phlex 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of phlex might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/lib/phlex/html.rb +4 -5
- data/lib/phlex/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1e06bb8d47be22009079c466771304f5e8cd413be8de6e3fb57eb0b64cc84037
|
4
|
+
data.tar.gz: 45a39c4ea77541549ce3e913875a3400c5abf247c5f9c72fa4d9002b7ea1186c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cb771c7f3ff0d11e513f3c7e70d6783dc7a7f40b19611f961c56b39ef22412479a55333d5a3432ee5564a8f102377122f4a43529a107adffbc82da17dfc4bdc0
|
7
|
+
data.tar.gz: 8e2671c58f64d9da93581e2c5bdab188eea8f5f468d0327ae50a264d7c3297c8f8dbeadae0c59f8cce05e2f3446d178ce8d2c0a18eb82bf5e922ded811a1fd2b
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
3.3.0
|
data/lib/phlex/html.rb
CHANGED
@@ -317,10 +317,6 @@ module Phlex
|
|
317
317
|
end
|
318
318
|
|
319
319
|
private def _attributes(**attributes)
|
320
|
-
if attributes[:href]&.start_with?(/\s*javascript/)
|
321
|
-
attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
|
322
|
-
end
|
323
|
-
|
324
320
|
buffer = +""
|
325
321
|
_build_attributes(attributes, buffer: buffer)
|
326
322
|
|
@@ -341,8 +337,11 @@ module Phlex
|
|
341
337
|
else k.to_s
|
342
338
|
end
|
343
339
|
|
340
|
+
lower_name = name.downcase
|
341
|
+
next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
|
342
|
+
|
344
343
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
345
|
-
if HTML::EVENT_ATTRIBUTES[
|
344
|
+
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
346
345
|
raise ArgumentError, "Unsafe attribute name detected: #{k}."
|
347
346
|
end
|
348
347
|
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: phlex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Drapper
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: zeitwerk
|
@@ -33,6 +33,7 @@ extra_rdoc_files: []
|
|
33
33
|
files:
|
34
34
|
- ".editorconfig"
|
35
35
|
- ".rubocop.yml"
|
36
|
+
- ".ruby-version"
|
36
37
|
- CODE_OF_CONDUCT.md
|
37
38
|
- CONTRIBUTING.md
|
38
39
|
- Gemfile
|
@@ -85,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
85
86
|
- !ruby/object:Gem::Version
|
86
87
|
version: '0'
|
87
88
|
requirements: []
|
88
|
-
rubygems_version: 3.
|
89
|
+
rubygems_version: 3.5.6
|
89
90
|
signing_key:
|
90
91
|
specification_version: 4
|
91
92
|
summary: A framework for building views in Ruby.
|