phlex 1.4.0 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/phlex/sgml.rb +4 -9
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a8a6c8dfab161746b6b4e04d403fead1f2477f195ff27e72365838f169ecc287
4
- data.tar.gz: e9e9da3414eba5fc53d5440b16c0eecf47d4fc5d09a178fe44c9acab3f554119
3
+ metadata.gz: 6410035f225128eb3a191ea0c5bc826578ac46c3c723f7093064351f30425ecc
4
+ data.tar.gz: 3282c45b6cad4f234e589a9fd0ebb797eb863651945541ff8b2d224254d6af26
5
5
  SHA512:
6
- metadata.gz: 043c059dd8ce067a50df40c293d61475892acc934a4efdd18bedae7094ebaea3c9dd11a4bc5e5b7779120d38966964a2725dcd17de3dca2de48c50e837e2e8fd
7
- data.tar.gz: 00edaf160d669c8f62f40c4f66faf17a6b76b2428648be0d7c7977ad629b119a146cfacffc8636312f87e46b77cdfc3074fe39ade0b4ff45ee10e874f0459a31
6
+ metadata.gz: b6de1ef7fe778a78436985c7d04111268e748128e4cae58494a92566095aff84bebafabe018d8256ef9da269a4d807c979ac2d3a28a1b4c4bc8f8b51c5ca3e47
7
+ data.tar.gz: 90e47d2f28a8d45d8b69c048e7daca366bff057b2cad8019d14d58812ea46bce40d8ddd2de789fa158594b3da6e46dd73fdf57a3baaf77a5f471a9af4e7de2b0
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.1
1
+ 3.3.0
data/lib/phlex/sgml.rb CHANGED
@@ -258,14 +258,6 @@ module Phlex
258
258
 
259
259
  # @api private
260
260
  private def __final_attributes__(**attributes)
261
- if attributes[:href]&.start_with?(/\s*javascript:/)
262
- attributes.delete(:href)
263
- end
264
-
265
- if attributes["href"]&.start_with?(/\s*javascript:/)
266
- attributes.delete("href")
267
- end
268
-
269
261
  buffer = +""
270
262
  __build_attributes__(attributes, buffer: buffer)
271
263
 
@@ -283,8 +275,11 @@ module Phlex
283
275
  else k.to_s
284
276
  end
285
277
 
278
+ lower_name = name.downcase
279
+ next if lower_name == "href" && v.to_s.downcase.tr("\t \n", "").start_with?("javascript:")
280
+
286
281
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
287
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
282
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
288
283
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
289
284
  end
290
285
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.4.0"
4
+ VERSION = "1.4.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-02-17 00:00:00.000000000 Z
11
+ date: 2024-04-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -101,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
101
101
  - !ruby/object:Gem::Version
102
102
  version: '0'
103
103
  requirements: []
104
- rubygems_version: 3.4.6
104
+ rubygems_version: 3.5.9
105
105
  signing_key:
106
106
  specification_version: 4
107
107
  summary: A framework for building views in Ruby.