phlex 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -0
  3. data/lib/phlex/html.rb +4 -5
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e074c926f013d613e2523b41c8dd604758d087c64d377b50a343c651b0164c0d
4
- data.tar.gz: 56019e811dff06ef053adfeb20160fe29c247ee2e2f37848eba1580d240c41fd
3
+ metadata.gz: 959fa6b3416f8a2ad94a64379a8b23a1e2693f5990864584694dd8a83e25c03d
4
+ data.tar.gz: 9d7f1f895a8f814c502d8e3b39dc1634710accbcaa7652489186c64b4544d19f
5
5
  SHA512:
6
- metadata.gz: 24489ae7f67415aa23ce258d6a121fe37418ce32e543888410b730821feeafd5fda6f164dd6f390f9dd4a0ec7a8a92ae5c50deb53376f95f987203ad4da2acf2
7
- data.tar.gz: 1ddfa0b6dff09c597cec5f77f521faf89344981e4f3ddd3237722d94cb4d4faeec0d385a7ef4a0a18acec770d7f22811ac489ae94dfdfc3fc92fbf1cbb676f20
6
+ metadata.gz: 2aa7a0cc26cee6e3fa2fab8c6fb5072bcb55b8afb3e394491a039dc9243821fc60ebe4d479f2edd00f44d411da8227e4b2d7c3d231ebf08f05cd1fa3bd2c871d
7
+ data.tar.gz: 11ee27a58f2f9a1d5b19b8124648642db6162dd159c060fb6025274a24da28e6fcfb43d2e0e8e889713e658651ea795b07c4835fd9ada80933b1780431555205
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 3.3.0
data/lib/phlex/html.rb CHANGED
@@ -316,10 +316,6 @@ module Phlex
316
316
  end
317
317
 
318
318
  private def _attributes(**attributes)
319
- if attributes[:href]&.start_with?(/\s*javascript/)
320
- attributes[:href] = attributes[:href].sub(/^\s*(javascript:)+/, "")
321
- end
322
-
323
319
  buffer = +""
324
320
  _build_attributes(attributes, buffer: buffer)
325
321
 
@@ -340,8 +336,11 @@ module Phlex
340
336
  else k.to_s
341
337
  end
342
338
 
339
+ lower_name = name.downcase
340
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
341
+
343
342
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
344
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
343
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
345
344
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
346
345
  end
347
346
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.0.0"
4
+ VERSION = "1.0.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-12-08 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: zeitwerk
@@ -33,6 +33,7 @@ extra_rdoc_files: []
33
33
  files:
34
34
  - ".editorconfig"
35
35
  - ".rubocop.yml"
36
+ - ".ruby-version"
36
37
  - CODE_OF_CONDUCT.md
37
38
  - CONTRIBUTING.md
38
39
  - Gemfile
@@ -85,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
85
86
  - !ruby/object:Gem::Version
86
87
  version: '0'
87
88
  requirements: []
88
- rubygems_version: 3.3.25
89
+ rubygems_version: 3.5.6
89
90
  signing_key:
90
91
  specification_version: 4
91
92
  summary: A framework for building views in Ruby.