actionview 7.2.3 → 7.2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +9 -0
  3. data/lib/action_view/gem_version.rb +1 -1
  4. data/lib/action_view/helpers/tag_helper.rb +5 -2
  5. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 773338461dd6a54e8b6efa075c2be80d8f8c975ee46bd2167bc7e2fcd8e78f35
4
- data.tar.gz: 22244120a030dfc49034d8d790fa86013b1de42b5ee7acbe75243580c9eec7c1
3
+ metadata.gz: 61f8e3426843a85e006134bb5d330f91e09457e3392025afab472d470d706929
4
+ data.tar.gz: c066f5cc2718465d6f24a8c81ee5361c3c9fcbef2288a8d04b77334e9c724ad9
5
5
  SHA512:
6
- metadata.gz: 1c26e2052e3f599c7f28c19892948c6b3f8cdeef005a4dc54762b4e74309ac32ef794115b0e46d2364624b26debb85a6aaebc938813d08e69e9c670c3bf79ae6
7
- data.tar.gz: 15bdc1f27280a327a1270ddf794b484d68f88af959c2d49361ef0e33c37e547b81166c8b92ef400f7e9a62c8192820bd58042733335ff4a9c3f1a77b660f775f
6
+ metadata.gz: 0a9f2a3f39681a4687a4b8a42b10e00be43c0ee413037c9f236b3bbc04961c8d9993ee955bb0b940a5f05c0024c8f17abb3106d4420f0dea593dd020f038df55
7
+ data.tar.gz: b259ce7c6e668708a25ca4e61551bbe65aee7c898cf6c2da3ba0d2c40f64e6ccc5adc2067f817e95ac1f913edbb34b9e75ec4de89e058899c7644ecf4fbf5fb5
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ ## Rails 7.2.3.1 (March 23, 2026) ##
2
+
3
+ * Skip blank attribute names in tag helpers to avoid generating invalid HTML.
4
+
5
+ [CVE-2026-33168]
6
+
7
+ *Mike Dalessio*
8
+
9
+
1
10
  ## Rails 7.2.3 (October 28, 2025) ##
2
11
 
3
12
  * Fix `javascript_include_tag` `type` option to accept either strings and symbols.
data/lib/action_view/gem_version.rb CHANGED
@@ -10,7 +10,7 @@ module ActionView
10
10
  MAJOR = 7
11
11
  MINOR = 2
12
12
  TINY = 3
13
- PRE = nil
13
+ PRE = "1"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
data/lib/action_view/helpers/tag_helper.rb CHANGED
@@ -263,16 +263,19 @@ module ActionView
263
263
  output = +""
264
264
  sep = " "
265
265
  options.each_pair do |key, value|
266
+ next if key.blank?
267
+
266
268
  type = TAG_TYPES[key]
267
269
  if type == :data && value.is_a?(Hash)
268
270
  value.each_pair do |k, v|
269
- next if v.nil?
271
+ next if k.blank? || v.nil?
272
+
270
273
  output << sep
271
274
  output << prefix_tag_option(key, k, v, escape)
272
275
  end
273
276
  elsif type == :aria && value.is_a?(Hash)
274
277
  value.each_pair do |k, v|
275
- next if v.nil?
278
+ next if k.blank? || v.nil?
276
279
 
277
280
  case v
278
281
  when Array, Hash
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.3
4
+ version: 7.2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 7.2.3
18
+ version: 7.2.3.1
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 7.2.3
25
+ version: 7.2.3.1
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: cgi
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -99,28 +99,28 @@ dependencies:
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 7.2.3
102
+ version: 7.2.3.1
103
103
  type: :development
104
104
  prerelease: false
105
105
  version_requirements: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 7.2.3
109
+ version: 7.2.3.1
110
110
  - !ruby/object:Gem::Dependency
111
111
  name: activemodel
112
112
  requirement: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 7.2.3
116
+ version: 7.2.3.1
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - '='
122
122
  - !ruby/object:Gem::Version
123
- version: 7.2.3
123
+ version: 7.2.3.1
124
124
  description: Simple, battle-tested conventions and helpers for building web pages.
125
125
  email: david@loudthinking.com
126
126
  executables: []
@@ -259,10 +259,10 @@ licenses:
259
259
  - MIT
260
260
  metadata:
261
261
  bug_tracker_uri: https://github.com/rails/rails/issues
262
- changelog_uri: https://github.com/rails/rails/blob/v7.2.3/actionview/CHANGELOG.md
263
- documentation_uri: https://api.rubyonrails.org/v7.2.3/
262
+ changelog_uri: https://github.com/rails/rails/blob/v7.2.3.1/actionview/CHANGELOG.md
263
+ documentation_uri: https://api.rubyonrails.org/v7.2.3.1/
264
264
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
265
- source_code_uri: https://github.com/rails/rails/tree/v7.2.3/actionview
265
+ source_code_uri: https://github.com/rails/rails/tree/v7.2.3.1/actionview
266
266
  rubygems_mfa_required: 'true'
267
267
  rdoc_options: []
268
268
  require_paths:
@@ -279,7 +279,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
279
279
  version: '0'
280
280
  requirements:
281
281
  - none
282
- rubygems_version: 3.6.9
282
+ rubygems_version: 4.0.6
283
283
  specification_version: 4
284
284
  summary: Rendering framework putting the V in MVC (part of Rails).
285
285
  test_files: []