phlex 1.10.0 → 1.10.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of phlex might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/phlex/helpers.rb +4 -0
- data/lib/phlex/sgml.rb +1 -1
- data/lib/phlex/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf84b97b1bea4f96f14b9cb01c649c12bc838fcf2e2f8c305e7d6b5ea26bb78e
|
|
4
|
+
data.tar.gz: 1a310b4f74440e8131ebc8ae7847f1c9fb6b371d3015c67f2da373ebf75ee038
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5e245d5943e46753a1ce044e620252e03353e5ffec1da5a21a158ad7c4ff2080b2fc47388b6af7da73db94a434ece93bb1c119a6498fc11291127e6e0b51aa85
|
|
7
|
+
data.tar.gz: 8772d302dbbe246b7200886403c3f2dbb7129b54f729b7cac4e13809cbdf5b9896aa6cabc23ae7b1b09df41c79ef8ec0b74be925f8cd2ca75fe726cdd7fc9011
|
data/lib/phlex/helpers.rb
CHANGED
|
@@ -74,6 +74,8 @@ module Phlex::Helpers
|
|
|
74
74
|
def mix(*args)
|
|
75
75
|
args.each_with_object({}) do |object, result|
|
|
76
76
|
result.merge!(object) do |_key, old, new|
|
|
77
|
+
next new if old.nil?
|
|
78
|
+
|
|
77
79
|
case new
|
|
78
80
|
when Hash
|
|
79
81
|
old.is_a?(Hash) ? mix(old, new) : new
|
|
@@ -95,6 +97,8 @@ module Phlex::Helpers
|
|
|
95
97
|
end
|
|
96
98
|
when String
|
|
97
99
|
old.is_a?(String) ? "#{old} #{new}" : old + old.class[new]
|
|
100
|
+
when nil
|
|
101
|
+
old
|
|
98
102
|
else
|
|
99
103
|
new
|
|
100
104
|
end
|
data/lib/phlex/sgml.rb
CHANGED
|
@@ -424,7 +424,7 @@ module Phlex
|
|
|
424
424
|
end
|
|
425
425
|
|
|
426
426
|
lower_name = name.downcase
|
|
427
|
-
next if lower_name == "href" && v.start_with?(
|
|
427
|
+
next if lower_name == "href" && v.to_s.downcase.tr("\t \n", "").start_with?("javascript:")
|
|
428
428
|
|
|
429
429
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
|
430
430
|
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: phlex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.10.
|
|
4
|
+
version: 1.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joel Drapper
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: A high-performance view framework optimised for fun.
|
|
14
14
|
email:
|
|
@@ -84,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
84
84
|
- !ruby/object:Gem::Version
|
|
85
85
|
version: '0'
|
|
86
86
|
requirements: []
|
|
87
|
-
rubygems_version: 3.5.
|
|
87
|
+
rubygems_version: 3.5.9
|
|
88
88
|
signing_key:
|
|
89
89
|
specification_version: 4
|
|
90
90
|
summary: A fun framework for building views in Ruby.
|