phlex 1.6.1 → 1.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of phlex might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/lib/phlex/sgml.rb +4 -9
  4. data/lib/phlex/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ada5b83ea9c2fbd305a249ffa81a43c9e9da26a7c87860dac62e594a43341001
4
- data.tar.gz: e728f6c83cae97671bf4092f7bd384c93611d51158f613a75518d1109a669942
3
+ metadata.gz: 85f8d8d06e49280c1fd480bf596fd6f13e76d9872fe363349e9e481d8c32fe44
4
+ data.tar.gz: 55b77a7f744a657406a84f98cc049d38b3a4631dd60d29b45a0d33022efb7695
5
5
  SHA512:
6
- metadata.gz: 6f8b512d89247318f657482d3eeb1ba9fd0c1de73edcf4f3c5d0b6ff843bbd0bbca6d47d9a957780a1831e70b67ec8c2d1d1beba10a00bc9546a8966f67d545d
7
- data.tar.gz: a5a780a277bc36e8fa028af0ccdd3b985189ae6c49241d737b9d86e4f37fa43bbbfc8e4cb1736914735a35821a741c8fcc964f45c8b82b96c5389053c72b2684
6
+ metadata.gz: a1628997a70876299299b3825bfb9da74be95703d7402898f57e550945eb1b35da61382237914729ab1f90faeca671d377b10c28ae3c22589afb8f23b5a4d0f4
7
+ data.tar.gz: 0e62cb5507038341d2f4ef8104fbf6cc79723032cb5b88510c5d44376ba4668b44571a047819b0f03b900abdd6d0c8f8585c369d0f1923db9482962e95d91393
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.1
1
+ 3.3.0
data/lib/phlex/sgml.rb CHANGED
@@ -259,14 +259,6 @@ module Phlex
259
259
  attributes = process_attributes(**attributes)
260
260
  end
261
261
 
262
- if attributes[:href]&.start_with?(/\s*javascript:/)
263
- attributes.delete(:href)
264
- end
265
-
266
- if attributes["href"]&.start_with?(/\s*javascript:/)
267
- attributes.delete("href")
268
- end
269
-
270
262
  buffer = +""
271
263
  __build_attributes__(attributes, buffer: buffer)
272
264
 
@@ -284,8 +276,11 @@ module Phlex
284
276
  else k.to_s
285
277
  end
286
278
 
279
+ lower_name = name.downcase
280
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
281
+
287
282
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
288
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
283
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
289
284
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
290
285
  end
291
286
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.6.1"
4
+ VERSION = "1.6.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.1
4
+ version: 1.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-03-10 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -117,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
117
117
  - !ruby/object:Gem::Version
118
118
  version: '0'
119
119
  requirements: []
120
- rubygems_version: 3.4.6
120
+ rubygems_version: 3.5.6
121
121
  signing_key:
122
122
  specification_version: 4
123
123
  summary: A framework for building views in Ruby.