RubyGems - phlex - Versions diffs - 1.0.0 → 1.1.1 - Mend

phlex 1.0.0 → 1.1.1

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e074c926f013d613e2523b41c8dd604758d087c64d377b50a343c651b0164c0d
-  data.tar.gz: 56019e811dff06ef053adfeb20160fe29c247ee2e2f37848eba1580d240c41fd
+  metadata.gz: 1e06bb8d47be22009079c466771304f5e8cd413be8de6e3fb57eb0b64cc84037
+  data.tar.gz: 45a39c4ea77541549ce3e913875a3400c5abf247c5f9c72fa4d9002b7ea1186c
 SHA512:
-  metadata.gz: 24489ae7f67415aa23ce258d6a121fe37418ce32e543888410b730821feeafd5fda6f164dd6f390f9dd4a0ec7a8a92ae5c50deb53376f95f987203ad4da2acf2
-  data.tar.gz: 1ddfa0b6dff09c597cec5f77f521faf89344981e4f3ddd3237722d94cb4d4faeec0d385a7ef4a0a18acec770d7f22811ac489ae94dfdfc3fc92fbf1cbb676f20
+  metadata.gz: cb771c7f3ff0d11e513f3c7e70d6783dc7a7f40b19611f961c56b39ef22412479a55333d5a3432ee5564a8f102377122f4a43529a107adffbc82da17dfc4bdc0
+  data.tar.gz: 8e2671c58f64d9da93581e2c5bdab188eea8f5f468d0327ae50a264d7c3297c8f8dbeadae0c59f8cce05e2f3446d178ce8d2c0a18eb82bf5e922ded811a1fd2b

data/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 3.3.0

data/README.md CHANGED Viewed

@@ -14,6 +14,12 @@ If you run into any trouble, please [start a discussion](https://github.com/joel
 Everyone interacting in Phlex codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/joeldrapper/phlex/blob/main/CODE_OF_CONDUCT.md).
+### Who uses Phlex?
+- [Clearscope](https://www.clearscope.io)
+*If you can share that your company uses Phlex in production, please open a PR to list it here.*
 ### Sponsorship 💖
 Maintaining a library is a lot of work. If your company benefits from this work or is likely to benefit from it in the future, please consider [sponsorship](https://github.com/sponsors/joeldrapper). Phlex is actively developed and maintained by **[Joel Drapper](https://github.com/sponsors/joeldrapper)**.
@@ -25,3 +31,14 @@ If you’ve found a potential security issue, please email [security@phlex.fun](
 ### Thanks 🙏
 Thanks [Logology](https://www.logology.co) for sponsoring our logo.
+### Prior Art 🎨
+- [markaby](https://github.com/markaby/markaby)
+- [erector](https://github.com/erector/erector)
+- [papercraft](https://github.com/digital-fabric/papercraft)
+- [matestack](https://github.com/matestack/matestack-ui-core)
+- [arbre](https://github.com/activeadmin/arbre)
+- [tubby](https://github.com/judofyr/tubby)
+- [hoshi](https://github.com/pete/hoshi)
+- [hyperstack](https://github.com/hyperstack-org/hyperstack)

data/lib/phlex/html.rb CHANGED Viewed

@@ -134,12 +134,12 @@ module Phlex
 		end
 		def call(buffer = +"", view_context: nil, parent: nil, &block)
-			return buffer unless render?
 			@_target = buffer
 			@_view_context = view_context
 			@_parent = parent
+			return buffer unless render?
 			around_template do
 				if block_given?
 					template do |*args|
@@ -154,7 +154,7 @@ module Phlex
 				end
 			end
-			self.class.rendered_at_least_once ||= true
+			self.class.rendered_at_least_once = true
 			buffer
 		end
@@ -224,8 +224,9 @@ module Phlex
 		end
 		def unsafe_raw(content = nil, &block)
-			@_target << (content || instance_exec(&block))
-			nil
+			return nil unless content
+			@_target << content
 		end
 		def capture(&block)
@@ -316,10 +317,6 @@ module Phlex
 		end
 		private def _attributes(**attributes)
-			if attributes[:href]&.start_with?(/\s*javascript/)
-				attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
-			end
 			buffer = +""
 			_build_attributes(attributes, buffer: buffer)
@@ -340,8 +337,11 @@ module Phlex
 					else k.to_s
 				end
+				lower_name = name.downcase
+				next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
 				# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
-				if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
+				if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
 					raise ArgumentError, "Unsafe attribute name detected: #{k}."
 				end
@@ -353,7 +353,14 @@ module Phlex
 				when Symbol
 					buffer << " " << name << '="' << ERB::Util.html_escape(v.name) << '"'
 				when Hash
-					_build_attributes(v.transform_keys { "#{k}-#{_1.name.tr('_', '-')}" }, buffer: buffer)
+					_build_attributes(
+						v.transform_keys { |subkey|
+							case subkey
+								when Symbol then"#{k}-#{subkey.name.tr('_', '-')}"
+								else "#{k}-#{subkey}"
+							end
+						}, buffer: buffer
+					)
 				else
 					buffer << " " << name << '="' << ERB::Util.html_escape(v.to_s) << '"'
 				end

data/lib/phlex/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Phlex
-	VERSION = "1.0.0"
+	VERSION = "1.1.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: phlex
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Joel Drapper
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-08 00:00:00.000000000 Z
+date: 2024-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: zeitwerk
@@ -33,6 +33,7 @@ extra_rdoc_files: []
 files:
 - ".editorconfig"
 - ".rubocop.yml"
+- ".ruby-version"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
@@ -85,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.25
+rubygems_version: 3.5.6
 signing_key:
 specification_version: 4
 summary: A framework for building views in Ruby.