phlex 1.4.0 → 1.4.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of phlex might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/lib/phlex/sgml.rb +4 -9
- data/lib/phlex/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6410035f225128eb3a191ea0c5bc826578ac46c3c723f7093064351f30425ecc
|
4
|
+
data.tar.gz: 3282c45b6cad4f234e589a9fd0ebb797eb863651945541ff8b2d224254d6af26
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b6de1ef7fe778a78436985c7d04111268e748128e4cae58494a92566095aff84bebafabe018d8256ef9da269a4d807c979ac2d3a28a1b4c4bc8f8b51c5ca3e47
|
7
|
+
data.tar.gz: 90e47d2f28a8d45d8b69c048e7daca366bff057b2cad8019d14d58812ea46bce40d8ddd2de789fa158594b3da6e46dd73fdf57a3baaf77a5f471a9af4e7de2b0
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.3.0
|
data/lib/phlex/sgml.rb
CHANGED
@@ -258,14 +258,6 @@ module Phlex
|
|
258
258
|
|
259
259
|
# @api private
|
260
260
|
private def __final_attributes__(**attributes)
|
261
|
-
if attributes[:href]&.start_with?(/\s*javascript:/)
|
262
|
-
attributes.delete(:href)
|
263
|
-
end
|
264
|
-
|
265
|
-
if attributes["href"]&.start_with?(/\s*javascript:/)
|
266
|
-
attributes.delete("href")
|
267
|
-
end
|
268
|
-
|
269
261
|
buffer = +""
|
270
262
|
__build_attributes__(attributes, buffer: buffer)
|
271
263
|
|
@@ -283,8 +275,11 @@ module Phlex
|
|
283
275
|
else k.to_s
|
284
276
|
end
|
285
277
|
|
278
|
+
lower_name = name.downcase
|
279
|
+
next if lower_name == "href" && v.to_s.downcase.tr("\t \n", "").start_with?("javascript:")
|
280
|
+
|
286
281
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
287
|
-
if HTML::EVENT_ATTRIBUTES[
|
282
|
+
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
288
283
|
raise ArgumentError, "Unsafe attribute name detected: #{k}."
|
289
284
|
end
|
290
285
|
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: phlex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joel Drapper
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: concurrent-ruby
|
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
101
101
|
- !ruby/object:Gem::Version
|
102
102
|
version: '0'
|
103
103
|
requirements: []
|
104
|
-
rubygems_version: 3.
|
104
|
+
rubygems_version: 3.5.9
|
105
105
|
signing_key:
|
106
106
|
specification_version: 4
|
107
107
|
summary: A framework for building views in Ruby.
|