phlex 1.5.0 → 1.5.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/phlex/black_hole.rb +8 -0
  4. data/lib/phlex/sgml.rb +5 -10
  5. data/lib/phlex/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4a1ec24fb4717ac1f83f1d43f87db1d9674cfdc7ab1ad2ca5479d1918a7da14d
4
- data.tar.gz: 0e3bc60aff556fcf4e2005dc059033f9bbf45f168a0f7626aaa351cf87a75df0
3
+ metadata.gz: 9bb2eee10f58724c7364aa20c376ca8a9b1e6ab05eac257f47e383d22b476d3f
4
+ data.tar.gz: 388671f8e3de193ad1bf55cd24a533c1754f22ab217f4b114dc92622692302aa
5
5
  SHA512:
6
- metadata.gz: 44d1682ad2d052e8394420dccfaf3ff286d293f2a86d7bc685c704e5d2f2fcbd9f50bb06a189a8e6407bc2886bdc5f9de9e62b61aa79c8c82226ff65c719c950
7
- data.tar.gz: 38d9e4e9665c67479da8dd6633613807f38b69a40c24cc1e15583c6a89f34ef1f37edadee244325389d6bd7f11442b9fa977a65a783293a34e509b713ebd8819
6
+ metadata.gz: 85b52e8f364ddbfabc3de38154dbe8d6f45365e9f512b3a5e2cc8aff1e6c75149fe86867b91f6726980544b80e5f76d48a22c551158918932ac087bb662e9d86
7
+ data.tar.gz: 8aae351181789f6d5956d36f2340463bf7d1b614fc3d1d22ad2d562ea8aa4ebc1b486e1bcba368f5a7ded560f030b64e465a0e25ae880f677b714dcee01fbbe3
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.1
1
+ 3.3.0
data/lib/phlex/black_hole.rb CHANGED
@@ -10,4 +10,12 @@ module Phlex::BlackHole
10
10
  def length
11
11
  0
12
12
  end
13
+
14
+ def dup
15
+ self
16
+ end
17
+
18
+ def clear
19
+ self
20
+ end
13
21
  end
data/lib/phlex/sgml.rb CHANGED
@@ -160,7 +160,7 @@ module Phlex
160
160
  @_target << original_buffer_content
161
161
  end
162
162
 
163
- new_buffer_content
163
+ new_buffer_content.is_a?(String) ? new_buffer_content : ""
164
164
  end
165
165
 
166
166
  # Like `capture` but the output is vanished into a BlackHole buffer.
@@ -256,14 +256,6 @@ module Phlex
256
256
  attributes = process_attributes(**attributes)
257
257
  end
258
258
 
259
- if attributes[:href]&.start_with?(/\s*javascript:/)
260
- attributes.delete(:href)
261
- end
262
-
263
- if attributes["href"]&.start_with?(/\s*javascript:/)
264
- attributes.delete("href")
265
- end
266
-
267
259
  buffer = +""
268
260
  __build_attributes__(attributes, buffer: buffer)
269
261
 
@@ -281,8 +273,11 @@ module Phlex
281
273
  else k.to_s
282
274
  end
283
275
 
276
+ lower_name = name.downcase
277
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
278
+
284
279
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
285
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
280
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
286
281
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
287
282
  end
288
283
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.5.0"
4
+ VERSION = "1.5.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-03-06 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -116,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
116
  - !ruby/object:Gem::Version
117
117
  version: '0'
118
118
  requirements: []
119
- rubygems_version: 3.4.6
119
+ rubygems_version: 3.5.6
120
120
  signing_key:
121
121
  specification_version: 4
122
122
  summary: A framework for building views in Ruby.