phlex 1.8.1 → 1.8.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of phlex might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e7e702f2d22fc85cc0c02a467508f372b1adf091e06756ffa1188f63e48ea81
4
- data.tar.gz: 386a078fd6d65ac5e84043c3e15fd638b5b5402b55519849147f3ab8f9c22f0b
3
+ metadata.gz: c1d48498ccaf33dd17284b64a64da61c685261ef5a00546730dcf6558d2f3d09
4
+ data.tar.gz: 65189fc76952e4cd6927c80e4c3a8123ae57e63f34ea29d40783374b2a34fdbb
5
5
  SHA512:
6
- metadata.gz: f9c844aaefa12de8714fa1c4d745a35bb8385f9aca10367b3f14bb60667c2c894c74628649055d4a915a4f7a3c9c2f571b537c8b0097307a4411f8eba61c3774
7
- data.tar.gz: 2c6fb7d0fff4131faa8fdfd7b5f7c4b44a7af8604026046915cf61f80c2d4c5fe1ff605c7e280d3fef4a0973283643654f2d906a7fca7c6ef32a413a1ee03184
6
+ metadata.gz: f935d6ef0a93e5a973ff97ced63bcec83697d63766ae28c8a8b779f2c1fb6146f8fb285c091833ae23a4b8336e8ddf67713c40d16000b221898d9ea0082417a6
7
+ data.tar.gz: 2a96ec7be69bb08efe6453253614c1b6955931e1b62607577041d877730c96ec37d8a9eed2729f8d3caf92078c9d890dfac7b4de9c56d15de48f059a44872976
data/lib/phlex/sgml.rb CHANGED
@@ -364,14 +364,6 @@ module Phlex
364
364
  attributes = process_attributes(**attributes)
365
365
  end
366
366
 
367
- if attributes[:href]&.start_with?(/\s*javascript:/)
368
- attributes.delete(:href)
369
- end
370
-
371
- if attributes["href"]&.start_with?(/\s*javascript:/)
372
- attributes.delete("href")
373
- end
374
-
375
367
  buffer = +""
376
368
  __build_attributes__(attributes, buffer: buffer)
377
369
 
@@ -389,8 +381,11 @@ module Phlex
389
381
  else raise ArgumentError, "Attribute keys should be Strings or Symbols."
390
382
  end
391
383
 
384
+ lower_name = name.downcase
385
+ next if lower_name == "href" && v.start_with?(/\s*javascript:/i)
386
+
392
387
  # Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
393
- if HTML::EVENT_ATTRIBUTES[name] || name.match?(/[<>&"']/)
388
+ if HTML::EVENT_ATTRIBUTES[lower_name] || name.match?(/[<>&"']/)
394
389
  raise ArgumentError, "Unsafe attribute name detected: #{k}."
395
390
  end
396
391
 
data/lib/phlex/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Phlex
4
- VERSION = "1.8.1"
4
+ VERSION = "1.8.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: phlex
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.1
4
+ version: 1.8.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joel Drapper
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-04-20 00:00:00.000000000 Z
11
+ date: 2024-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: concurrent-ruby
@@ -119,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
119
119
  - !ruby/object:Gem::Version
120
120
  version: '0'
121
121
  requirements: []
122
- rubygems_version: 3.4.10
122
+ rubygems_version: 3.4.22
123
123
  signing_key:
124
124
  specification_version: 4
125
125
  summary: A fun framework for building views in Ruby.