RubyGems - actionview - Versions diffs - 8.1.2 → 8.1.2.1 - Mend

actionview 8.1.2 → 8.1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/lib/action_view/gem_version.rb +1 -1
data/lib/action_view/helpers/tag_helper.rb +5 -2
metadata +11 -11

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5744f9f03363cee6bb6119e05f065b891143193967773bb6c9798ba08f5cf913
-  data.tar.gz: 5290a6f008203823f1b6a4aca07916475fc80ca02de83ea5a16e7ebeab02102c
+  metadata.gz: a1521bfb9856b6242ae47c76c2840487ba568ba60f317c49bbe27f8e7177425c
+  data.tar.gz: 25e34f4fd9a84725ccbc9b47556321e680a8de1f32ed19653d37545da687b631
 SHA512:
-  metadata.gz: 56c52dfb00b9d4b7b1785efac2d74a334a65140ef93bf24ace09a2653f8c717a50990ed1b37662bdec4e1af2a2e4624001a5da4276a9610d709b559d541a59de
-  data.tar.gz: eb0953de4b065cc23aea27da97268891cb4656dbe2439762a1fa4b9a26436dbd27dd89c4d1f365df5a2525b70fc09ff8eb6a8602da3ffe90acaac7f8687e4bbc
+  metadata.gz: 3f0c3405cf8676fcd7d1f37faf05a5376ecb0b73581f728143a57072e202eab34b5157d719affb4bff42beabd461512a010028b5f1edae096111b9fd1e3648b5
+  data.tar.gz: 18b2e2270c57343cce22f1e69978e7739d328a657b49313643bc43bc9ee667ec90ae807ad1be87b973e5ff80ff4a1ca5273c259105c879555d5fed1ebd6f215e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,18 @@
+## Rails 8.1.2.1 (March 23, 2026) ##
+*   Fix possible XSS in DebugExceptions middleware
+    [CVE-2026-33167]
+    *John Hawthorn*
+*   Skip blank attribute names in tag helpers to avoid generating invalid HTML.
+    [CVE-2026-33168]
+    *Mike Dalessio*
 ## Rails 8.1.2 (January 08, 2026) ##
 *   Fix `file_field` to join mime types with a comma when provided as Array

data/lib/action_view/gem_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActionView
     MAJOR = 8
     MINOR = 1
     TINY  = 2
-    PRE   = nil
+    PRE   = "1"
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/tag_helper.rb CHANGED Viewed

@@ -237,16 +237,19 @@ module ActionView
           output = +""
           sep    = " "
           options.each_pair do |key, value|
+            next if key.blank?
             type = TAG_TYPES[key]
             if type == :data && value.is_a?(Hash)
               value.each_pair do |k, v|
-                next if v.nil?
+                next if k.blank? || v.nil?
                 output << sep
                 output << prefix_tag_option(key, k, v, escape)
               end
             elsif type == :aria && value.is_a?(Hash)
               value.each_pair do |k, v|
-                next if v.nil?
+                next if k.blank? || v.nil?
                 case v
                 when Array, Hash

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 8.1.2
+  version: 8.1.2.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -85,28 +85,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 8.1.2
+        version: 8.1.2.1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -247,10 +247,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v8.1.2/actionview/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v8.1.2/
+  changelog_uri: https://github.com/rails/rails/blob/v8.1.2.1/actionview/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v8.1.2.1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v8.1.2/actionview
+  source_code_uri: https://github.com/rails/rails/tree/v8.1.2.1/actionview
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -267,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).
 test_files: []