go_to_param 1.1.3 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/go_to_param/version.rb +1 -1
- data/lib/go_to_param.rb +9 -3
- metadata +4 -50
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8ef3c76caad7dbf28335798a812644bfd00fc3609f6a59b601552e2d6f3f8915
|
|
4
|
+
data.tar.gz: eb54119400b07f9dd8bc1104aea81e0c08eed250461a4963f79d4c6e5c9ba113
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8c00fa6dc82ce3b7f24802a16a726061e785da10e0b11fbb38acd66a230ae49261f73ef66ee06af926e7d38567408b3889bf8bd8ff2ba448f78b01cf3326ce94
|
|
7
|
+
data.tar.gz: 298750ed94c196b4b86368f889e41707223b2fd71e35f631b6b90c7cb7aac8ca615d3199b239380941aac191534c22be69d8244e259621df784bc7c844d08b4a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 2.0.0
|
|
4
|
+
|
|
5
|
+
- Remove `id` attribute for input tags generated by `hidden_go_to_tag` and `hidden_go_to_here_tag`, to avoid markup errors when using multiple on the same page.
|
|
6
|
+
- Disallow protocol-relative "//evil.com".
|
|
7
|
+
|
|
8
|
+
## 1.1.3
|
|
9
|
+
|
|
10
|
+
- Force MFA for privileged Rubygems actions.
|
|
11
|
+
|
|
3
12
|
## 1.1.2
|
|
4
13
|
|
|
5
14
|
- Fix keyword parameter warning. Thanks to @olleolleolle!
|
data/lib/go_to_param/version.rb
CHANGED
data/lib/go_to_param.rb
CHANGED
|
@@ -23,11 +23,11 @@ module GoToParam
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def hidden_go_to_tag
|
|
26
|
-
view_context.hidden_field_tag :go_to, go_to_path
|
|
26
|
+
view_context.hidden_field_tag :go_to, go_to_path, id: nil
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def hidden_go_to_here_tag(additional_query_params = {})
|
|
30
|
-
view_context.hidden_field_tag :go_to, go_to_here_params(additional_query_params)[:go_to]
|
|
30
|
+
view_context.hidden_field_tag :go_to, go_to_here_params(additional_query_params)[:go_to], id: nil
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def go_to_params(other_params = {})
|
|
@@ -62,7 +62,13 @@ module GoToParam
|
|
|
62
62
|
private
|
|
63
63
|
|
|
64
64
|
def matches_allowed_redirect_prefixes?
|
|
65
|
-
|
|
65
|
+
value = go_to_param_value
|
|
66
|
+
|
|
67
|
+
# Disallow protocol-relative "//evil.com".
|
|
68
|
+
# Also account for browsers normalizing `\` to `/`: https://github.com/advisories/GHSA-mqqf-5wvp-8fh8
|
|
69
|
+
return false if value.start_with?("//", "/\\", "\\/", "\\\\")
|
|
70
|
+
|
|
71
|
+
GoToParam.allowed_redirect_prefixes.any? { |prefix| value.start_with?(prefix) }
|
|
66
72
|
end
|
|
67
73
|
|
|
68
74
|
def go_to_here_path(anchor: nil, **additional_query_params)
|
metadata
CHANGED
|
@@ -1,58 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: go_to_param
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Henrik N
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: bundler
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: rake
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ">="
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - ">="
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: rspec
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '0'
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - ">="
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
55
|
-
description:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
11
|
+
dependencies: []
|
|
56
12
|
email:
|
|
57
13
|
- henrik@nyh.se
|
|
58
14
|
executables: []
|
|
@@ -68,7 +24,6 @@ licenses:
|
|
|
68
24
|
- MIT
|
|
69
25
|
metadata:
|
|
70
26
|
rubygems_mfa_required: 'true'
|
|
71
|
-
post_install_message:
|
|
72
27
|
rdoc_options: []
|
|
73
28
|
require_paths:
|
|
74
29
|
- lib
|
|
@@ -83,8 +38,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
83
38
|
- !ruby/object:Gem::Version
|
|
84
39
|
version: '0'
|
|
85
40
|
requirements: []
|
|
86
|
-
rubygems_version:
|
|
87
|
-
signing_key:
|
|
41
|
+
rubygems_version: 4.0.10
|
|
88
42
|
specification_version: 4
|
|
89
43
|
summary: Rails "go_to" redirection param utilities.
|
|
90
44
|
test_files: []
|