phlex 1.3.2 → 1.3.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of phlex might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/lib/phlex/html.rb +4 -9
- data/lib/phlex/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1159a0896a3d636c2a5c2a9a08f33e9763378aaba3cef5ab91a0f6988c3fc13d
|
4
|
+
data.tar.gz: '0288a77615f58f361e0d5cbebd87b937dfd4ec040eda9d1229247168db48bc71'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8d51860ec7cf43b2071baaa32636450e1f31684ff5bef5f87352f1f2ac31fc4edd5740f0441f8a3e26469e026583be4e0bf047447226327ba981569c83cc982d
|
7
|
+
data.tar.gz: 82738cc1998a31e41c9d7989b77d3e90c33135b4347c6b98d1999156ac696dd3d7739623578fb4569d17776e7e40fb751aafb0e01965ae5df9cbb78d2b41c198
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.3.0
|
data/lib/phlex/html.rb
CHANGED
@@ -267,14 +267,6 @@ module Phlex
|
|
267
267
|
end
|
268
268
|
|
269
269
|
private def __final_attributes__(**attributes)
|
270
|
-
if attributes[:href]&.start_with?(/\s*javascript:/)
|
271
|
-
attributes.delete(:href)
|
272
|
-
end
|
273
|
-
|
274
|
-
if attributes["href"]&.start_with?(/\s*javascript:/)
|
275
|
-
attributes.delete("href")
|
276
|
-
end
|
277
|
-
|
278
270
|
buffer = +""
|
279
271
|
__build_attributes__(attributes, buffer: buffer)
|
280
272
|
|
@@ -291,8 +283,11 @@ module Phlex
|
|
291
283
|
else k.to_s
|
292
284
|
end
|
293
285
|
|
286
|
+
lower_name = name.downcase
|
287
|
+
next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
|
288
|
+
|
294
289
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
295
|
-
if HTML::EVENT_ATTRIBUTES[
|
290
|
+
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
296
291
|
raise ArgumentError, "Unsafe attribute name detected: #{k}."
|
297
292
|
end
|
298
293
|
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: phlex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Drapper
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: concurrent-ruby
|
@@ -99,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: '0'
|
101
101
|
requirements: []
|
102
|
-
rubygems_version: 3.
|
102
|
+
rubygems_version: 3.5.6
|
103
103
|
signing_key:
|
104
104
|
specification_version: 4
|
105
105
|
summary: A framework for building views in Ruby.
|