actionview 7.1.0 → 7.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32185e4d0d7cd6d977741871632481ac24d5e8dc510ffdd91738c704c6a7713f
4
- data.tar.gz: 18f1a181d6ca4aa6f0572e269b79046384ce61a76eaa3a7d8c94535de1119d4c
3
+ metadata.gz: ee3c480e4d31e8f0993748f63f865fdc83fd933b17cc38cdcf40bb6f2f5a851f
4
+ data.tar.gz: 55cc85a03a85c26914ca1efcf502749f7d68d2c60ccb9ff1d7da04817f9d3abf
5
5
  SHA512:
6
- metadata.gz: db7eeb976f3e336aec8472acd0a4a4cb9fbfb7aded98236c671d98d0c081fd1331be49a67127c619691931c7f8317b0fa7af0205bd26627f11d61dfe313f2bd4
7
- data.tar.gz: abd1bff9bf3b89b81fb8008641cd77299892b856b19a2788bd25d913af2c2d78963bdda2157b14aa7c7ac03a3300ef41e6acdf2ac836580406df2710d08ee6e1
6
+ metadata.gz: 458e12bf5a056fa2302d7be0b8fe01ba73403a1d02e442adaecb9dc791400b08bf8ec8cc0107e221284c5836b811668a038a8e11246201bec2306b23a5059fa9
7
+ data.tar.gz: 85e8be0ed9174c2768d415360f00dfccf0a4d51df657581fd9407a2c9d5c7d91b1e19c604964ecc03b8f3300960f62e2baaf66f01c332b7fa927de67da4b214e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## Rails 7.1.1 (October 11, 2023) ##
2
+
3
+ * Updated `@rails/ujs` files to ignore certain data-* attributes when element is contenteditable.
4
+
5
+ This fix was already landed in >= 7.0.4.3, < 7.1.0.
6
+ [[CVE-2023-23913](https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)]
7
+
8
+ *Ryunosuke Sato*
9
+
10
+
1
11
  ## Rails 7.1.0 (October 05, 2023) ##
2
12
 
3
13
  * No changes.
@@ -58,6 +58,18 @@ const setData = function(element, key, value) {
58
58
 
59
59
  const $ = selector => Array.prototype.slice.call(document.querySelectorAll(selector));
60
60
 
61
+ const isContentEditable = function(element) {
62
+ var isEditable = false;
63
+ do {
64
+ if (element.isContentEditable) {
65
+ isEditable = true;
66
+ break;
67
+ }
68
+ element = element.parentElement;
69
+ } while (element);
70
+ return isEditable;
71
+ };
72
+
61
73
  const csrfToken = () => {
62
74
  const meta = document.querySelector("meta[name=csrf-token]");
63
75
  return meta && meta.content;
@@ -336,6 +348,9 @@ const enableElement = e => {
336
348
  } else {
337
349
  element = e;
338
350
  }
351
+ if (isContentEditable(element)) {
352
+ return;
353
+ }
339
354
  if (matches(element, linkDisableSelector)) {
340
355
  return enableLinkElement(element);
341
356
  } else if (matches(element, buttonDisableSelector) || matches(element, formEnableSelector)) {
@@ -347,6 +362,9 @@ const enableElement = e => {
347
362
 
348
363
  const disableElement = e => {
349
364
  const element = e instanceof Event ? e.target : e;
365
+ if (isContentEditable(element)) {
366
+ return;
367
+ }
350
368
  if (matches(element, linkDisableSelector)) {
351
369
  return disableLinkElement(element);
352
370
  } else if (matches(element, buttonDisableSelector) || matches(element, formDisableSelector)) {
@@ -426,6 +444,9 @@ const handleMethodWithRails = rails => function(e) {
426
444
  if (!method) {
427
445
  return;
428
446
  }
447
+ if (isContentEditable(this)) {
448
+ return;
449
+ }
429
450
  const href = rails.href(link);
430
451
  const csrfToken$1 = csrfToken();
431
452
  const csrfParam$1 = csrfParam();
@@ -460,6 +481,10 @@ const handleRemoteWithRails = rails => function(e) {
460
481
  fire(element, "ajax:stopped");
461
482
  return false;
462
483
  }
484
+ if (isContentEditable(element)) {
485
+ fire(element, "ajax:stopped");
486
+ return false;
487
+ }
463
488
  const withCredentials = element.getAttribute("data-with-credentials");
464
489
  const dataType = element.getAttribute("data-type") || "script";
465
490
  if (matches(element, formSubmitSelector)) {
@@ -665,4 +690,4 @@ if (typeof exports !== "object" && typeof module === "undefined") {
665
690
  }
666
691
  }
667
692
 
