RubyGems - govuk_tech_docs - Versions diffs - 3.2.1 → 3.3.1 - Mend

govuk_tech_docs 3.2.1 → 3.3.1

Files changed (75) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79d38e9facb7df0c0a08151b51ce448759efa6e61bcf8ec0c5e6efb0b4e92332
-  data.tar.gz: 0a47d960ef878bf334104c7f0ff3e3e07e0411e3b12d061dc72ca4c474c988a1
+  metadata.gz: e56428dbc592284d70ca0c9880c6c99fd10cd72da62a7008bbc11237e49c486c
+  data.tar.gz: b328aa30ba2a6fc8666abf3c9ede2a7a93639604ef0a1705626632479400f117
 SHA512:
-  metadata.gz: 8a6e9076fc8b8a6ade8cca61c139256b6f8a455e851c64e68132ee25e9ec0fe09876e3cfb1bf813297779d376e91ac0f1abd49cd30319944249c6fff4117c902
-  data.tar.gz: 98748cf227f452712eb2ffcd780d89a7b56b9beed437f0a775adb1eba81a0acfca7de59c89db7437484a8f8e9e63a1e71c513475f1f55affc8ff48b5da2fe64a
+  metadata.gz: c7aad01df604f63f875ecd96a9ace7f003e7a34eb6eb71c176e36cb1a11a8bf61af50231561338d8853c2c853e8d0aa5d69388f8ef7e5e83cf3355fc3b7cc9aa
+  data.tar.gz: c0f2915a6922e499f4ed1eb39262c7176bc64df8467a0be1ba1579af8cdea0fc6bef3c1415822f1aff6f80c679ed0d9fedce4a4ccd9799932bf0aabb196a4747

data/.github/workflows/publish.yaml CHANGED Viewed

@@ -3,7 +3,7 @@ name: Publish
 on:
   push:
     branches:
-      - master
+      - main
   workflow_dispatch:
 concurrency: rubygems

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,25 @@
 ## Unreleased
+## 3.3.1
+This change solves a potential security issue with HTML snippets. Pages indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, making it possible to render arbitrary HTML or run arbitrary scripts.
+You can see more detail about this issue at [#323: Fix XSS vulnerability on search results page](https://github.com/alphagov/tech-docs-gem/pull/323)
+## 3.3.0
+### New features
+There are some steps you should follow as the Technical Documentation Template (TDT) now uses GOV.UK Frontend 4.4.1.
+1. Update your documentation site to use the latest template version. You can [follow the TDT guidance on using the latest template version](https://tdt-documentation.london.cloudapps.digital/maintain_project/use_latest_template/).
+2. Check your documentation site displays correctly. If your site does not display correctly, you can refer to the [GOV.UK Frontend release notes](https://github.com/alphagov/govuk-frontend/releases/) for more information, or [contact the GOV.UK Design System team](https://design-system.service.gov.uk/get-in-touch/).
+### Fixes
+- [#242: Make scrollable area keyboard (and voice) focusable](https://github.com/alphagov/tech-docs-gem/pull/242) (thanks [@colinbm](https://github.com/colinbm))
 ## 3.2.1
 ### Fixes
@@ -418,7 +437,7 @@ which item is selected in the navigation.
 More info:
 - https://github.com/alphagov/tech-docs-gem/pull/19
-- https://github.com/alphagov/tech-docs-gem/blob/master/docs/frontmatter.md#parent
+- https://github.com/alphagov/tech-docs-gem/blob/main/docs/frontmatter.md#parent
 ## 1.2.0
@@ -430,15 +449,15 @@ You can use this when you change a page URL.
 More info:
-- https://github.com/alphagov/tech-docs-gem/blob/master/docs/configuration.md#redirects
-- https://github.com/alphagov/tech-docs-gem/blob/master/docs/frontmatter.md#old_paths
+- https://github.com/alphagov/tech-docs-gem/blob/main/docs/configuration.md#redirects
+- https://github.com/alphagov/tech-docs-gem/blob/main/docs/frontmatter.md#old_paths
 ### New feature: contribution banner
 You can now show a block at the bottom of the page that links to
 the page source on GitHub, so readers can easily contribute back to the documentation.
-https://github.com/alphagov/tech-docs-gem/blob/master/docs/configuration.md#show_contribution_banner
+https://github.com/alphagov/tech-docs-gem/blob/main/docs/configuration.md#show_contribution_banner
 ### New feature: page review system
@@ -446,8 +465,8 @@ An optional page review system to make sure documentation stays up to date.
 More info:
-- https://github.com/alphagov/tech-docs-gem/blob/master/docs/frontmatter.md#last_reviewed_on
-- https://github.com/alphagov/tech-docs-gem/blob/master/docs/frontmatter.md#owner_slack
+- https://github.com/alphagov/tech-docs-gem/blob/main/docs/frontmatter.md#last_reviewed_on
+- https://github.com/alphagov/tech-docs-gem/blob/main/docs/frontmatter.md#owner_slack
 ### Better meta tags
@@ -459,7 +478,7 @@ Pages now include better meta tags for search engines, Twitter, Facebook and Sla
 You can now specify `google_site_verification` in tech-docs.yml. You can use
 this to verify your site in Google Webmaster tools.
-https://github.com/alphagov/tech-docs-gem/blob/master/docs/configuration.md#google_site_verification
+https://github.com/alphagov/tech-docs-gem/blob/main/docs/configuration.md#google_site_verification
 ## 1.0.0

