phlex 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of phlex might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/lib/phlex/html.rb +5 -6
- data/lib/phlex/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f62cc3d24a6690657b01ac0d35f0ee5ed669d4c374db0b1792e9178b10a01788
|
4
|
+
data.tar.gz: 17296d2f834f7d29e7f107da769971b985e812416479a5f9dd94074dec124147
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: af0d4fa2c505788bb38e8988728d9b58469f7ba76b6cc0be52d378a5d9a50ecbd7402a3d068d1083872fb028499d6a6b334e0a52636edf2f0fc2c62703a3ccbf
|
7
|
+
data.tar.gz: 1ddbce1b9d3b01820292948f1813e6973897b9ebb4ae1cbb3d3fa9e643350784161a3a33193e82a12b097f6cca36815d8ed001575e4d63308e2ede6adf0071e3
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.3.0
|
data/lib/phlex/html.rb
CHANGED
@@ -267,7 +267,7 @@ module Phlex
|
|
267
267
|
|
268
268
|
# Like `capture` but the output is vanished into a BlackHole buffer.
|
269
269
|
# Becuase the BlackHole does nothing with the output, this should be faster.
|
270
|
-
def __vanish__(*args)
|
270
|
+
private def __vanish__(*args)
|
271
271
|
return unless block_given?
|
272
272
|
|
273
273
|
original_buffer = @_target
|
@@ -356,10 +356,6 @@ module Phlex
|
|
356
356
|
end
|
357
357
|
|
358
358
|
private def __attributes__(**attributes)
|
359
|
-
if attributes[:href]&.start_with?(/\s*javascript/)
|
360
|
-
attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
|
361
|
-
end
|
362
|
-
|
363
359
|
buffer = +""
|
364
360
|
__build_attributes__(attributes, buffer: buffer)
|
365
361
|
|
@@ -380,8 +376,11 @@ module Phlex
|
|
380
376
|
else k.to_s
|
381
377
|
end
|
382
378
|
|
379
|
+
lower_name = name.downcase
|
380
|
+
next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
|
381
|
+
|
383
382
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
384
|
-
if HTML::EVENT_ATTRIBUTES[
|
383
|
+
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
385
384
|
raise ArgumentError, "Unsafe attribute name detected: #{k}."
|
386
385
|
end
|
387
386
|
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: phlex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Drapper
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: zeitwerk
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '0'
|
89
89
|
requirements: []
|
90
|
-
rubygems_version: 3.
|
90
|
+
rubygems_version: 3.5.6
|
91
91
|
signing_key:
|
92
92
|
specification_version: 4
|
93
93
|
summary: A framework for building views in Ruby.
|