RubyGems - phlex - Versions diffs - 2.1.1 → 2.1.3 - Mend

phlex 2.1.1 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0de463dbf4f663fc2ac8dd8d0b0a080dc8d7bf90ba209d56b366b36634e9cc9
-  data.tar.gz: ccad039d4962eb42076c562cb9f9617197f878a1860b13f66aae2b34f2686333
+  metadata.gz: 58ef5e091c9feed2677149231356e32305898a8d2bb271a0e603bcc208ead0fd
+  data.tar.gz: bab9a697db8f529f0221afb1fd491e30d2f4b0c702a253f7a0446f8a075ddc82
 SHA512:
-  metadata.gz: 959b8c7b1bdbbf281b0da7576257719da2ba077045e9ad1d673348d60a01dfa731b6b9b2e9031cce81e896f98a195478008d667e99bf471e50348bc6b978c393
-  data.tar.gz: 93dab7d61efa8f2009698cb8ae7d12748b4cb1bfe5c2bf48e58c41e5c930f923789c00ff3c346e878107f9cbe280951e23f35fe5482c453799f5c7e81293715e
+  metadata.gz: 1e92858e2c2a177a120579e7cbb4c7489456a8faa0a40ecbce9fe6070f7ef01ace1e4f13baf72a9f9baf841ed57ea9b74f9cf2aa262fc774eaa95178a9248b63
+  data.tar.gz: 8040edc5a9640fb638280bccb4e879ab97d855b739f5eab04fc7ffcf7fcb7d7ca50a06ae808c31e67f9fdb7c286062c35ff40483abfaf42ac9637e2abe32c67e

data/lib/phlex/csv.rb CHANGED Viewed

@@ -168,7 +168,9 @@ class Phlex::CSV
 			value = value.strip
 			if escape_csv_injection
-				if FORMULA_PREFIXES_MAP[value.getbyte(0)]
+				if value.empty?
+					buffer << value
+				elsif FORMULA_PREFIXES_MAP[value.getbyte(0)]
 					value.gsub!('"', '""')
 					buffer << '"\'' << value << '"'
 				elsif value.match?(escape_regex)
@@ -184,7 +186,9 @@ class Phlex::CSV
 			if escape_csv_injection
 				first_byte = value.getbyte(0)
-				if FORMULA_PREFIXES_MAP[first_byte]
+				if value.empty?
+					buffer << '""'
+				elsif FORMULA_PREFIXES_MAP[first_byte]
 					buffer << '"\'' << value.gsub('"', '""') << '"'
 				elsif value.match?(escape_regex)
 					buffer << '"' << value.gsub('"', '""') << '"'
@@ -192,7 +196,9 @@ class Phlex::CSV
 					buffer << value
 				end
 			else # not escaping CSV injection
-				if value.match?(escape_regex)
+				if value.empty?
+					buffer << '""'
+				elsif value.match?(escape_regex)
 					buffer << '"' << value.gsub('"', '""') << '"'
 				else
 					buffer << value

data/lib/phlex/html.rb CHANGED Viewed

@@ -58,7 +58,7 @@ class Phlex::HTML < Phlex::SGML
 			raise Phlex::ArgumentError.new("Expected the tag name to be a Symbol.")
 		end
-		if (tag = StandardElements.__registered_elements__[name]) || (tag = name.name.tr("_", "-")).include?("-")
+		if (tag = StandardElements.__registered_elements__[name]) || ((tag = name.name.tr("_", "-")).include?("-") && tag.match?(/\A[a-z0-9-]+\z/))
 			if attributes.length > 0 # with attributes
 				if block_given # with content block
 					buffer << "<#{tag}" << (Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes)) << ">"

data/lib/phlex/sgml/state.rb CHANGED Viewed

@@ -14,16 +14,7 @@ class Phlex::SGML::State
 	attr_accessor :capturing, :user_context
-	attr_reader :fragments, :fragment_depth, :output_buffer
-	def buffer
-		case @buffer
-		when Proc
-			@buffer.call
-		else
-			@buffer
-		end
-	end
+	attr_reader :fragments, :fragment_depth, :output_buffer, :buffer
 	def around_render(component)
 		stack = @stack
@@ -85,17 +76,23 @@ class Phlex::SGML::State
 	end
 	def caching(&)
-		buffer = +""
-		@cache_stack.push([buffer, {}].freeze)
-		capturing_into(buffer, &)
-		@cache_stack.pop
+		result = nil
+		capture do
+			@cache_stack.push([buffer, {}].freeze)
+			yield
+			result = @cache_stack.pop
+		end
+		result
 	end
 	def caching?
 		@cache_stack.length > 0
 	end
-	def capturing_into(new_buffer)
+	def capture
+		new_buffer = +""
 		original_buffer = @buffer
 		original_capturing = @capturing
 		original_fragments = @fragments

