brick 1.0.244 → 1.0.245

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4de3ef8371e163df0913a1fe70d55666010abefcdcc77d26813a27ea3b72967f
4
- data.tar.gz: 73dffd4bb0f5c5e9f57d1e19550cc212a67b4cc9636dd6eed53bee458cd155ee
3
+ metadata.gz: 74ab9c3403cc8ec25b0a2a2d24cc8c9cf871aa5de82daf92055542c70d4977df
4
+ data.tar.gz: 6e119a05135fb27a1d89b67cf8762a2d2d394876dfd79795481eb5f416476f06
5
5
  SHA512:
6
- metadata.gz: 948aaae186933b70b69b8df65ac2081168edd4d3badc9cf7bcdfb2d2a49243be376bb70c3c15aef7e00fdbf42f5be5c51185a91e01e4728332e0e0a476382403
7
- data.tar.gz: 500f395af03a898ed11ee8e3caad5fa0571568b19f1183a4f7b90793a8324e5d87870220b8a60b7e91d61e73ad7855d450a46711e8404c519bded7599b761866
6
+ metadata.gz: 220af7d1a7be7d224d0b25c8b9e3e635384067c408cd80bf012b289b83957c1bcda11a43eb152208b76bf80ec2d3cfa4c25b91ecfd9db4fa8710b217602ec766
7
+ data.tar.gz: 01c63fd12b462aa64ac72812f30541036c78e5934b4b5215ee1215394105d521be44771adcd9a5685cba2d784546f216b07016784c820e4cd510a4e367b9d873
@@ -324,7 +324,7 @@ function linkSchemas() {
324
324
  end
325
325
  end
326
326
  end
327
- "<script>
327
+ "<script<%= @_request.env['_brick_nonce'] %>>
328
328
  #{JS_CHANGEOUT}
329
329
  document.addEventListener(\"turbo:render\", linkSchemas);
330
330
  window.addEventListener(\"popstate\", linkSchemas);
@@ -827,55 +827,46 @@ window.addEventListener(\"popstate\", linkSchemas);
827
827
  table_options << "<option value=\"#{prefix}brick_#{table_option.downcase}\">(#{table_option})</option>".html_safe if show_it
828
828
  end
829
829
  css = +"<style>#{::Brick::Rails::BRICK_CSS}</style>
830
- <script>
830
+ <script<%=
831
+ if @_request.respond_to?(:content_security_policy) && (csp = @_request.content_security_policy)&.directives&.present?
832
+ @_request.env['_is_brick'] = true
833
+ if @_request.respond_to?(:content_security_policy_nonce_directives)
834
+ @_request.content_security_policy_nonce_directives = %w[ script-src ]
835
+ @_request.env['_brick_nonce'] = \" nonce=\\\"#\{@_request.content_security_policy_nonce}\\\"\".html_safe
836
+ end
837
+ if !@_request.respond_to?(:_brick_content_security_policy)
838
+ if csp.instance_variables.exclude?(:@_brick_style_shas)
839
+ csp.instance_variable_set(:@_brick_style_shas, [
840
+ \"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::BRICK_CSS)).chomp}'\",
841
+ \"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::IN_APP_STYLE)).chomp}'\",
842
+ \"'sha256-y+oXtN5Bag5VRQgH6D87Eo4UdOZOJiqg31ZNfDibDwM='\" # SHA for the text_field used in brick_field ('min-width: 154px;field-sizing: content;')
843
+ ])
844
+ end
845
+
846
+ ::ActionDispatch::ContentSecurityPolicy::Request.module_exec do
847
+ alias :_brick_content_security_policy :content_security_policy
848
+ def content_security_policy
849
+ return _brick_content_security_policy if env['_is_brick'].blank?
850
+
851
+ csp = ::ActionDispatch::ContentSecurityPolicy.new
852
+ csp.directives.merge! ({
853
+ 'style-src': [\"'self'\", 'https://cdn.jsdelivr.net', \"'unsafe-hashes'\"] +
854
+ _brick_content_security_policy.instance_variable_get(:@_brick_style_shas),
855
+ 'script-src': [\"'self'\", 'https://cdn.jsdelivr.net', \"'nonce-#\{content_security_policy_nonce}'\"],
856
+ 'connect-src': [\"'self'\", 'https://cdn.jsdelivr.net']
857
+ })
858
+ csp
859
+ end
860
+ end
861
+ end
862
+ end
863
+
864
+ @_request.env['_brick_nonce'] %>>
831
865
  if (window.history.state && window.history.state.turbo)
832
866
  window.addEventListener(\"popstate\", function () { location.reload(true); });
833
867
  </script>
834
868
 
