phlex 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -0
  3. data/lib/phlex/html.rb +4 -5
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8eeaf45425023ac13320c99f80956f12ec994395b3d349fc6a443334a6715b6d
4
- data.tar.gz: 34672ca973f3bec7ade7cccae08e65fff009b122c5319345dadabf779877269e
3
+ metadata.gz: 1e06bb8d47be22009079c466771304f5e8cd413be8de6e3fb57eb0b64cc84037
4
+ data.tar.gz: 45a39c4ea77541549ce3e913875a3400c5abf247c5f9c72fa4d9002b7ea1186c
5
5
  SHA512:
6
- metadata.gz: 51d8f8bea886016a71b67a6b29b1b584dc1a95b29c4ac9cc24263a3e94be534e1ddfa89f800c10caf00618f27508828f9fc1b233b2829d0c1016aa484b0db6fc
7
- data.tar.gz: 3cf6631189545652f860ec393fb63cf392bedd326271ee0863238a32f213a4704a7505442d4bbd06c7473e036c0dfb31c1f25584615189d801dc2515a25e4799
6
+ metadata.gz: cb771c7f3ff0d11e513f3c7e70d6783dc7a7f40b19611f961c56b39ef22412479a55333d5a3432ee5564a8f102377122f4a43529a107adffbc82da17dfc4bdc0
7
+ data.tar.gz: 8e2671c58f64d9da93581e2c5bdab188eea8f5f468d0327ae50a264d7c3297c8f8dbeadae0c59f8cce05e2f3446d178ce8d2c0a18eb82bf5e922ded811a1fd2b
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 3.3.0
data/lib/phlex/html.rb CHANGED
@@ -317,10 +317,6 @@ module Phlex
317
317
  end
318
318
 
319
319
  private def _attributes(**attributes)
320
- if attributes[:href]&.start_with?(/\s*javascript/)
321
- attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
322
- end
323
-
324
320
  buffer = +""
325
321
  _build_attributes(attributes, buffer: buffer)
326
322
 
@@ -341,8 +337,11 @@ module Phlex
341
337
  else k.to_s
342
338
  end
343
339
 
340
+ lower_name = name.downcase
341
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
342
+
344
343
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
345
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
344
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
346
345
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
347
346
  end
348
347
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.1.0"
4
+ VERSION = "1.1.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-01-07 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: zeitwerk
@@ -33,6 +33,7 @@ extra_rdoc_files: []
33
33
  files:
34
34
  - ".editorconfig"
35
35
  - ".rubocop.yml"
36
+ - ".ruby-version"
36
37
  - CODE_OF_CONDUCT.md
37
38
  - CONTRIBUTING.md
38
39
  - Gemfile
@@ -85,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
85
86
  - !ruby/object:Gem::Version
86
87
  version: '0'
87
88
  requirements: []
88
- rubygems_version: 3.3.25
89
+ rubygems_version: 3.5.6
89
90
  signing_key:
90
91
  specification_version: 4
91
92
  summary: A framework for building views in Ruby.