668
- export default Rails;
693
+ export { Rails as default };
@@ -44,6 +44,17 @@ Released under the MIT license
44
44
  return element[EXPANDO][key] = value;
45
45
  };
46
46
  const $ = selector => Array.prototype.slice.call(document.querySelectorAll(selector));
47
+ const isContentEditable = function(element) {
48
+ var isEditable = false;
49
+ do {
50
+ if (element.isContentEditable) {
51
+ isEditable = true;
52
+ break;
53
+ }
54
+ element = element.parentElement;
55
+ } while (element);
56
+ return isEditable;
57
+ };
47
58
  const csrfToken = () => {
48
59
  const meta = document.querySelector("meta[name=csrf-token]");
49
60
  return meta && meta.content;
@@ -298,6 +309,9 @@ Released under the MIT license
298
309
  } else {
299
310
  element = e;
300
311
  }
312
+ if (isContentEditable(element)) {
313
+ return;
314
+ }
301
315
  if (matches(element, linkDisableSelector)) {
302
316
  return enableLinkElement(element);
303
317
  } else if (matches(element, buttonDisableSelector) || matches(element, formEnableSelector)) {
@@ -308,6 +322,9 @@ Released under the MIT license
308
322
  };
309
323
  const disableElement = e => {
310
324
  const element = e instanceof Event ? e.target : e;
325
+ if (isContentEditable(element)) {
326
+ return;
327
+ }
311
328
  if (matches(element, linkDisableSelector)) {
312
329
  return disableLinkElement(element);
313
330
  } else if (matches(element, buttonDisableSelector) || matches(element, formDisableSelector)) {
@@ -379,6 +396,9 @@ Released under the MIT license
379
396
  if (!method) {
380
397
  return;
381
398
  }
399
+ if (isContentEditable(this)) {
400
+ return;
401
+ }
382
402
  const href = rails.href(link);
383
403
  const csrfToken$1 = csrfToken();
384
404
  const csrfParam$1 = csrfParam();
@@ -411,6 +431,10 @@ Released under the MIT license
411
431
  fire(element, "ajax:stopped");
412
432
  return false;
413
433
  }
434
+ if (isContentEditable(element)) {
435
+ fire(element, "ajax:stopped");
436
+ return false;
437
+ }
414
438
  const withCredentials = element.getAttribute("data-with-credentials");
415
439
  const dataType = element.getAttribute("data-type") || "script";
416
440
  if (matches(element, formSubmitSelector)) {
@@ -9,7 +9,7 @@ module ActionView
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 1
12
- TINY = 0
12
+ TINY = 1
13
13
  PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.0
4
+ version: 7.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-05 00:00:00.000000000 Z
11
+ date: 2023-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.1.0
19
+ version: 7.1.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.1.0
26
+ version: 7.1.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,28 +86,28 @@ dependencies:
86
86
  requirements:
87
87
  - - '='
88
88
  - !ruby/object:Gem::Version
89
- version: 7.1.0
89
+ version: 7.1.1
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - '='
95
95
  - !ruby/object:Gem::Version
96
- version: 7.1.0
96
+ version: 7.1.1
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: activemodel
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - '='
102
102
  - !ruby/object:Gem::Version
103
- version: 7.1.0
103
+ version: 7.1.1
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - '='
109
109
  - !ruby/object:Gem::Version
110
- version: 7.1.0
110
+ version: 7.1.1
111
111
  description: Simple, battle-tested conventions and helpers for building web pages.
112
112
  email: david@loudthinking.com
113
113
  executables: []
@@ -246,10 +246,10 @@ licenses:
246
246
  - MIT
247
247
  metadata:
248
248
  bug_tracker_uri: https://github.com/rails/rails/issues
249
- changelog_uri: https://github.com/rails/rails/blob/v7.1.0/actionview/CHANGELOG.md
250
- documentation_uri: https://api.rubyonrails.org/v7.1.0/
249
+ changelog_uri: https://github.com/rails/rails/blob/v7.1.1/actionview/CHANGELOG.md
250
+ documentation_uri: https://api.rubyonrails.org/v7.1.1/
251
251
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
252
- source_code_uri: https://github.com/rails/rails/tree/v7.1.0/actionview
252
+ source_code_uri: https://github.com/rails/rails/tree/v7.1.1/actionview
253
253
  rubygems_mfa_required: 'true'
254
254
  post_install_message:
255
255
  rdoc_options: []