activesupport 7.0.2.1 → 7.0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: '02869b1bcaf37b6194486f794ee952cd0fc99be001f71f7aa6c2f883acbbb124'
         | 
| 4 | 
            +
              data.tar.gz: b2819e4848cfeb61f674e89f2dbc734c1e3a06003b85f9e28153a4b1cf5d1c42
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 8949b44a0afb53bc581e1df773c8a991b6c6f0e2533e1d7198686ff1013cc0e24cd203f26edd07a21c7a54edb30b8b8f537d2e17987533a66ccf7b8239d7fde3
         | 
| 7 | 
            +
              data.tar.gz: 6199375f07c08dee86c37886c6b2e063d6cc8a65f326cb9697aefa97b85b4f4bce0ff4fe1f702c7b223c80e5fd1ef4c293f57dc35dd30a8e8159d74eafb1589d
         | 
    
        data/CHANGELOG.md
    CHANGED
    
    | @@ -1,3 +1,22 @@ | |
| 1 | 
            +
            ## Rails 7.0.2.4 (April 26, 2022) ##
         | 
| 2 | 
            +
             | 
| 3 | 
            +
            *   Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
         | 
| 4 | 
            +
             | 
| 5 | 
            +
                Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
         | 
| 6 | 
            +
                in names of tags and names of attributes, following the specification of XML.
         | 
| 7 | 
            +
             | 
| 8 | 
            +
                *Álvaro Martín Fraguas*
         | 
| 9 | 
            +
             | 
| 10 | 
            +
            ## Rails 7.0.2.3 (March 08, 2022) ##
         | 
| 11 | 
            +
             | 
| 12 | 
            +
            *   No changes.
         | 
| 13 | 
            +
             | 
| 14 | 
            +
             | 
| 15 | 
            +
            ## Rails 7.0.2.2 (February 11, 2022) ##
         | 
| 16 | 
            +
             | 
| 17 | 
            +
            *   Fix Reloader method signature to work with the new Executor signature
         | 
| 18 | 
            +
             | 
| 19 | 
            +
             | 
| 1 20 | 
             
            ## Rails 7.0.2.1 (February 11, 2022) ##
         | 
| 2 21 |  | 
| 3 22 | 
             
            *   No changes.
         | 
| @@ -11,6 +11,14 @@ class ERB | |
| 11 11 | 
             
                HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
         | 
| 12 12 | 
             
                JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
         | 
| 13 13 |  | 
| 14 | 
            +
                # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
         | 
| 15 | 
            +
                TAG_NAME_START_REGEXP_SET = ":A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
         | 
| 16 | 
            +
                                            "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
         | 
| 17 | 
            +
                                            "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
         | 
| 18 | 
            +
                TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
         | 
| 19 | 
            +
                TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
         | 
| 20 | 
            +
                TAG_NAME_REPLACEMENT_CHAR = "_"
         | 
| 21 | 
            +
             | 
| 14 22 | 
             
                # A utility method for escaping HTML tag characters.
         | 
| 15 23 | 
             
                # This method is also aliased as <tt>h</tt>.
         | 
| 16 24 | 
             
                #
         | 
| @@ -115,6 +123,26 @@ class ERB | |
| 115 123 | 
             
                end
         | 
| 116 124 |  | 
| 117 125 | 
             
                module_function :json_escape
         | 
| 126 | 
            +
             | 
| 127 | 
            +
                # A utility method for escaping XML names of tags and names of attributes.
         | 
| 128 | 
            +
                #
         | 
| 129 | 
            +
                #   xml_name_escape('1 < 2 & 3')
         | 
| 130 | 
            +
                #   # => "1___2___3"
         | 
| 131 | 
            +
                #
         | 
| 132 | 
            +
                # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
         | 
| 133 | 
            +
                def xml_name_escape(name)
         | 
| 134 | 
            +
                  name = name.to_s
         | 
| 135 | 
            +
                  return "" if name.blank?
         | 
| 136 | 
            +
             | 
| 137 | 
            +
                  starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
         | 
| 138 | 
            +
             | 
| 139 | 
            +
                  return starting_char if name.size == 1
         | 
| 140 | 
            +
             | 
| 141 | 
            +
                  following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
         | 
| 142 | 
            +
             | 
| 143 | 
            +
                  starting_char + following_chars
         | 
| 144 | 
            +
                end
         | 
| 145 | 
            +
                module_function :xml_name_escape
         | 
| 118 146 | 
             
              end
         | 
| 119 147 | 
             
            end
         | 
| 120 148 |  | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: activesupport
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 7.0.2. | 
| 4 | 
            +
              version: 7.0.2.4
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - David Heinemeier Hansson
         | 
| 8 8 | 
             
            autorequire:
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2022- | 
| 11 | 
            +
            date: 2022-04-26 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: i18n
         | 
| @@ -359,10 +359,10 @@ licenses: | |
| 359 359 | 
             
            - MIT
         | 
| 360 360 | 
             
            metadata:
         | 
| 361 361 | 
             
              bug_tracker_uri: https://github.com/rails/rails/issues
         | 
| 362 | 
            -
              changelog_uri: https://github.com/rails/rails/blob/v7.0.2. | 
| 363 | 
            -
              documentation_uri: https://api.rubyonrails.org/v7.0.2. | 
| 362 | 
            +
              changelog_uri: https://github.com/rails/rails/blob/v7.0.2.4/activesupport/CHANGELOG.md
         | 
| 363 | 
            +
              documentation_uri: https://api.rubyonrails.org/v7.0.2.4/
         | 
| 364 364 | 
             
              mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
         | 
| 365 | 
            -
              source_code_uri: https://github.com/rails/rails/tree/v7.0.2. | 
| 365 | 
            +
              source_code_uri: https://github.com/rails/rails/tree/v7.0.2.4/activesupport
         | 
| 366 366 | 
             
              rubygems_mfa_required: 'true'
         | 
| 367 367 | 
             
            post_install_message:
         | 
| 368 368 | 
             
            rdoc_options:
         | 
| @@ -381,7 +381,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement | |
| 381 381 | 
             
                - !ruby/object:Gem::Version
         | 
| 382 382 | 
             
                  version: '0'
         | 
| 383 383 | 
             
            requirements: []
         | 
| 384 | 
            -
            rubygems_version: 3. | 
| 384 | 
            +
            rubygems_version: 3.1.6
         | 
| 385 385 | 
             
            signing_key:
         | 
| 386 386 | 
             
            specification_version: 4
         | 
| 387 387 | 
             
            summary: A toolkit of support libraries and Ruby core extensions extracted from the
         |