brick 1.0.244 → 1.0.245
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/brick/rails/engine.rb +46 -54
- data/lib/brick/rails/form_tags.rb +2 -2
- data/lib/brick/version_number.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 74ab9c3403cc8ec25b0a2a2d24cc8c9cf871aa5de82daf92055542c70d4977df
|
|
4
|
+
data.tar.gz: 6e119a05135fb27a1d89b67cf8762a2d2d394876dfd79795481eb5f416476f06
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 220af7d1a7be7d224d0b25c8b9e3e635384067c408cd80bf012b289b83957c1bcda11a43eb152208b76bf80ec2d3cfa4c25b91ecfd9db4fa8710b217602ec766
|
|
7
|
+
data.tar.gz: 01c63fd12b462aa64ac72812f30541036c78e5934b4b5215ee1215394105d521be44771adcd9a5685cba2d784546f216b07016784c820e4cd510a4e367b9d873
|
data/lib/brick/rails/engine.rb
CHANGED
|
@@ -324,7 +324,7 @@ function linkSchemas() {
|
|
|
324
324
|
end
|
|
325
325
|
end
|
|
326
326
|
end
|
|
327
|
-
"<script
|
|
327
|
+
"<script<%= @_request.env['_brick_nonce'] %>>
|
|
328
328
|
#{JS_CHANGEOUT}
|
|
329
329
|
document.addEventListener(\"turbo:render\", linkSchemas);
|
|
330
330
|
window.addEventListener(\"popstate\", linkSchemas);
|
|
@@ -827,55 +827,46 @@ window.addEventListener(\"popstate\", linkSchemas);
|
|
|
827
827
|
table_options << "<option value=\"#{prefix}brick_#{table_option.downcase}\">(#{table_option})</option>".html_safe if show_it
|
|
828
828
|
end
|
|
829
829
|
css = +"<style>#{::Brick::Rails::BRICK_CSS}</style>
|
|
830
|
-
<script
|
|
830
|
+
<script<%=
|
|
831
|
+
if @_request.respond_to?(:content_security_policy) && (csp = @_request.content_security_policy)&.directives&.present?
|
|
832
|
+
@_request.env['_is_brick'] = true
|
|
833
|
+
if @_request.respond_to?(:content_security_policy_nonce_directives)
|
|
834
|
+
@_request.content_security_policy_nonce_directives = %w[ script-src ]
|
|
835
|
+
@_request.env['_brick_nonce'] = \" nonce=\\\"#\{@_request.content_security_policy_nonce}\\\"\".html_safe
|
|
836
|
+
end
|
|
837
|
+
if !@_request.respond_to?(:_brick_content_security_policy)
|
|
838
|
+
if csp.instance_variables.exclude?(:@_brick_style_shas)
|
|
839
|
+
csp.instance_variable_set(:@_brick_style_shas, [
|
|
840
|
+
\"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::BRICK_CSS)).chomp}'\",
|
|
841
|
+
\"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::IN_APP_STYLE)).chomp}'\",
|
|
842
|
+
\"'sha256-y+oXtN5Bag5VRQgH6D87Eo4UdOZOJiqg31ZNfDibDwM='\" # SHA for the text_field used in brick_field ('min-width: 154px;field-sizing: content;')
|
|
843
|
+
])
|
|
844
|
+
end
|
|
845
|
+
|
|
846
|
+
::ActionDispatch::ContentSecurityPolicy::Request.module_exec do
|
|
847
|
+
alias :_brick_content_security_policy :content_security_policy
|
|
848
|
+
def content_security_policy
|
|
849
|
+
return _brick_content_security_policy if env['_is_brick'].blank?
