gon 6.3.2 → 6.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +5 -3
- data/CHANGELOG.md +6 -1
- data/gon.gemspec +1 -0
- data/lib/gon/json_dumper.rb +16 -1
- data/lib/gon/spec_helpers.rb +1 -1
- data/lib/gon/version.rb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3bdd0446070acfd94f0e8ef48b57eb1bfdf82179dca4cdd7a6e230d43ee9551b
|
|
4
|
+
data.tar.gz: 3dea439ff1cefa4edef65a9c39f2d0e505114140fcbf1a9effda085f04741e64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af0597738e9196231399b4c15e77358bb4e3e90cbfe26fefae9da4d70ae5c20982c15c424e34b37ed58cd05cf8e867f6756cfa83f8621eda301df266ab5ff251
|
|
7
|
+
data.tar.gz: 37a2e08e06f44c863bfce115e99c9628f798347b2db2579b491d38aa959b5e5ee076b9207ae02405e303b94c8952198becef9f2d24fce8f79bd7a0b5cf001339
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [6.4.0] - 2020-09-18
|
|
6
|
+
### Security
|
|
7
|
+
- CVE-2020-25739: Enforce HTML entities escaping in gon output
|
|
8
|
+
|
|
5
9
|
## [6.3.2] - 2019-11-18
|
|
6
10
|
### Security
|
|
7
11
|
- Restrict possibility of vulnerable i18n legacy verision (0.3.6.pre)
|
|
@@ -226,7 +230,8 @@
|
|
|
226
230
|
### Changed
|
|
227
231
|
- Don't really remember what was before this version
|
|
228
232
|
|
|
229
|
-
[Unreleased]: https://github.com/gazay/gon/compare/v6.3.
|
|
233
|
+
[Unreleased]: https://github.com/gazay/gon/compare/v6.3.2...master
|
|
234
|
+
[6.3.2]: https://github.com/gazay/gon/compare/v6.3.1...v6.3.2
|
|
230
235
|
[6.3.1]: https://github.com/gazay/gon/compare/v6.2.1...v6.3.1
|
|
231
236
|
[6.2.1]: https://github.com/gazay/gon/compare/v6.2.0...v6.2.1
|
|
232
237
|
[6.2.0]: https://github.com/gazay/gon/compare/v6.1.0...v6.2.0
|
data/gon.gemspec
CHANGED
data/lib/gon/json_dumper.rb
CHANGED
|
@@ -1,8 +1,23 @@
|
|
|
1
1
|
class Gon
|
|
2
2
|
module JsonDumper
|
|
3
|
+
# Taken from ERB::Util
|
|
4
|
+
JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
|
|
5
|
+
JSON_ESCAPE = {
|
|
6
|
+
"&" => '\u0026',
|
|
7
|
+
">" => '\u003e',
|
|
8
|
+
"<" => '\u003c',
|
|
9
|
+
"\u2028" => '\u2028',
|
|
10
|
+
"\u2029" => '\u2029'
|
|
11
|
+
}
|
|
12
|
+
|
|
3
13
|
def self.dump(object)
|
|
4
|
-
MultiJson.dump object,
|
|
14
|
+
dumped_json = MultiJson.dump object,
|
|
5
15
|
mode: :compat, escape_mode: :xss_safe, time_format: :ruby
|
|
16
|
+
escape(dumped_json)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.escape(json)
|
|
20
|
+
json.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
|
|
6
21
|
end
|
|
7
22
|
end
|
|
8
23
|
end
|
data/lib/gon/spec_helpers.rb
CHANGED
data/lib/gon/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- gazay
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionpack
|
|
@@ -164,6 +164,20 @@ dependencies:
|
|
|
164
164
|
- - ">="
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: '0'
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: pry-byebug
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - ">="
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: '0'
|
|
174
|
+
type: :development
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - ">="
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: '0'
|
|
167
181
|
description: If you need to send some data to your js files and you don't want to
|
|
168
182
|
do this with long way trough views and parsing - use this force!
|
|
169
183
|
email:
|
|
@@ -239,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
239
253
|
- !ruby/object:Gem::Version
|
|
240
254
|
version: '0'
|
|
241
255
|
requirements: []
|
|
242
|
-
rubygems_version: 3.
|
|
256
|
+
rubygems_version: 3.1.2
|
|
243
257
|
signing_key:
|
|
244
258
|
specification_version: 4
|
|
245
259
|
summary: Get your Rails variables in your JS
|