc0107e221284c5836b811668a038a8e11246201bec2306b23a5059fa9
7
+ data.tar.gz: 85e8be0ed9174c2768d415360f00dfccf0a4d51df657581fd9407a2c9d5c7d91b1e19c604964ecc03b8f3300960f62e2baaf66f01c332b7fa927de67da4b214e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## Rails 7.1.1 (October 11, 2023) ##
2
+
3
+ * Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
4
+
5
+ This fix was already landed in >= 7.0.4.3, < 7.1.0.
6
+ [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
7
+
8
+ *Ryunosuke Sato*
9
+
10
+
1
11
  ## Rails 7.1.0 (October 05, 2023) ##
2
12
 
3
13
  * No changes.
data/app/assets/javascripts/rails-ujs.esm.js CHANGED
@@ -58,6 +58,18 @@ const setData = function(element, key, value) {
58
58
 
59
59
  const $ = selector => Array.prototype.slice.call(document.querySelectorAll(selector));
60
60
 
61
+ const isContentEditable = function(element) {
62
+ var isEditable = false;
63
+ do {
64
+ if (element.isContentEditable) {
65
+ isEditable = true;
66
+ break;
67
+ }
68
+ element = element.parentElement;
69
+ } while (element);
70
+ return isEditable;
71
+ };
72
+
61
73
  const csrfToken = () => {
62
74
  const meta = document.querySelector("meta[name=csrf-token]");
63
75
  return meta && meta.content;
@@ -336,6 +348,9 @@ const enableElement = e => {
336
348
  } else {
337
349
  element = e;
338
350
  }
351
+ if (isContentEditable(element)) {
352
+ return;
353
+ }
339
354
  if (matches(element, linkDisableSelector)) {
340
355
  return enableLinkElement(element);
341
356
  } else if (matches(element, buttonDisableSelector) || matches(element, formEnableSelector)) {
@@ -347,6 +362,9 @@ const enableElement = e => {
347
362
 
348
363
  const disableElement = e => {
349
364
  const element = e instanceof Event ? e.target : e;
365
+ if (isContentEditable(element)) {
366
+ return;
367
+ }
350
368
  if (matches(element, linkDisableSelector)) {
351
369
  return disableLinkElement(element);
352
370
  } else if (matches(element, buttonDisableSelector) || matches(element, formDisableSelector)) {
@@ -426,6 +444,9 @@ const handleMethodWithRails = rails => function(e) {
426
444
  if (!method) {
427
445
  return;
428
446
  }
447
+ if (isContentEditable(this)) {
448
+ return;
449
+ }
429
450
  const href = rails.href(link);
430
451
  const csrfToken$1 = csrfToken();
431
452
  const csrfParam$1 = csrfParam();
@@ -460,6 +481,10 @@ const handleRemoteWithRails = rails => function(e) {
460
481
  fire(element, "ajax:stopped");
461
482
  return false;
462
483
  }
484
+ if (isContentEditable(element)) {
485
+ fire(element, "ajax:stopped");
486
+ return false;
487
+ }
463
488
  const withCredentials = element.getAttribute("data-with-credentials");
464
489
  const dataType = element.getAttribute("data-type") || "script";
465
490
  if (matches(element, formSubmitSelector)) {
@@ -665,4 +690,4 @@ if (typeof exports !== "object" && typeof module === "undefined") {
665
690
  }
666
691
  }
667
692
 
