govuk_tech_docs 3.3.0 → 3.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/assets/javascripts/_modules/search.js +2 -2
- data/lib/govuk_tech_docs/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e56428dbc592284d70ca0c9880c6c99fd10cd72da62a7008bbc11237e49c486c
|
4
|
+
data.tar.gz: b328aa30ba2a6fc8666abf3c9ede2a7a93639604ef0a1705626632479400f117
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c7aad01df604f63f875ecd96a9ace7f003e7a34eb6eb71c176e36cb1a11a8bf61af50231561338d8853c2c853e8d0aa5d69388f8ef7e5e83cf3355fc3b7cc9aa
|
7
|
+
data.tar.gz: c0f2915a6922e499f4ed1eb39262c7176bc64df8467a0be1ba1579af8cdea0fc6bef3c1415822f1aff6f80c679ed0d9fedce4a4ccd9799932bf0aabb196a4747
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,12 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 3.3.1
|
6
|
+
|
7
|
+
This change solves a potential security issue with HTML snippets. Pages indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, making it possible to render arbitrary HTML or run arbitrary scripts.
|
8
|
+
|
9
|
+
You can see more detail about this issue at [#323: Fix XSS vulnerability on search results page](https://github.com/alphagov/tech-docs-gem/pull/323)
|
10
|
+
|
5
11
|
## 3.3.0
|
6
12
|
|
7
13
|
### New features
|
@@ -169,8 +169,8 @@
|
|
169
169
|
|
170
170
|
this.processContent = function processContent (content, query) {
|
171
171
|
var output
|
172
|
-
|
173
|
-
content = $(
|
172
|
+
var sanitizedContent = $('<div></div>').text(content).html()
|
173
|
+
content = $('<div>' + sanitizedContent + '</div>').mark(query)
|
174
174
|
|
175
175
|
// Split content by sentence.
|
176
176
|
var sentences = content.html().replace(/(\.+|:|!|\?|\r|\n)("*|'*|\)*|}*|]*)/gm, '|').split('|')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govuk_tech_docs
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.3.
|
4
|
+
version: 3.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Government Digital Service
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-04-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: autoprefixer-rails
|