data/README.md CHANGED Viewed

@@ -15,7 +15,7 @@ Find out how to [contribute](https://tdt-documentation.london.cloudapps.digital/
 This gem uses [GOV.UK Frontend](https://github.com/alphagov/govuk-frontend), part of the [GOV.UK Design System](https://design-system.service.gov.uk/).
-We use `npm` to download the govuk-frontend package. To update to a new version, change the version in the [package.json file](blob/master/package.json) and run `npm update`.
+We use `npm` to download the govuk-frontend package. To update to a new version, change the version in the [package.json file](package.json) and run `npm update`.
 ## Developing locally
@@ -96,7 +96,7 @@ The documentation is [© Crown copyright][copyright] and available under the ter
 [ogl]: http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
 [tdt-docs]: https://tdt-documentation.london.cloudapps.digital
 [tdt-template]: https://github.com/alphagov/tech-docs-template
-[tdt-readme]: https://github.com/alphagov/tech-docs-template/blob/master/README.md
+[tdt-readme]: https://github.com/alphagov/tech-docs-template/blob/main/README.md
 [mmt]: https://middlemanapp.com/advanced/project_templates/
 [jas]: https://jasmine.github.io/

data/lib/assets/javascripts/_modules/search.js CHANGED Viewed

@@ -169,8 +169,8 @@
     this.processContent = function processContent (content, query) {
       var output
-      content = '<div>' + content + '</div>'
-      content = $(content).mark(query)
+      var sanitizedContent = $('<div></div>').text(content).html()
+      content = $('<div>' + sanitizedContent + '</div>').mark(query)
       // Split content by sentence.
       var sentences = content.html().replace(/(\.+|:|!|\?|\r|\n)("*|'*|\)*|}*|]*)/gm, '|').split('|')

data/lib/govuk_tech_docs/contribution_banner.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module GovukTechDocs
     end
     def repo_branch
-      config[:tech_docs][:github_branch] || "master"
+      config[:tech_docs][:github_branch] || "master" # TODO: change this to 'main' in a future breaking release
     end
   private

data/lib/govuk_tech_docs/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module GovukTechDocs
-  VERSION = "3.2.1".freeze
+  VERSION = "3.3.1".freeze
 end

data/lib/source/layouts/core.erb CHANGED Viewed

@@ -53,7 +53,7 @@
           </div>
         <% end %>
-        <div class="app-pane__content toc-open-disabled">
+        <div class="app-pane__content toc-open-disabled" aria-label="Content" tabindex="0">
           <main id="content" class="technical-documentation" data-module="anchored-headings">
             <%= yield %>
             <%= partial "layouts/page_review" %>