twitter-bootstrap-rails-confirm 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -0
  3. data/lib/twitter-bootstrap-rails-confirm/version.rb +1 -1
  4. data/vendor/assets/javascripts/twitter/bootstrap/rails/confirm.js +9 -4
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b4af854cb39f612728a02d3eb6197d9e39ca4243
4
- data.tar.gz: 104a72de5382e6907e83300859c3fa8aad70b2a5
3
+ metadata.gz: 5c6fc0126e16b808c7ee4fb81e5e5c589693a33c
4
+ data.tar.gz: 35b26a8694584f33e5c9d11be9d5fb12472a0cef
5
5
  SHA512:
6
- metadata.gz: 1815f79cf919fb1c21d3348373bba37cbed840ba2cc18d07d246067ac2a12e9bad1aa70711d460d1c73d7ff7de652fdb4186b29ecd3c5cebc482772e6ab151d7
7
- data.tar.gz: 1bf20de563029a8abd3fc399cec25d0d3db3c5a711591ea081ce966550c6acaad7bcfa3eb89cddcf0ba4abc84434e15f074cde86ff2ffb301bd4c7df1e75e8be
6
+ metadata.gz: e81136caf2cc11ab8630b67fa600637ede0e87438bcf177ecaeb35b6a67d299bff42ad018e7a66eac1499fc964531e9f569cf96704db60866049bb0c8fb6deb7
7
+ data.tar.gz: 00efad5027fa893dc46f0e3099c518b9442615e01b3d5fbc94ec713bc64860e32757b58c29d12a4996797ef275185cf01a761684bacb2bf213aa1548e2af0849
data/README.md CHANGED
@@ -93,6 +93,10 @@ simple app that loads Bootstrap and this gem.
93
93
 
94
94
  ## Changelog
95
95
 
96
+ ### 2.0.2 (January 18, 2022)
97
+
98
+ * BREAKING: Resolved possible XSS by using .text() over .html()
99
+
96
100
  ### 2.0.1 (January 14, 2018)
97
101
 
98
102
  * [(eirvandelden)](https://github.com/eirvandelden) [Bootstrap 4 version is stored in Tooltip.VERSION](https://github.com/bluerail/twitter-bootstrap-rails-confirm/pull/38)
data/lib/twitter-bootstrap-rails-confirm/version.rb CHANGED
@@ -2,7 +2,7 @@ module Twitter
2
2
  module Bootstrap
3
3
  module Rails
4
4
  module Confirm
5
- VERSION = "2.0.1"
5
+ VERSION = "2.0.2"
6
6
  end
7
7
  end
8
8
  end
data/vendor/assets/javascripts/twitter/bootstrap/rails/confirm.js CHANGED
@@ -42,12 +42,17 @@
42
42
  $dialog.addClass("fade");
43
43
  }
44
44
 
45
- $dialog.find(".modal-header .modal-title").html(element.data("confirm-title") || $.fn.twitter_bootstrap_confirmbox.defaults.title || window.top.location.origin);
45
+ $dialog.find(".modal-header .modal-title").text(element.data("confirm-title") || $.fn.twitter_bootstrap_confirmbox.defaults.title || window.top.location.origin);
46
46
 
47
- $dialog.find(".modal-body").html(message.toString().replace(/\n/g, "<br />"));
47
+ var dialog_body = $dialog.find(".modal-body");
48
+ var paragraphs = message.toString().split(/\n/);
49
+ dialog_body.html('');
50
+ for (var paragraph_index in paragraphs) {
51
+ $("<p></p>").appendTo(dialog_body).text(paragraphs[paragraph_index]);
52
+ }
48
53
 
49
54
  var cancel_buton = $("<a />", { href: "#", "data-dismiss": "modal" });
50
- cancel_buton.html(element.data("confirm-cancel") || $.fn.twitter_bootstrap_confirmbox.defaults.cancel);
55
+ cancel_buton.text(element.data("confirm-cancel") || $.fn.twitter_bootstrap_confirmbox.defaults.cancel);
51
56
  cancel_buton.addClass($.fn.twitter_bootstrap_confirmbox.defaults.cancel_class);
52
57
  cancel_buton.addClass(element.data("confirm-cancel-class") || (bootstrap_version === 4 ? "btn-secondary" : void 0) || "btn-default");
53
58
  cancel_buton.click(function(event) {
@@ -57,7 +62,7 @@
57
62
  $dialog.find(".modal-footer").append(cancel_buton);
58
63
 
59
64
  var confirm_button = $("<a />", { href: "#" });
60
- confirm_button.html(element.data("confirm-proceed") || $.fn.twitter_bootstrap_confirmbox.defaults.proceed);
65
+ confirm_button.text(element.data("confirm-proceed") || $.fn.twitter_bootstrap_confirmbox.defaults.proceed);
61
66
  confirm_button.addClass($.fn.twitter_bootstrap_confirmbox.defaults.proceed_class);
62
67
  confirm_button.addClass(element.data("confirm-proceed-class") || "btn-primary");
63
68
  confirm_button.click(function(event) {
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: twitter-bootstrap-rails-confirm
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rene van Lieshout
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-15 00:00:00.000000000 Z
11
+ date: 2022-01-18 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Confirm dialogs using Twitter Bootstrap
14
14
  email:
@@ -17,7 +17,7 @@ executables: []
17
17
  extensions: []
18
18
  extra_rdoc_files: []
19
19
  files:
20
- - ".gitignore"
20
+ - .gitignore
21
21
  - Gemfile
22
22
  - LICENSE
23
23
  - README.md
@@ -37,17 +37,17 @@ require_paths:
37
37
  - vendor
38
38
  required_ruby_version: !ruby/object:Gem::Requirement
39
39
  requirements:
40
- - - ">="
40
+ - - '>='
41
41
  - !ruby/object:Gem::Version
42
42
  version: '0'
43
43
  required_rubygems_version: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - '>='
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  requirements: []
49
49
  rubyforge_project:
50
- rubygems_version: 2.5.2.3
50
+ rubygems_version: 2.0.14.1
51
51
  signing_key:
52
52
  specification_version: 4
53
53
  summary: Applies a custom confirm dialog for elements with a data-confirm attribute.