|
|
850
|
+
|
|
851
|
+
csp = ::ActionDispatch::ContentSecurityPolicy.new
|
|
852
|
+
csp.directives.merge! ({
|
|
853
|
+
'style-src': [\"'self'\", 'https://cdn.jsdelivr.net', \"'unsafe-hashes'\"] +
|
|
854
|
+
_brick_content_security_policy.instance_variable_get(:@_brick_style_shas),
|
|
855
|
+
'script-src': [\"'self'\", 'https://cdn.jsdelivr.net', \"'nonce-#\{content_security_policy_nonce}'\"],
|
|
856
|
+
'connect-src': [\"'self'\", 'https://cdn.jsdelivr.net']
|
|
857
|
+
})
|
|
858
|
+
csp
|
|
859
|
+
end
|
|
860
|
+
end
|
|
861
|
+
end
|
|
862
|
+
end
|
|
863
|
+
|
|
864
|
+
@_request.env['_brick_nonce'] %>>
|
|
831
865
|
if (window.history.state && window.history.state.turbo)
|
|
832
866
|
window.addEventListener(\"popstate\", function () { location.reload(true); });
|
|
833
867
|
</script>
|
|
834
868
|
|
|
835
869
|
<%
|
|
836
|
-
if @_request.respond_to?(:content_security_policy)
|
|
837
|
-
@_request.env['_is_brick'] = true
|
|
838
|
-
if (csp = @_request.content_security_policy).instance_variables.exclude?(:@_brick_style_shas)
|
|
839
|
-
csp.instance_variable_set(:@_brick_style_shas, [
|
|
840
|
-
\"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::BRICK_CSS)).chomp}'\",
|
|
841
|
-
\"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::IN_APP_STYLE)).chomp}'\"
|
|
842
|
-
])
|
|
843
|
-
end
|
|
844
|
-
if !@_request.respond_to?(:_brick_content_security_policy)
|
|
845
|
-
::ActionDispatch::ContentSecurityPolicy::Request.module_exec do
|
|
846
|
-
alias :_brick_content_security_policy :content_security_policy
|
|
847
|
-
def content_security_policy
|
|
848
|
-
# Add appropriate hashes for inline styles to the content-security-policy if needed
|
|
849
|
-
if (cspd = (csp = _brick_content_security_policy).directives.fetch('style-src', nil)) && env['_is_brick']
|
|
850
|
-
cspd.select! { |val| val == \"'self'\" }
|
|
851
|
-
if params['action'] == 'show'
|
|
852
|
-
cspd << \"'unsafe-inline'\"
|
|
853
|
-
else
|
|
854
|
-
csp.instance_variable_get(:@_brick_style_shas).each { |s| cspd << s }
|
|
855
|
-
cspd << \"'unsafe-hashes'\"
|
|
856
|
-
end
|
|
857
|
-
cspd << 'https://cdn.jsdelivr.net'
|
|
858
|
-
end
|
|
859
|
-
if (cspsd = csp.directives.fetch('script-src', nil))
|
|
860
|
-
cspsd.select! { |val| val == \"'self'\" }
|
|
861
|
-
cspsd << \"'unsafe-inline'\"
|
|
862
|
-
cspsd << 'https://cdn.jsdelivr.net'
|
|
863
|
-
end
|
|
864
|
-
if (cspcd = csp.directives.fetch('connect-src', nil))
|
|
865
|
-
cspcd.select! { |val| val == \"'self'\" }
|
|
866
|
-
cspcd << 'https://cdn.jsdelivr.net'
|
|
867
|
-
end
|
|
868
|
-
csp
|
|
869
|
-
end
|
|
870
|
-
|
|
871
|
-
alias :_brick_content_security_policy_nonce :content_security_policy_nonce
|
|
872
|
-
def content_security_policy_nonce
|
|
873
|
-
_brick_content_security_policy_nonce unless env['_is_brick']
|
|
874
|
-
end
|
|
875
|
-
end
|
|
876
|
-
end
|
|
877
|
-
end
|
|
878
|
-
|
|
879
870
|
# Accommodate composite primary keys that include strings with forward-slash characters
|
|
880
871
|
def slashify(*vals)
|
|
881
872
|
vals.map { |val_part| val_part.is_a?(String) ? val_part.gsub('/', '^^sl^^') : val_part }
|
|
@@ -902,7 +893,7 @@ callbacks = {} %>"
|
|
|
902
893
|
end
|
|
903
894
|
|
|
904
895
|
# %%% When doing schema select, if we're on a new page go to index
|
|
905
|
-
script = "<script
|
|
896
|
+
script = "<script<%= @_request.env['_brick_nonce'] %>>
|
|
906
897
|
// Add \"Are you sure?\" behaviour to any data-confirm buttons out there
|
|
907
898
|
document.querySelectorAll(\"input[type=submit][data-confirm]\").forEach(function (btn) {
|
|
908
899
|
btn.addEventListener(\"click\", function (evt) {
|
|
@@ -919,7 +910,8 @@ document.querySelectorAll(\"input[type=submit][data-confirm]\").forEach(function
|
|
|
919
910
|
"\nbrickTestSchema = \"#{::Brick.test_schema}\";" if ::Brick.test_schema
|
|
920
911
|
}
|
|
921
912
|
function doFetch(method, payload, success) {
|
|
922
|
-
payload.authenticity_token = <%=
|
|
913
|
+
payload.authenticity_token = <%=
|
|
914
|
+
(!session.respond_to?(:enabled?) || session.enabled?) ? ((session[:_csrf_token] || form_authenticity_token).inspect.html_safe) : 'null' %>;
|
|
923
915
|
var action = payload._brick_action || location.href;
|
|
924
916
|
delete payload._brick_action;
|
|
925
917
|
if (!success) {
|
|
@@ -954,7 +946,7 @@ if (window.brickFontFamily) {
|
|
|
954
946
|
<div id=\"dropper\" contenteditable=\"true\"></div>
|
|
955
947
|
