phlex 1.2.1 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/phlex/html.rb +4 -9
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d628d0e0b2f138923dd354f1b6b4ed47d7945d81bb95f8227978574d85d9a82f
4
- data.tar.gz: 909df1cd689153a3ea83c7200d7af5c01aa1af0bba3a569eec825f3dc1b049f2
3
+ metadata.gz: f62cc3d24a6690657b01ac0d35f0ee5ed669d4c374db0b1792e9178b10a01788
4
+ data.tar.gz: 17296d2f834f7d29e7f107da769971b985e812416479a5f9dd94074dec124147
5
5
  SHA512:
6
- metadata.gz: 78e83ee77668f41ed94742d45809f32a92ab8ecba22ea82ebdc2402d4ef52e2718ad157d723f730c2bc431ddc2f98749cdd5d5ed46b948bebf230c1cbf5adbe2
7
- data.tar.gz: e234afec1c0a77095082136f870c326c8f15ff3c6fdc8b3369f7d034c6bbc053d6be245f5753b36b5d8a6bafcbbb100a3e562ed4968960a4ba902475dd6c8e07
6
+ metadata.gz: af0d4fa2c505788bb38e8988728d9b58469f7ba76b6cc0be52d378a5d9a50ecbd7402a3d068d1083872fb028499d6a6b334e0a52636edf2f0fc2c62703a3ccbf
7
+ data.tar.gz: 1ddbce1b9d3b01820292948f1813e6973897b9ebb4ae1cbb3d3fa9e643350784161a3a33193e82a12b097f6cca36815d8ed001575e4d63308e2ede6adf0071e3
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.0
1
+ 3.3.0
data/lib/phlex/html.rb CHANGED
@@ -356,14 +356,6 @@ module Phlex
356
356
  end
357
357
 
358
358
  private def __attributes__(**attributes)
359
- if attributes[:href]&.start_with?(/\s*javascript/)
360
- attributes.delete(:href)
361
- end
362
-
363
- if attributes["href"]&.start_with?(/\s*javascript/)
364
- attributes.delete("href")
365
- end
366
-
367
359
  buffer = +""
368
360
  __build_attributes__(attributes, buffer: buffer)
369
361
 
@@ -384,8 +376,11 @@ module Phlex
384
376
  else k.to_s
385
377
  end
386
378
 
379
+ lower_name = name.downcase
380
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
381
+
387
382
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
388
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
383
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
389
384
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
390
385
  end
391
386
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.2.1"
4
+ VERSION = "1.2.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-01-25 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: zeitwerk
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
89
  requirements: []
90
- rubygems_version: 3.4.4
90
+ rubygems_version: 3.5.6
91
91
  signing_key:
92
92
  specification_version: 4
93
93
  summary: A framework for building views in Ruby.