gon 6.3.2 → 6.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +5 -3
- data/CHANGELOG.md +6 -1
- data/gon.gemspec +1 -0
- data/lib/gon/json_dumper.rb +16 -1
- data/lib/gon/spec_helpers.rb +1 -1
- data/lib/gon/version.rb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3bdd0446070acfd94f0e8ef48b57eb1bfdf82179dca4cdd7a6e230d43ee9551b
|
|
4
|
+
data.tar.gz: 3dea439ff1cefa4edef65a9c39f2d0e505114140fcbf1a9effda085f04741e64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af0597738e9196231399b4c15e77358bb4e3e90cbfe26fefae9da4d70ae5c20982c15c424e34b37ed58cd05cf8e867f6756cfa83f8621eda301df266ab5ff251
|
|
7
|
+
data.tar.gz: 37a2e08e06f44c863bfce115e99c9628f798347b2db2579b491d38aa959b5e5ee076b9207ae02405e303b94c8952198becef9f2d24fce8f79bd7a0b5cf001339
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [6.4.0] - 2020-09-18
|
|
6
|
+
### Security
|
|
7
|
+
- CVE-2020-25739: Enforce HTML entities escaping in gon output
|
|
8
|
+
|
|
5
9
|
## [6.3.2] - 2019-11-18
|
|
6
10
|
### Security
|
|
7
11
|
- Restrict possibility of vulnerable i18n legacy verision (0.3.6.pre)
|
|
@@ -226,7 +230,8 @@
|
|
|
226
230
|
### Changed
|
|
227
231
|
- Don't really remember what was before this version
|
|
228
232
|
|
|
229
|
-
[Unreleased]: https://github.com/gazay/gon/compare/v6.3.
|
|
233
|
+
[Unreleased]: https://github.com/gazay/gon/compare/v6.3.2...master
|
|
234
|
+
[6.3.2]: https://github.com/gazay/gon/compare/v6.3.1...v6.3.2
|
|
230
235
|
[6.3.1]: https://github.com/gazay/gon/compare/v6.2.1...v6.3.1
|
|
231
236
|
[6.2.1]: https://github.com/gazay/gon/compare/v6.2.0...v6.2.1
|
|
232
237
|
[6.2.0]: https://github.com/gazay/gon/compare/v6.1.0...v6.2.0
|
data/gon.gemspec
CHANGED
data/lib/gon/json_dumper.rb
CHANGED
|
@@ -1,8 +1,23 @@
|
|
|
1
1
|
class Gon
|
|
2
2
|
module JsonDumper
|
|
3
|
+
# Taken from ERB::Util
|
|
4
|
+
JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
|
|
5
|
+
JSON_ESCAPE = {
|
|
6
|
+
"&" => '\u0026',
|
|
7
|
+
">" => '\u003e',
|
|
8
|
+
"<" => '\u003c',
|
|
9
|
+
"\u2028" => '\u2028',
|
|
10
|
+
"\u2029" => '\u2029'
|
|
11
|
+
}
|
|
12
|
+
|
|
3
13
|
def self.dump(object)
|
|
4
|
-
MultiJson.dump object,
|
|
14
|
+
dumped_json = MultiJson.dump object,
|
|
5
15
|
mode: :compat, escape_mode: :xss_safe, time_format: :ruby
|
|
16
|
+
escape(dumped_json)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.escape(json)
|
|
20
|
+
json.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
|
|
6
21
|
end
|
|
7
22
|
end
|
|
8
23
|
end
|
data/lib/gon/spec_helpers.rb
CHANGED
data/lib/gon/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- gazay
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -164,6 +164,20 @@ dependencies:
|
|
|
164
164
|
- - ">="
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: '0'
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: pry-byebug
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - ">="
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: '0'
|
|
174
|
+
type: :development
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - ">="
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: '0'
|
|
167
181
|
description: If you need to send some data to your js files and you don't want to
|
|
168
182
|
do this with long way trough views and parsing - use this force!
|
|
169
183
|
email:
|
|
@@ -239,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
239
253
|
- !ruby/object:Gem::Version
|
|
240
254
|
version: '0'
|
|
241
255
|
requirements: []
|
|
242
|
-
rubygems_version: 3.
|
|
256
|
+
rubygems_version: 3.1.2
|
|
243
257
|
signing_key:
|
|
244
258
|
specification_version: 4
|
|
245
259
|
summary: Get your Rails variables in your JS
|