<input type=\"button\" id=\"btnImport\" value=\"Import\">
|
|
956
948
|
|
|
957
|
-
<script
|
|
949
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
958
950
|
var dropperDiv = document.getElementById(\"dropper\");
|
|
959
951
|
var btnImport = document.getElementById(\"btnImport\");
|
|
960
952
|
var droppedTSV;
|
|
@@ -1130,7 +1122,7 @@ end
|
|
|
1130
1122
|
<div class=\"colExclusion\"><%= excl %></div>
|
|
1131
1123
|
<% end %>
|
|
1132
1124
|
</div>
|
|
1133
|
-
<script
|
|
1125
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
1134
1126
|
[... document.getElementsByClassName(\"colExclusion\")].forEach(function (excl) {
|
|
1135
1127
|
excl.addEventListener(\"click\", function () {
|
|
1136
1128
|
doFetch(\"POST\", {_brick_unexclude: this.innerHTML});
|
|
@@ -1141,7 +1133,7 @@ end
|
|
|
1141
1133
|
# SEARCH BOX
|
|
1142
1134
|
if @_brick_es && @_brick_es&.index('r') # Must have at least Elasticsearch Read access %>
|
|
1143
1135
|
<input type=\"text\" id=\"esSearch\" class=\"dimmed\">
|
|
1144
|
-
<script
|
|
1136
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
1145
1137
|
var esSearch = document.getElementById(\"esSearch\");
|
|
1146
1138
|
var usedTerms = {};
|
|
1147
1139
|
var isEsFiltered = false;
|
|
@@ -1504,7 +1496,7 @@ end
|
|
|
1504
1496
|
end
|
|
1505
1497
|
s << "<table id=\"#{hm_name}\" class=\"shadow\">
|
|
1506
1498
|
<tr><th>#{hm[1]}#{' poly' if hm[0].options[:as]} #{hm[3]}
|
|
1507
|
-
<% if predicates && respond_to?(:new_#{partial_new_path_name = hm.first.klass._brick_index(:singular)}_path) %>
|
|
1499
|
+
<% if defined?(predicates) && predicates && respond_to?(:new_#{partial_new_path_name = hm.first.klass._brick_index(:singular)}_path) %>
|
|
1508
1500
|
<span class = \"add-hm-related\"><%=
|
|
1509
1501
|
pk_val = (obj_pk = model.primary_key).is_a?(String) ? obj.send(obj_pk) : obj_pk.map { |pk_part| obj.send(pk_part) }
|
|
1510
1502
|
pk_val_arr = [pk_val] unless pk_val.is_a?(Array)
|
|
@@ -1590,7 +1582,7 @@ end}
|
|
|
1590
1582
|
}
|
|
1591
1583
|
</style>
|
|
1592
1584
|
<script src=\"https://cdn.jsdelivr.net/npm/flatpickr\"></script>
|
|
1593
|
-
<script
|
|
1585
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
1594
1586
|
flatpickr(\".datepicker\");
|
|
1595
1587
|
flatpickr(\".datetimepicker\", {enableTime: true});
|
|
1596
1588
|
flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
|
|
@@ -1639,7 +1631,7 @@ flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
|
|
|
1639
1631
|
|
|
1640
1632
|
<% if true # @_brick_erd
|
|
1641
1633
|
%>
|
|
1642
|
-
<script
|
|
1634
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
1643
1635
|
var imgErd = document.getElementById(\"imgErd\");
|
|
1644
1636
|
var mermaidErd = document.getElementById(\"mermaidErd\");
|
|
1645
1637
|
var mermaidCode;
|
|
@@ -1708,7 +1700,7 @@ flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
|
|
|
1708
1700
|
"
|
|
1709
1701
|
end
|
|
1710
1702
|
if representation == :grid
|
|
1711
|
-
inline << "<script
|
|
1703
|
+
inline << "<script<%= @_request.env['_brick_nonce'] %>>
|
|
1712
1704
|
<% # Make column headers sort when clicked
|
|
1713
1705
|
# %%% Create a smart javascript routine which can do this client-side %>
|
|
1714
1706
|
[... document.getElementsByTagName(\"TH\")].forEach(function (th) {
|
|
@@ -402,7 +402,7 @@ module Brick::Rails::FormTags
|
|
|
402
402
|
end
|
|
403
403
|
out << " </tbody>
|
|
404
404
|
</table>
|
|
405
|
-
<script
|
|
405
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
406
406
|
var constellation = document.getElementById(\"#{table_name}\");
|
|
407
407
|
var nextSib,
|
|
408
408
|
_this;
|
|
@@ -868,7 +868,7 @@ function onImagesLoaded(event) {
|
|
|
868
868
|
</select></td>
|
|
869
869
|
<td class=\"paddingTopZero\"><input id=\"txtColName\"></td>
|
|
870
870
|
</tr></table>
|
|
871
|
-
<script
|
|
871
|
+
<script<%= @_request.env['_brick_nonce'] %>>
|
|
872
872
|
var btnAddCol = document.getElementById(\"btnAddCol\");
|
|
873
873
|
btnAddCol.addEventListener(\"click\", function () {
|
|
874
874
|
var txtColName = document.getElementById(\"txtColName\");
|
data/lib/brick/version_number.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: brick
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.245
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Lorin Thwaits
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-06-
|
|
11
|
+
date: 2026-06-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|