RubyGems - actionview - Versions diffs - 8.0.4 → 8.0.4.1 - Mend

actionview 8.0.4 → 8.0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/lib/action_view/gem_version.rb +1 -1
data/lib/action_view/helpers/tag_helper.rb +5 -2
metadata +11 -11

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aeb3faebba3888c2547df27d7cc538badd8e00fe9e5f71c9038e6152871faf81
-  data.tar.gz: e30a30ad64c05a3074f3f8907755988164422b061d1ea3c7e84333c54f4aa07e
+  metadata.gz: db69362edf94a58af2281f36919c695039e5e2e7be5707b36ee6a6553deaddcf
+  data.tar.gz: 4343c2bcf50ed9237feb87fb8c295e16ae37b5bda5b66573d0f47d3efb2fb40c
 SHA512:
-  metadata.gz: 103df643034496a2a5adf3f9b316287afdfa4a54926a08fc04376f9f49bb9667e28ed713487657b293a587b7a2cd07962811938fe194f22c3c686a68b4de0eb7
-  data.tar.gz: 3f6a06ab5713e1fa37ea1afa727bfc4b145335c6d329228446020383bab4b73d9322736ec6f0afed3f7b033959e656b19eba94db271634b35ff1da4e0c4c3a25
+  metadata.gz: a5a42c58fe67751baf3004a2cb5e1fbcc843c23dc01c668eb5e9de02c2a68fe776e808a9076f9b8af5842bb33770fe1110814dab70d6906751762bdf550595f2
+  data.tar.gz: 806f5955af447cf19e200ad782f7ae65c9ba3d1d2587f4af04a8a58fc13b6d85ff7dcf28dc8db1976b37cf5108201696bcb594818ee188cb22f5f52c70554134

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## Rails 8.0.4.1 (March 23, 2026) ##
+*   Skip blank attribute names in tag helpers to avoid generating invalid HTML.
+    [CVE-2026-33168]
+    *Mike Dalessio*
 ## Rails 8.0.4 (October 28, 2025) ##
 *   Restore `add_default_name_and_id` method.

data/lib/action_view/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActionView
     MAJOR = 8
     MINOR = 0
     TINY  = 4
-    PRE   = nil
+    PRE   = "1"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/tag_helper.rb CHANGED Viewed

@@ -250,16 +250,19 @@ module ActionView
           output = +""
           sep    = " "
           options.each_pair do |key, value|
+            next if key.blank?
             type = TAG_TYPES[key]
             if type == :data && value.is_a?(Hash)
               value.each_pair do |k, v|
-                next if v.nil?
+                next if k.blank? || v.nil?
                 output << sep
                 output << prefix_tag_option(key, k, v, escape)
               end
             elsif type == :aria && value.is_a?(Hash)
               value.each_pair do |k, v|
-                next if v.nil?
+                next if k.blank? || v.nil?
                 case v
                 when Array, Hash

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 8.0.4
+  version: 8.0.4.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -85,28 +85,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.0.4
+        version: 8.0.4.1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -246,10 +246,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v8.0.4/actionview/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v8.0.4/
+  changelog_uri: https://github.com/rails/rails/blob/v8.0.4.1/actionview/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v8.0.4.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v8.0.4/actionview
+  source_code_uri: https://github.com/rails/rails/tree/v8.0.4.1/actionview
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -266,7 +266,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.6.9
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).
 test_files: []