playbook_ui 16.4.0.pre.alpha.play287215277 → 16.4.0.pre.alpha.play287215278

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f192477f8ce86f7e7d34c1fcd3e04ce3ec19bce384af58ee7b670ad2020bb7da
4
- data.tar.gz: cdf3515b0efd18f633a9f0b9c971fba9f5e1c86ba26e1072be960e42d0dce68d
3
+ metadata.gz: d90f2a0e1e6aff0fddad6a6fdb6d69b876efad5e17da89334ea59c1f3516b8aa
4
+ data.tar.gz: 81ff442b5a89049fb4f90d692d74514f9965d9b1ef7e4fdf98dd83a42365571f
5
5
  SHA512:
6
- metadata.gz: 7ea0752cc8fa230d382be06fa02a93b19830976599733888686a05cc85feccef9024d16debed509130b7902c7251c62b6e1f2604796b4e0b1ca8259f020738d0
7
- data.tar.gz: 92b037ce1dded39bc8a28f90c79fdfbbcbff46056af9b9c111d9a51e43a1e2b60e441f9ac77c25ab022fd5a6a6c238d1800f92416935fb634550f877f527819e
6
+ metadata.gz: 28e7208ec7455f14bf6680de34a242cfe5175273e36bb1c40307ad2b41968614e8d9569cae3f36dd3473cc52eaf56e722383c4628d79d18195188977527de041
7
+ data.tar.gz: 1b6e3d13da6a92ff2cb87ad4d91587cb08cf4bcfb4269b7cb91caf0bd9450d071ae10a8f7667428e7e14098d802994b8797720f77198b60df99af5db6f7210cb
@@ -51,9 +51,19 @@ module Playbook
51
51
  def warn_font_awesome_fallback
52
52
  return "".html_safe if Rails.env.test? || Rails.env.production?
53
53
  return "".html_safe if icon.nil? || icon.to_s.empty?
54
+ # Only warn if Playbook icons are configured (prevents noise when not set up)
55
+ return "".html_safe unless Rails.application.config.respond_to?(:icon_path)
54
56
 
55
- escaped_icon = icon.to_s.gsub("'", "\\\\'")
56
- message = "[Playbook] Icon '#{escaped_icon}' not found in Playbook icons. Falling back to Font Awesome. Font Awesome will be removed from Nitro in the future. Please use Playbook Icons instead. See https://playbook.powerapp.cloud/playbook_icons for available icons."
57
+ # Use JSON.generate for proper JavaScript string escaping
58
+ # This handles quotes, newlines, and </script> injection (XSS prevention)
59
+ icon_js = JSON.generate(icon.to_s)
60
+
61
+ message = "[Playbook] Icon '#{icon}' not found in Playbook icons. " \
62
+ "Falling back to Font Awesome. " \
63
+ "Font Awesome will be removed from Nitro in the future. " \
64
+ "Please use Playbook Icons instead. " \
65
+ "See https://playbook.powerapp.cloud/playbook_icons for available icons."
66
+ message_js = JSON.generate(message)
57
67
 
58
68
  script = "<script type=\"text/javascript\">\n"
59
69
  script += "(function() {\n"
@@ -61,9 +71,9 @@ module Playbook
61
71
  script += " var isLocalDev = hostname === 'localhost' || hostname === '127.0.0.1' || hostname.endsWith('.local') || hostname.includes('local.') || !hostname;\n"
62
72
  script += " if (!isLocalDev) return;\n"
63
73
  script += " if (!window.__PB_WARNED_ICONS__) window.__PB_WARNED_ICONS__ = new Set();\n"
64
- script += " if (!window.__PB_WARNED_ICONS__.has('#{escaped_icon}')) {\n"
65
- script += " window.__PB_WARNED_ICONS__.add('#{escaped_icon}');\n"
66
- script += " console.warn('#{message}');\n"
74
+ script += " if (!window.__PB_WARNED_ICONS__.has(#{icon_js})) {\n"
75
+ script += " window.__PB_WARNED_ICONS__.add(#{icon_js});\n"
76
+ script += " console.warn(#{message_js});\n"
67
77
  script += " }\n"
68
78
  script += "})();\n"
69
79
  script += "</script>"
@@ -2,5 +2,5 @@
2
2
 
3
3
  module Playbook
4
4
  PREVIOUS_VERSION = "16.4.0"
5
- VERSION = "16.4.0.pre.alpha.play287215277"
5
+ VERSION = "16.4.0.pre.alpha.play287215278"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: playbook_ui
3
3
  version: !ruby/object:Gem::Version
4
- version: 16.4.0.pre.alpha.play287215277
4
+ version: 16.4.0.pre.alpha.play287215278
5
5
  platform: ruby
6
6
  authors:
7
7
  - Power UX