835
869
  <%
836
- if @_request.respond_to?(:content_security_policy)
837
- @_request.env['_is_brick'] = true
838
- if (csp = @_request.content_security_policy).instance_variables.exclude?(:@_brick_style_shas)
839
- csp.instance_variable_set(:@_brick_style_shas, [
840
- \"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::BRICK_CSS)).chomp}'\",
841
- \"'sha256-#\{Base64.encode64(Digest.const_get(:SHA256).digest(::Brick::Rails::IN_APP_STYLE)).chomp}'\"
842
- ])
843
- end
844
- if !@_request.respond_to?(:_brick_content_security_policy)
845
- ::ActionDispatch::ContentSecurityPolicy::Request.module_exec do
846
- alias :_brick_content_security_policy :content_security_policy
847
- def content_security_policy
848
- # Add appropriate hashes for inline styles to the content-security-policy if needed
849
- if (cspd = (csp = _brick_content_security_policy).directives.fetch('style-src', nil)) && env['_is_brick']
850
- cspd.select! { |val| val == \"'self'\" }
851
- if params['action'] == 'show'
852
- cspd << \"'unsafe-inline'\"
853
- else
854
- csp.instance_variable_get(:@_brick_style_shas).each { |s| cspd << s }
855
- cspd << \"'unsafe-hashes'\"
856
- end
857
- cspd << 'https://cdn.jsdelivr.net'
858
- end
859
- if (cspsd = csp.directives.fetch('script-src', nil))
860
- cspsd.select! { |val| val == \"'self'\" }
861
- cspsd << \"'unsafe-inline'\"
862
- cspsd << 'https://cdn.jsdelivr.net'
863
- end
864
- if (cspcd = csp.directives.fetch('connect-src', nil))
865
- cspcd.select! { |val| val == \"'self'\" }
866
- cspcd << 'https://cdn.jsdelivr.net'
867
- end
868
- csp
869
- end
870
-
871
- alias :_brick_content_security_policy_nonce :content_security_policy_nonce
872
- def content_security_policy_nonce
873
- _brick_content_security_policy_nonce unless env['_is_brick']
874
- end
875
- end
876
- end
877
- end
878
-
879
870
  # Accommodate composite primary keys that include strings with forward-slash characters
880
871
  def slashify(*vals)
881
872
  vals.map { |val_part| val_part.is_a?(String) ? val_part.gsub('/', '^^sl^^') : val_part }
@@ -902,7 +893,7 @@ callbacks = {} %>"
902
893
  end
903
894
 
904
895
  # %%% When doing schema select, if we're on a new page go to index
905
- script = "<script>
896
+ script = "<script<%= @_request.env['_brick_nonce'] %>>
906
897
  // Add \"Are you sure?\" behaviour to any data-confirm buttons out there
907
898
  document.querySelectorAll(\"input[type=submit][data-confirm]\").forEach(function (btn) {
908
899
  btn.addEventListener(\"click\", function (evt) {
@@ -919,7 +910,8 @@ document.querySelectorAll(\"input[type=submit][data-confirm]\").forEach(function
919
910
  "\nbrickTestSchema = \"#{::Brick.test_schema}\";" if ::Brick.test_schema
920
911
  }
921
912
  function doFetch(method, payload, success) {
922
- payload.authenticity_token = <%= (session[:_csrf_token] || form_authenticity_token).inspect.html_safe %>;
913
+ payload.authenticity_token = <%=
914
+ (!session.respond_to?(:enabled?) || session.enabled?) ? ((session[:_csrf_token] || form_authenticity_token).inspect.html_safe) : 'null' %>;
923
915
  var action = payload._brick_action || location.href;
924
916
  delete payload._brick_action;
925
917
  if (!success) {
@@ -954,7 +946,7 @@ if (window.brickFontFamily) {
954
946
  <div id=\"dropper\" contenteditable=\"true\"></div>
955
947
  <input type=\"button\" id=\"btnImport\" value=\"Import\">
956
948
 
