actionview 5.1.0.beta1 → 5.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/helpers/sanitize_helper.rb +10 -4
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 974f03d4be8566e900f33b4c6ee6f9620fd38cb6
|
|
4
|
+
data.tar.gz: e407330e93d17a9221dfa8d4163dccc21bd85716
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 699a6ea357b4c49857b14e3ade96b57e95b109f75d87d3f486bbf8d015e47bca3663244a3e70647ddded00a3f50b6e799a3e8911f7ff79e376e219b79a313b67
|
|
7
|
+
data.tar.gz: 3405bd46476e22cd4f10a724ee72afd14ef687bf7204ff9314bcf865e04e0d07252551bc60ef35d3a9c738391d394cfbe593e8c0445621fce8fa005267ca167a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,14 @@
|
|
|
1
|
+
## Rails 5.1.0.rc1 (March 20, 2017) ##
|
|
2
|
+
|
|
3
|
+
* Remove the option `encode_special_chars` misnomer from `strip_tags`
|
|
4
|
+
|
|
5
|
+
As of rails-html-sanitizer v1.0.3, the sanitizer will ignore the
|
|
6
|
+
`encode_special_chars` option.
|
|
7
|
+
|
|
8
|
+
Fixes #28060.
|
|
9
|
+
|
|
10
|
+
*Andrew Hood*
|
|
11
|
+
|
|
1
12
|
## Rails 5.1.0.beta1 (February 23, 2017) ##
|
|
2
13
|
|
|
3
14
|
* Change the ERB handler from Erubis to Erubi.
|
|
@@ -90,6 +101,23 @@
|
|
|
90
101
|
|
|
91
102
|
*Peter Schilling*, *Matthew Draper*
|
|
92
103
|
|
|
104
|
+
* Add `:skip_pipeline` option to several asset tag helpers
|
|
105
|
+
|
|
106
|
+
`javascript_include_tag`, `stylesheet_link_tag`, `favicon_link_tag`,
|
|
107
|
+
`image_tag` and `audio_tag` now accept a `:skip_pipeline` option which can
|
|
108
|
+
be set to true to bypass the asset pipeline and serve the assets from the
|
|
109
|
+
public folder.
|
|
110
|
+
|
|
111
|
+
*Richard Schneeman*
|
|
112
|
+
|
|
113
|
+
* Add `:poster_skip_pipeline` option to the `video_tag` helper
|
|
114
|
+
|
|
115
|
+
`video_tag` now accepts a `:poster_skip_pipeline` option which can be used
|
|
116
|
+
in combination with the `:poster` option to bypass the asset pipeline and
|
|
117
|
+
serve the poster image for the video from the public folder.
|
|
118
|
+
|
|
119
|
+
*Richard Schneeman*
|
|
120
|
+
|
|
93
121
|
* Show cache hits and misses when rendering partials.
|
|
94
122
|
|
|
95
123
|
Partials using the `cache` helper will show whether a render hit or missed
|
|
@@ -13,6 +13,7 @@ module ActionView
|
|
|
13
13
|
# It also strips href/src attributes with unsafe protocols like
|
|
14
14
|
# <tt>javascript:</tt>, while also protecting against attempts to use Unicode,
|
|
15
15
|
# ASCII, and hex character references to work around these protocol filters.
|
|
16
|
+
# All special characters will be escaped.
|
|
16
17
|
#
|
|
17
18
|
# The default sanitizer is Rails::Html::WhiteListSanitizer. See {Rails HTML
|
|
18
19
|
# Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information.
|
|
@@ -20,8 +21,7 @@ module ActionView
|
|
|
20
21
|
# Custom sanitization rules can also be provided.
|
|
21
22
|
#
|
|
22
23
|
# Please note that sanitizing user-provided text does not guarantee that the
|
|
23
|
-
# resulting markup is valid or even well-formed.
|
|
24
|
-
# contain unescaped characters like <tt><</tt>, <tt>></tt>, or <tt>&</tt>.
|
|
24
|
+
# resulting markup is valid or even well-formed.
|
|
25
25
|
#
|
|
26
26
|
# ==== Options
|
|
27
27
|
#
|
|
@@ -86,7 +86,7 @@ module ActionView
|
|
|
86
86
|
self.class.white_list_sanitizer.sanitize_css(style)
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
-
# Strips all HTML tags from +html+, including comments.
|
|
89
|
+
# Strips all HTML tags from +html+, including comments and special characters.
|
|
90
90
|
#
|
|
91
91
|
# strip_tags("Strip <i>these</i> tags!")
|
|
92
92
|
# # => Strip these tags!
|
|
@@ -96,8 +96,11 @@ module ActionView
|
|
|
96
96
|
#
|
|
97
97
|
# strip_tags("<div id='top-bar'>Welcome to my website!</div>")
|
|
98
98
|
# # => Welcome to my website!
|
|
99
|
+
#
|
|
100
|
+
# strip_tags("> A quote from Smith & Wesson")
|
|
101
|
+
# # => > A quote from Smith & Wesson
|
|
99
102
|
def strip_tags(html)
|
|
100
|
-
self.class.full_sanitizer.sanitize(html
|
|
103
|
+
self.class.full_sanitizer.sanitize(html)
|
|
101
104
|
end
|
|
102
105
|
|
|
103
106
|
# Strips all link tags from +html+ leaving just the link text.
|
|
@@ -110,6 +113,9 @@ module ActionView
|
|
|
110
113
|
#
|
|
111
114
|
# strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.')
|
|
112
115
|
# # => Blog: Visit.
|
|
116
|
+
#
|
|
117
|
+
# strip_links('<<a href="https://example.org">malformed & link</a>')
|
|
118
|
+
# # => <malformed & link
|
|
113
119
|
def strip_links(html)
|
|
114
120
|
self.class.link_sanitizer.sanitize(html)
|
|
115
121
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionview
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.1.0.
|
|
4
|
+
version: 5.1.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 5.1.0.
|
|
19
|
+
version: 5.1.0.rc1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 5.1.0.
|
|
26
|
+
version: 5.1.0.rc1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: builder
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -92,28 +92,28 @@ dependencies:
|
|
|
92
92
|
requirements:
|
|
93
93
|
- - '='
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 5.1.0.
|
|
95
|
+
version: 5.1.0.rc1
|
|
96
96
|
type: :development
|
|
97
97
|
prerelease: false
|
|
98
98
|
version_requirements: !ruby/object:Gem::Requirement
|
|
99
99
|
requirements:
|
|
100
100
|
- - '='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
|
-
version: 5.1.0.
|
|
102
|
+
version: 5.1.0.rc1
|
|
103
103
|
- !ruby/object:Gem::Dependency
|
|
104
104
|
name: activemodel
|
|
105
105
|
requirement: !ruby/object:Gem::Requirement
|
|
106
106
|
requirements:
|
|
107
107
|
- - '='
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 5.1.0.
|
|
109
|
+
version: 5.1.0.rc1
|
|
110
110
|
type: :development
|
|
111
111
|
prerelease: false
|
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
|
113
113
|
requirements:
|
|
114
114
|
- - '='
|
|
115
115
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: 5.1.0.
|
|
116
|
+
version: 5.1.0.rc1
|
|
117
117
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
|
118
118
|
email: david@loudthinking.com
|
|
119
119
|
executables: []
|