unpoly-rails 3.9.2 → 3.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/assets/unpoly/unpoly.css +1 -0
- data/assets/unpoly/unpoly.es6.js +23 -15
- data/assets/unpoly/unpoly.es6.min.js +1 -1
- data/assets/unpoly/unpoly.js +23 -15
- data/assets/unpoly/unpoly.min.css +1 -1
- data/assets/unpoly/unpoly.min.js +1 -1
- data/lib/unpoly/rails/util.rb +13 -7
- data/lib/unpoly/rails/version.rb +1 -1
- metadata +2 -2
data/lib/unpoly/rails/util.rb
CHANGED
@@ -5,13 +5,19 @@ module Unpoly
|
|
5
5
|
|
6
6
|
def guard_json_decode(raw, &default)
|
7
7
|
if raw.present?
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
8
|
+
if raw.is_a?(String)
|
9
|
+
begin
|
10
|
+
ActiveSupport::JSON.decode(raw)
|
11
|
+
rescue ActiveSupport::JSON.parse_error
|
12
|
+
# We would love to crash here, as it might indicate a bug in the frontend code.
|
13
|
+
# Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
|
14
|
+
# DOSing us with error notifications.
|
15
|
+
::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
|
16
|
+
default&.call
|
17
|
+
end
|
18
|
+
else
|
19
|
+
# Security spammers may pass nested param values in params like _up_context_changes.
|
20
|
+
::Rails.logger.error('unpoly-rails: Ignoring nested value in _up param')
|
15
21
|
default&.call
|
16
22
|
end
|
17
23
|
else
|
data/lib/unpoly/rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: unpoly-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.9.
|
4
|
+
version: 3.9.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Henning Koch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-10-
|
11
|
+
date: 2024-10-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|