gon 6.3.2 → 6.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a4be940f45c3dff8c909d94552a81b3240ccea1dd42d5c442c18400278564286
4
- data.tar.gz: 86efc334a694c3a9825ec909f34bd5138b601de0108172863adb4d651eccdb28
3
+ metadata.gz: 3bdd0446070acfd94f0e8ef48b57eb1bfdf82179dca4cdd7a6e230d43ee9551b
4
+ data.tar.gz: 3dea439ff1cefa4edef65a9c39f2d0e505114140fcbf1a9effda085f04741e64
5
5
  SHA512:
6
- metadata.gz: 9adb780569a41eb32cf547f7ffebf22b184fdda8c63aa6d7c2e5e9b0efe789e2ec5a187cec83d4ca4ef0bc068148708adf1a7541752dcad83228dc4c5cf08920
7
- data.tar.gz: da49fd8d8e2b683bd69fa2e5f37e8f912faa4496a3f81739022b68f2bea5cd1762c0b3b54c25426756499e8096c9822ff36ce7e854e771db28237988c5e4385b
6
+ metadata.gz: af0597738e9196231399b4c15e77358bb4e3e90cbfe26fefae9da4d70ae5c20982c15c424e34b37ed58cd05cf8e867f6756cfa83f8621eda301df266ab5ff251
7
+ data.tar.gz: 37a2e08e06f44c863bfce115e99c9628f798347b2db2579b491d38aa959b5e5ee076b9207ae02405e303b94c8952198becef9f2d24fce8f79bd7a0b5cf001339
@@ -6,7 +6,9 @@ env:
6
6
 
7
7
  rvm:
8
8
  - 2.2.10
9
- - 2.3.7
10
- - 2.4.4
11
- - 2.5.1
9
+ - 2.3.8
10
+ - 2.4.10
11
+ - 2.5.8
12
+ - 2.6.6
13
+ - 2.7.1
12
14
  - ruby-head
@@ -2,6 +2,10 @@
2
2
 
3
3
  ## [Unreleased]
4
4
 
5
+ ## [6.4.0] - 2020-09-18
6
+ ### Security
7
+ - CVE-2020-25739: Enforce HTML entities escaping in gon output
8
+
5
9
  ## [6.3.2] - 2019-11-18
6
10
  ### Security
7
11
  - Restrict possibility of vulnerable i18n legacy verision (0.3.6.pre)
@@ -226,7 +230,8 @@
226
230
  ### Changed
227
231
  - Don't really remember what was before this version
228
232
 
229
- [Unreleased]: https://github.com/gazay/gon/compare/v6.3.1...master
233
+ [Unreleased]: https://github.com/gazay/gon/compare/v6.3.2...master
234
+ [6.3.2]: https://github.com/gazay/gon/compare/v6.3.1...v6.3.2
230
235
  [6.3.1]: https://github.com/gazay/gon/compare/v6.2.1...v6.3.1
231
236
  [6.2.1]: https://github.com/gazay/gon/compare/v6.2.0...v6.2.1
232
237
  [6.2.0]: https://github.com/gazay/gon/compare/v6.1.0...v6.2.0
@@ -27,4 +27,5 @@ Gem::Specification.new do |s|
27
27
  s.add_development_dependency 'railties', '>= 3.0.20'
28
28
  s.add_development_dependency 'rake'
29
29
  s.add_development_dependency 'pry'
30
+ s.add_development_dependency 'pry-byebug'
30
31
  end
@@ -1,8 +1,23 @@
1
1
  class Gon
2
2
  module JsonDumper
3
+ # Taken from ERB::Util
4
+ JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
5
+ JSON_ESCAPE = {
6
+ "&" => '\u0026',
7
+ ">" => '\u003e',
8
+ "<" => '\u003c',
9
+ "\u2028" => '\u2028',
10
+ "\u2029" => '\u2029'
11
+ }
12
+
3
13
  def self.dump(object)
4
- MultiJson.dump object,
14
+ dumped_json = MultiJson.dump object,
5
15
  mode: :compat, escape_mode: :xss_safe, time_format: :ruby
16
+ escape(dumped_json)
17
+ end
18
+
19
+ def self.escape(json)
20
+ json.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
6
21
  end
7
22
  end
8
23
  end
@@ -5,7 +5,7 @@ class Gon
5
5
 
6
6
  module ClassMethods
7
7
  module GonSession
8
- def process(*)
8
+ def process(*, **)
9
9
  # preload threadlocal & store controller instance
10
10
  if controller.is_a? ActionController::Base
11
11
  controller.gon
@@ -1,3 +1,3 @@
1
1
  class Gon
2
- VERSION = '6.3.2'
2
+ VERSION = '6.4.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gon
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.3.2
4
+ version: 6.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - gazay
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-19 00:00:00.000000000 Z
11
+ date: 2020-09-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -164,6 +164,20 @@ dependencies:
164
164
  - - ">="
165
165
  - !ruby/object:Gem::Version
166
166
  version: '0'
167
+ - !ruby/object:Gem::Dependency
168
+ name: pry-byebug
169
+ requirement: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ type: :development
175
+ prerelease: false
176
+ version_requirements: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - ">="
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
167
181
  description: If you need to send some data to your js files and you don't want to
168
182
  do this with long way trough views and parsing - use this force!
169
183
  email:
@@ -239,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
253
  - !ruby/object:Gem::Version
240
254
  version: '0'
241
255
  requirements: []
242
- rubygems_version: 3.0.3
256
+ rubygems_version: 3.1.2
243
257
  signing_key:
244
258
  specification_version: 4
245
259
  summary: Get your Rails variables in your JS