668
- export default Rails;
693
+ export { Rails as default };
data/app/assets/javascripts/rails-ujs.js CHANGED
@@ -44,6 +44,17 @@ Released under the MIT license
44
44
  return element[EXPANDO][key] = value;
45
45
  };
46
46
  const $ = selector => Array.prototype.slice.call(document.querySelectorAll(selector));
47
+ const isContentEditable = function(element) {
48
+ var isEditable = false;
49
+ do {
50
+ if (element.isContentEditable) {
51
+ isEditable = true;
52
+ break;
53
+ }
54
+ element = element.parentElement;
55
+ } while (element);
56
+ return isEditable;
57
+ };
47
58
  const csrfToken = () => {
48
59
  const meta = document.querySelector("meta[name=csrf-token]");
49
60
  return meta && meta.content;
@@ -298,6 +309,9 @@ Released under the MIT license
298
309
  } else {
299
310
  element = e;
300
311
  }
312
+ if (isContentEditable(element)) {
313
+ return;
314
+ }
301
315
  if (matches(element, linkDisableSelector)) {
302
316
  return enableLinkElement(element);
303
317
  } else if (matches(element, buttonDisableSelector) || matches(element, formEnableSelector)) {
@@ -308,6 +322,9 @@ Released under the MIT license
308
322
  };
309
323
  const disableElement = e => {
310
324
  const element = e instanceof Event ? e.target : e;
325
+ if (isContentEditable(element)) {
326
+ return;
327
+ }
311
328
  if (matches(element, linkDisableSelector)) {
312
329
  return disableLinkElement(element);
313
330
  } else if (matches(element, buttonDisableSelector) || matches(element, formDisableSelector)) {
@@ -379,6 +396,9 @@ Released under the MIT license
379
396
  if (!method) {
380
397
  return;
381
398
  }
399
+ if (isContentEditable(this)) {
400
+ return;
401
+ }
382
402
  const href = rails.href(link);
383
403
  const csrfToken$1 = csrfToken();
384
404
  const csrfParam$1 = csrfParam();
@@ -411,6 +431,10 @@ Released under the MIT license
411
431
  fire(element, "ajax:stopped");
412
432
  return false;
413
433
  }
434
+ if (isContentEditable(element)) {
435
+ fire(element, "ajax:stopped");
436
+ return false;
437
+ }
414
438
  const withCredentials = element.getAttribute("data-with-credentials");
415
439
  const dataType = element.getAttribute("data-type") || "script";
416
440
  if (matches(element, formSubmitSelector)) {
data/lib/action_view/gem_version.rb CHANGED
@@ -9,7 +9,7 @@ module ActionView
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 1
12
- TINY = 0
12
+ TINY = 1
13
13
  PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.0
4
+ version: 7.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-05 00:00:00.000000000 Z
11
+ date: 2023-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.1.0
19
+ version: 7.1.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.1.0
26
+ version: 7.1.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,28 +86,28 @@ dependencies:
86
86
  requirements:
87
87
  - - '='
88
88
  - !ruby/object:Gem::Version
89
- version: 7.1.0
89
+ version: 7.1.1
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - '='
95
95
  - !ruby/object:Gem::Version
96
- version: 7.1.0
96
+ version: 7.1.1
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: activemodel
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - '='
102
102
  - !ruby/object:Gem::Version
103
- version: 7.1.0
103
+ version: 7.1.1
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - '='
109
109
  - !ruby/object:Gem::Version
110
- version: 7.1.0
110
+ version: 7.1.1
111
111
  description: Simple, battle-tested conventions and helpers for building web pages.
112
112
  email: david@loudthinking.com
113
113
  executables: []
@@ -246,10 +246,10 @@ licenses:
246
246
  - MIT
247
247
  metadata:
248
248
  bug_tracker_uri: https://github.com/rails/rails/issues
249
- changelog_uri: https://github.com/rails/rails/blob/v7.1.0/actionview/CHANGELOG.md
250
- documentation_uri: https://api.rubyonrails.org/v7.1.0/
249
+ changelog_uri: https://github.com/rails/rails/blob/v7.1.1/actionview/CHANGELOG.md
250
+ documentation_uri: https://api.rubyonrails.org/v7.1.1/
251
251
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
252
- source_code_uri: https://github.com/rails/rails/tree/v7.1.0/actionview
252
+ source_code_uri: https://github.com/rails/rails/tree/v7.1.1/actionview
253
253
  rubygems_mfa_required: 'true'
254
254
  post_install_message:
255
255
  rdoc_options: []