unpoly-rails 3.9.1 → 3.9.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/assets/unpoly/unpoly.es6.js +21 -10
- data/assets/unpoly/unpoly.es6.min.js +1 -1
- data/assets/unpoly/unpoly.js +21 -10
- data/assets/unpoly/unpoly.min.js +1 -1
- data/lib/unpoly/rails/util.rb +13 -7
- data/lib/unpoly/rails/version.rb +1 -1
- metadata +2 -2
data/lib/unpoly/rails/util.rb
CHANGED
|
@@ -5,13 +5,19 @@ module Unpoly
|
|
|
5
5
|
|
|
6
6
|
def guard_json_decode(raw, &default)
|
|
7
7
|
if raw.present?
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
8
|
+
if raw.is_a?(String)
|
|
9
|
+
begin
|
|
10
|
+
ActiveSupport::JSON.decode(raw)
|
|
11
|
+
rescue ActiveSupport::JSON.parse_error
|
|
12
|
+
# We would love to crash here, as it might indicate a bug in the frontend code.
|
|
13
|
+
# Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
|
|
14
|
+
# DOSing us with error notifications.
|
|
15
|
+
::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
|
|
16
|
+
default&.call
|
|
17
|
+
end
|
|
18
|
+
else
|
|
19
|
+
# Security spammers may pass nested param values in params like _up_context_changes.
|
|
20
|
+
::Rails.logger.error('unpoly-rails: Ignoring nested value in _up param')
|
|
15
21
|
default&.call
|
|
16
22
|
end
|
|
17
23
|
else
|
data/lib/unpoly/rails/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: unpoly-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.9.1
|
|
4
|
+
version: 3.9.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Henning Koch
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: railties
|