data/lib/phlex/sgml.rb CHANGED Viewed

@@ -3,7 +3,13 @@
 # **Standard Generalized Markup Language** for behaviour common to {HTML} and {SVG}.
 class Phlex::SGML
 	UNSAFE_ATTRIBUTES = Set.new(%w[srcdoc sandbox http-equiv]).freeze
-	REF_ATTRIBUTES = Set.new(%w[href src action formaction lowsrc dynsrc background ping]).freeze
+	REF_ATTRIBUTES = Set.new(%w[href src action formaction lowsrc dynsrc background ping xlinkhref]).freeze
+	NAMED_CHARACTER_REFERENCES = {
+		"colon" => ":",
+		"tab" => "\t",
+		"newline" => "\n",
+	}.freeze
+	UNSAFE_ATTRIBUTE_NAME_CHARS = %r([<>&"'/=\s\x00])
 	ERBCompiler = ERB::Compiler.new("<>").tap do |compiler|
 		compiler.pre_cmd    = [""]
@@ -217,9 +223,9 @@ class Phlex::SGML
 		return "" unless block
 		if args.length > 0
-			@_state.capturing_into(+"") { __yield_content_with_args__(*args, &block) }
+			@_state.capture { __yield_content_with_args__(*args, &block) }
 		else
-			@_state.capturing_into(+"") { __yield_content__(&block) }
+			@_state.capture { __yield_content__(&block) }
 		end
 	end
@@ -298,6 +304,8 @@ class Phlex::SGML
 		].freeze
 		low_level_cache(full_key, **, &content)
+		nil
 	end
 	# Cache a block of content where you control the entire cache key.
@@ -331,6 +339,8 @@ class Phlex::SGML
 				end
 			end
 		end
+		nil
 	end
 	def json_escape(string)
@@ -353,15 +363,8 @@ class Phlex::SGML
 		false
 	end
-	def vanish(*args)
-		return unless block_given?
-		if args.length > 0
-			@_state.capturing_into(Phlex::Vanish) { yield(*args) }
-		else
-			@_state.capturing_into(Phlex::Vanish) { yield(self) }
-		end
+	def vanish(...)
+		capture(...)
 		nil
 	end
@@ -526,7 +529,9 @@ class Phlex::SGML
 				if value != true && REF_ATTRIBUTES.include?(normalized_name)
 					case value
 					when String
-						if value.downcase.delete("^a-z:").start_with?("javascript:")
+						decoded_value = decode_html_character_references(value)
+						if decoded_value.downcase.delete("^a-z:").start_with?("javascript:")
 							# We just ignore these because they were likely not specified by the developer.
 							next
 						end
@@ -544,7 +549,7 @@ class Phlex::SGML
 				end
 			end
-			if name.match?(/[<>&"']/)
+			if name.match?(UNSAFE_ATTRIBUTE_NAME_CHARS)
 				raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
 			end
@@ -575,7 +580,7 @@ class Phlex::SGML
 				else raise Phlex::ArgumentError.new("Attribute keys should be Strings or Symbols")
 			end
-			if name.match?(/[<>&"']/)
+			if name.match?(UNSAFE_ATTRIBUTE_NAME_CHARS)
 				raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
 			end
@@ -651,6 +656,27 @@ class Phlex::SGML
 		buffer.gsub('"', "&quot;")
 	end
+	private def decode_html_character_references(value)
+		value
+			.gsub(/&#x([0-9a-f]+);?/i) {
+				begin
+					[$1.to_i(16)].pack("U*")
+				rescue
+					""
+				end
+			}
+			.gsub(/&#(\d+);?/) {
+				begin
+					[$1.to_i].pack("U*")
+				rescue
+					""
+				end
+			}
+			.gsub(/&([a-z][a-z0-9]+);?/i) {
+				NAMED_CHARACTER_REFERENCES[$1.downcase] || ""
+			}
+	end
 	# Result is **unsafe**, so it should be escaped!
 	def __styles__(styles)
 		case styles

data/lib/phlex/svg.rb CHANGED Viewed

@@ -43,7 +43,7 @@ class Phlex::SVG < Phlex::SGML
 			raise Phlex::ArgumentError.new("Expected the tag name to be a Symbol.")
 		end
-		if (tag = StandardElements.__registered_elements__[name]) || (tag = name.name.tr("_", "-")).include?("-")
+		if (tag = StandardElements.__registered_elements__[name]) || ((tag = name.name.tr("_", "-")).include?("-") && tag.match?(/\A[a-z0-9-]+\z/))
 			if attributes.length > 0 # with attributes
 				if block_given # with content block
 					buffer << "<#{tag}" << (Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes)) << ">"

data/lib/phlex/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Phlex
-	VERSION = "2.1.1"
+	VERSION = "2.1.3"
 end

data/lib/phlex.rb CHANGED Viewed

@@ -8,7 +8,6 @@ module Phlex
 	autoload :Kit, "phlex/kit"
 	autoload :FIFO, "phlex/fifo"
-	autoload :Vanish, "phlex/vanish"
 	autoload :Helpers, "phlex/helpers"
 	autoload :FIFOCacheStore, "phlex/fifo_cache_store"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: phlex
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.3
 platform: ruby
 authors:
 - Joel Drapper
 - Will Cosgrove
 bindir: bin
 cert_chain: []
-date: 2025-03-07 00:00:00.000000000 Z
+date: 2026-02-06 00:00:00.000000000 Z
 dependencies: []
 description: Build HTML, SVG and CSV views with Ruby classes.
 email:
@@ -40,7 +40,6 @@ files:
 - lib/phlex/sgml/state.rb
 - lib/phlex/svg.rb
 - lib/phlex/svg/standard_elements.rb
-- lib/phlex/vanish.rb
 - lib/phlex/version.rb
 homepage: https://www.phlex.fun
 licenses:
@@ -65,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.6
 specification_version: 4
 summary: Object-oriented views in Ruby.
 test_files: []

data/lib/phlex/vanish.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-# @api private
-module Phlex::Vanish
-	extend self
-	def <<(anything)
-		self
-	end
-	def bytesize
-		0
-	end
-	def dup
-		self
-	end
-	def clear
-		self
-	end
-end