phlex 1.6.1 → 1.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/lib/phlex/sgml.rb +4 -9
- data/lib/phlex/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 85f8d8d06e49280c1fd480bf596fd6f13e76d9872fe363349e9e481d8c32fe44
|
|
4
|
+
data.tar.gz: 55b77a7f744a657406a84f98cc049d38b3a4631dd60d29b45a0d33022efb7695
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a1628997a70876299299b3825bfb9da74be95703d7402898f57e550945eb1b35da61382237914729ab1f90faeca671d377b10c28ae3c22589afb8f23b5a4d0f4
|
|
7
|
+
data.tar.gz: 0e62cb5507038341d2f4ef8104fbf6cc79723032cb5b88510c5d44376ba4668b44571a047819b0f03b900abdd6d0c8f8585c369d0f1923db9482962e95d91393
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.3.0
|
data/lib/phlex/sgml.rb
CHANGED
|
@@ -259,14 +259,6 @@ module Phlex
|
|
|
259
259
|
attributes = process_attributes(**attributes)
|
|
260
260
|
end
|
|
261
261
|
|
|
262
|
-
if attributes[:href]&.start_with?(/\s*javascript:/)
|
|
263
|
-
attributes.delete(:href)
|
|
264
|
-
end
|
|
265
|
-
|
|
266
|
-
if attributes["href"]&.start_with?(/\s*javascript:/)
|
|
267
|
-
attributes.delete("href")
|
|
268
|
-
end
|
|
269
|
-
|
|
270
262
|
buffer = +""
|
|
271
263
|
__build_attributes__(attributes, buffer: buffer)
|
|
272
264
|
|
|
@@ -284,8 +276,11 @@ module Phlex
|
|
|
284
276
|
else k.to_s
|
|
285
277
|
end
|
|
286
278
|
|
|
279
|
+
lower_name = name.downcase
|
|
280
|
+
next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
|
|
281
|
+
|
|
287
282
|
# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
|
|
288
|
-
if HTML::EVENT_ATTRIBUTES[
|
|
283
|
+
if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
|
|
289
284
|
raise ArgumentError, "Unsafe attribute name detected: #{k}."
|
|
290
285
|
end
|
|
291
286
|
|
data/lib/phlex/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: phlex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Joel Drapper
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|
|
@@ -117,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
117
117
|
- !ruby/object:Gem::Version
|
|
118
118
|
version: '0'
|
|
119
119
|
requirements: []
|
|
120
|
-
rubygems_version: 3.
|
|
120
|
+
rubygems_version: 3.5.6
|
|
121
121
|
signing_key:
|
|
122
122
|
specification_version: 4
|
|
123
123
|
summary: A framework for building views in Ruby.
|