phlex 1.5.1 → 1.5.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/phlex/sgml.rb +4 -9
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 647e5f1a1f3beb8dd596cb87a5fb848f07e8e87e28ce705f3d1c93d8c9cfe9ac
4
- data.tar.gz: d2b327f45d36a44069cf6dd9de03310918f56647bc1a40c6eb675837eb1cb653
3
+ metadata.gz: cb9f666a03a35cd5769f6a7fb559665f829997ad2d4267997512a21199091eee
4
+ data.tar.gz: 0e4e313a93f0ad010dccf984ebce586dfbe5c72cf10bec0a101c2a8f83d0af9b
5
5
  SHA512:
6
- metadata.gz: '0387ae5e9183fb312619950e5a5a6d75d1383c58e46be6f389e781a5cbdf2b3658efc4cbd298eb7b9d1ad0f9042c857ecc11c3812a2bd1600ee04a79f9fc1d8a'
7
- data.tar.gz: 6159fbe6ac1f52baf8924e9309a43ae252a47655f7feaf380787fb4d5a56e83380154dd906e8a964b0754fa0f4827e3e3b028ca9f4a03ded5aace8431edf0452
6
+ metadata.gz: 3b2bdd2072778140464602492e213af01dcfd6b780ff8a92b21384ac31205e7c2b3ed767222e431a8e3983c9fe4483cea6494800c02979abee3617a0c89dee80
7
+ data.tar.gz: '059c2b94fc6c38a55997d5e9479c64f56bd43d0d9566647584f54c54728cb84924c88a910bb2acb7093ffd3746c1215e1b6f6c257b7ab02de7c821e19c06fc28'
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.1
1
+ 3.3.0
data/lib/phlex/sgml.rb CHANGED
@@ -256,14 +256,6 @@ module Phlex
256
256
  attributes = process_attributes(**attributes)
257
257
  end
258
258
 
259
- if attributes[:href]&.start_with?(/\s*javascript:/)
260
- attributes.delete(:href)
261
- end
262
-
263
- if attributes["href"]&.start_with?(/\s*javascript:/)
264
- attributes.delete("href")
265
- end
266
-
267
259
  buffer = +""
268
260
  __build_attributes__(attributes, buffer: buffer)
269
261
 
@@ -281,8 +273,11 @@ module Phlex
281
273
  else k.to_s
282
274
  end
283
275
 
276
+ lower_name = name.downcase
277
+ next if lower_name == "href" && v.to_s.downcase.tr("\t \n", "").start_with?("javascript:")
278
+
284
279
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
285
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
280
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
286
281
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
287
282
  end
288
283
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.5.1"
4
+ VERSION = "1.5.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.5.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-03-06 00:00:00.000000000 Z
11
+ date: 2024-04-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -116,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
116
  - !ruby/object:Gem::Version
117
117
  version: '0'
118
118
  requirements: []
119
- rubygems_version: 3.4.6
119
+ rubygems_version: 3.5.9
120
120
  signing_key:
121
121
  specification_version: 4
122
122
  summary: A framework for building views in Ruby.