957
- <script>
949
+ <script<%= @_request.env['_brick_nonce'] %>>
958
950
  var dropperDiv = document.getElementById(\"dropper\");
959
951
  var btnImport = document.getElementById(\"btnImport\");
960
952
  var droppedTSV;
@@ -1130,7 +1122,7 @@ end
1130
1122
  <div class=\"colExclusion\"><%= excl %></div>
1131
1123
  <% end %>
1132
1124
  </div>
1133
- <script>
1125
+ <script<%= @_request.env['_brick_nonce'] %>>
1134
1126
  [... document.getElementsByClassName(\"colExclusion\")].forEach(function (excl) {
1135
1127
  excl.addEventListener(\"click\", function () {
1136
1128
  doFetch(\"POST\", {_brick_unexclude: this.innerHTML});
@@ -1141,7 +1133,7 @@ end
1141
1133
  # SEARCH BOX
1142
1134
  if @_brick_es && @_brick_es&.index('r') # Must have at least Elasticsearch Read access %>
1143
1135
  <input type=\"text\" id=\"esSearch\" class=\"dimmed\">
1144
- <script>
1136
+ <script<%= @_request.env['_brick_nonce'] %>>
1145
1137
  var esSearch = document.getElementById(\"esSearch\");
1146
1138
  var usedTerms = {};
1147
1139
  var isEsFiltered = false;
@@ -1504,7 +1496,7 @@ end
1504
1496
  end
1505
1497
  s << "<table id=\"#{hm_name}\" class=\"shadow\">
1506
1498
  <tr><th>#{hm[1]}#{' poly' if hm[0].options[:as]} #{hm[3]}
1507
- <% if predicates && respond_to?(:new_#{partial_new_path_name = hm.first.klass._brick_index(:singular)}_path) %>
1499
+ <% if defined?(predicates) && predicates && respond_to?(:new_#{partial_new_path_name = hm.first.klass._brick_index(:singular)}_path) %>
1508
1500
  <span class = \"add-hm-related\"><%=
1509
1501
  pk_val = (obj_pk = model.primary_key).is_a?(String) ? obj.send(obj_pk) : obj_pk.map { |pk_part| obj.send(pk_part) }
1510
1502
  pk_val_arr = [pk_val] unless pk_val.is_a?(Array)
@@ -1590,7 +1582,7 @@ end}
1590
1582
  }
1591
1583
  </style>
1592
1584
  <script src=\"https://cdn.jsdelivr.net/npm/flatpickr\"></script>
1593
- <script>
1585
+ <script<%= @_request.env['_brick_nonce'] %>>
1594
1586
  flatpickr(\".datepicker\");
1595
1587
  flatpickr(\".datetimepicker\", {enableTime: true});
1596
1588
  flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
@@ -1639,7 +1631,7 @@ flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
1639
1631
 
1640
1632
  <% if true # @_brick_erd
1641
1633
  %>
1642
- <script>
1634
+ <script<%= @_request.env['_brick_nonce'] %>>
1643
1635
  var imgErd = document.getElementById(\"imgErd\");
1644
1636
  var mermaidErd = document.getElementById(\"mermaidErd\");
1645
1637
  var mermaidCode;
@@ -1708,7 +1700,7 @@ flatpickr(\".timepicker\", {enableTime: true, noCalendar: true});
1708
1700
  "
1709
1701
  end
1710
1702
  if representation == :grid
1711
- inline << "<script>
1703
+ inline << "<script<%= @_request.env['_brick_nonce'] %>>
1712
1704
  <% # Make column headers sort when clicked
1713
1705
  # %%% Create a smart javascript routine which can do this client-side %>
1714
1706
  [... document.getElementsByTagName(\"TH\")].forEach(function (th) {
@@ -402,7 +402,7 @@ module Brick::Rails::FormTags
402
402
  end
403
403
  out << " </tbody>
404
404
  </table>
405
- <script>
405
+ <script<%= @_request.env['_brick_nonce'] %>>
406
406
  var constellation = document.getElementById(\"#{table_name}\");
407
407
  var nextSib,
408
408
  _this;
@@ -868,7 +868,7 @@ function onImagesLoaded(event) {
868
868
  </select></td>
869
869
  <td class=\"paddingTopZero\"><input id=\"txtColName\"></td>
870
870
  </tr></table>
871
- <script>
871
+ <script<%= @_request.env['_brick_nonce'] %>>
872
872
  var btnAddCol = document.getElementById(\"btnAddCol\");
873
873
  btnAddCol.addEventListener(\"click\", function () {
874
874
  var txtColName = document.getElementById(\"txtColName\");
@@ -5,7 +5,7 @@ module Brick
5
5
  module VERSION
6
6
  MAJOR = 1
7
7
  MINOR = 0
8
- TINY = 244
8
+ TINY = 245
9
9
 
10
10
  # PRE is nil unless it's a pre-release (beta, RC, etc.)
11
11
  PRE = nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: brick
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.244
4
+ version: 1.0.245
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lorin Thwaits
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2026-06-23 00:00:00.000000000 Z
11
+ date: 2026-06-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord