sprockets 3.1.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of sprockets might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sprockets/asset.rb +3 -2
  3. data/lib/sprockets/cache.rb +2 -2
  4. data/lib/sprockets/digest_utils.rb +27 -10
  5. data/lib/sprockets/loader.rb +0 -1
  6. data/lib/sprockets/manifest.rb +5 -1
  7. data/lib/sprockets/utils.rb +4 -4
  8. data/lib/sprockets/version.rb +1 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 903635fd1ccad435c06561c0d825f78aae55f281
4
- data.tar.gz: 65c2850077f1066e37b98e1be0ead819c3ce096f
3
+ metadata.gz: ec93323cfb4ee9daedbf87dd84da7e788eb5fed5
4
+ data.tar.gz: 5e43ec7e11e4d9fd167ed70f00633ae0995a72aa
5
5
  SHA512:
6
- metadata.gz: ee9453dfe28d48cdd749e3457ad244289641d4c8d0fcc7bb3912b8db3889d5a1a90298341f93767bcd2994041ee6ad3b2c024772f2450112197c41733706fc48
7
- data.tar.gz: ddf7f195f3e04ed21b8416dc6312d1a2daaf896af1fa45c67427c0e03a55f0def0c3f7bb1aa96798269fef046dfebf627fcd6ee8314969683ef59c33ead8b507
6
+ metadata.gz: b891fd59f01709b0ded0462aec839bfb346c36e379a48e3eaf770e60d369e87040e6ec0941b35fe2a79411a2e39cbf48b2131d2ef241d62dadd84640d8df3276
7
+ data.tar.gz: dc144eaac6981bdbea7838822e049fb026304d615b94286ec989f3d3ada6731f978e5151eb67caa91f81a03fbf66037027f3c90ceaa68d9aa57897ae35390977
data/lib/sprockets/asset.rb CHANGED
@@ -19,7 +19,6 @@ module Sprockets
19
19
  @content_type = attributes[:content_type]
20
20
  @filename = attributes[:filename]
21
21
  @id = attributes[:id]
22
- @integrity = attributes[:integrity]
23
22
  @load_path = attributes[:load_path]
24
23
  @logical_path = attributes[:logical_path]
25
24
  @metadata = attributes[:metadata]
@@ -140,7 +139,9 @@ module Sprockets
140
139
  end
141
140
 
142
141
  # Public: A "named information" URL for subresource integrity.
143
- attr_reader :integrity
142
+ def integrity
143
+ DigestUtils.integrity_uri(metadata[:digest])
144
+ end
144
145
 
145
146
  # Public: Add enumerator to allow `Asset` instances to be used as Rack
146
147
  # compatible body objects.
data/lib/sprockets/cache.rb CHANGED
@@ -97,7 +97,7 @@ module Sprockets
97
97
  # Public: Low level API to retrieve item directly from the backend cache
98
98
  # store.
99
99
  #
100
- # This API may be used publicaly, but may have undefined behavior
100
+ # This API may be used publicly, but may have undefined behavior
101
101
  # depending on the backend store being used. Prefer the
102
102
  # Cache#fetch API over using this.
103
103
  #
@@ -120,7 +120,7 @@ module Sprockets
120
120
 
121
121
  # Public: Low level API to set item directly to the backend cache store.
122
122
  #
123
- # This API may be used publicaly, but may have undefined behavior
123
+ # This API may be used publicly, but may have undefined behavior
124
124
  # depending on the backend store being used. Prefer the
125
125
  # Cache#fetch API over using this.
126
126
  #
data/lib/sprockets/digest_utils.rb CHANGED
@@ -96,6 +96,15 @@ module Sprockets
96
96
  bin.unpack('H*').first
97
97
  end
98
98
 
99
+ # Internal: Unpack a hex encoded digest string into binary bytes.
100
+ #
101
+ # hex - String hex
102
+ #
103
+ # Returns binary String.
104
+ def unpack_hexdigest(hex)
105
+ [hex].pack('H*')
106
+ end
107
+
99
108
  # Internal: Pack a binary digest to a base64 encoded string.
100
109
  #
101
110
  # bin - String bytes
@@ -117,17 +126,15 @@ module Sprockets
117
126
  str
118
127
  end
119
128
 
120
- # Internal: Maps digest class to the named information hash algorithm name.
121
- #
122
- # http://www.iana.org/assignments/named-information/named-information.xhtml
123
- NI_HASH_ALGORITHMS = {
124
- Digest::SHA256 => 'sha-256'.freeze,
125
- Digest::SHA384 => 'sha-384'.freeze,
126
- Digest::SHA512 => 'sha-512'.freeze
129
+ # Internal: Maps digest class to the CSP hash algorithm name.
130
+ HASH_ALGORITHMS = {
131
+ Digest::SHA256 => 'sha256'.freeze,
132
+ Digest::SHA384 => 'sha384'.freeze,
133
+ Digest::SHA512 => 'sha512'.freeze
127
134
  }
128
135
 
129
- # Internal: Generate a "named information" URI for use in the `integrity`
130
- # attribute of an asset tag as per the subresource integrity specification.
136
+ # Public: Generate hash for use in the `integrity` attribute of an asset tag
137
+ # as per the subresource integrity specification.
131
138
  #
132
139
  # digest - The String byte digest of the asset content.
133
140
  #
@@ -143,9 +150,19 @@ module Sprockets
143
150
  raise TypeError, "unknown digest: #{digest.inspect}"
144
151
  end
145
152
 
146
- if hash_name = NI_HASH_ALGORITHMS[digest_class]
153
+ if hash_name = HASH_ALGORITHMS[digest_class]
147
154
  "#{hash_name}-#{pack_base64digest(digest)}"
148
155
  end
149
156
  end
157
+
158
+ # Public: Generate hash for use in the `integrity` attribute of an asset tag
159
+ # as per the subresource integrity specification.
160
+ #
161
+ # digest - The String hexbyte digest of the asset content.
162
+ #
163
+ # Returns a String or nil if hash algorithm is incompatible.
164
+ def hexdigest_integrity_uri(hexdigest)
165
+ integrity_uri(unpack_hexdigest(hexdigest))
166
+ end
150
167
  end
151
168
  end
data/lib/sprockets/loader.rb CHANGED
@@ -118,7 +118,6 @@ module Sprockets
118
118
  content_type: type,
119
119
  source: source,
120
120
  metadata: metadata,
121
- integrity: integrity_uri(metadata[:digest]),
122
121
  dependencies_digest: digest(resolve_dependencies(metadata[:dependencies]))
123
122
  }
124
123
 
data/lib/sprockets/manifest.rb CHANGED
@@ -165,7 +165,11 @@ module Sprockets
165
165
  'mtime' => asset.mtime.iso8601,
166
166
  'size' => asset.bytesize,
167
167
  'digest' => asset.hexdigest,
168
- 'integrity' => asset.integrity
168
+
169
+ # Deprecated: Remove beta integrity attribute in next release.
170
+ # Callers should DigestUtils.hexdigest_integrity_uri to compute the
171
+ # digest themselves.
172
+ 'integrity' => DigestUtils.hexdigest_integrity_uri(asset.hexdigest)
169
173
  }
170
174
  assets[asset.logical_path] = asset.digest_path
171
175
 
data/lib/sprockets/utils.rb CHANGED
@@ -95,11 +95,11 @@ module Sprockets
95
95
  #
96
96
  # Returns buf String.
97
97
  def concat_javascript_sources(buf, source)
98
- if string_end_with_semicolon?(buf)
99
- buf << source
100
- else
101
- buf << ";\n" << source
98
+ if buf.bytesize > 0
99
+ buf << ";" unless string_end_with_semicolon?(buf)
100
+ buf << "\n" unless buf.end_with?("\n")
102
101
  end
102
+ buf << source
103
103
  end
104
104
 
105
105
  # Internal: Prepends a leading "." to an extension if its missing.
data/lib/sprockets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sprockets
2
- VERSION = "3.1.0"
2
+ VERSION = "3.2.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sprockets
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Stephenson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-05-10 00:00:00.000000000 Z
12
+ date: 2015-06-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack