RubyGems - unpoly-rails - Versions diffs - 3.3.0 → 3.3.0.1 - Mend

unpoly-rails 3.3.0 → 3.3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/unpoly/rails/change/field.rb +5 -15
data/lib/unpoly/rails/util.rb +14 -2
data/lib/unpoly/rails/version.rb +2 -3
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 614551454d692e572ca5c9a0a231ad5b8b94e916a04665e0644a624ce20844a8
-  data.tar.gz: b9f1cf1029a6330314c49378a417da6f802630a8e2b9be7a6bc98c1bbcfdc0e5
+  metadata.gz: d6168b30ebc03dcb29e92bf01cf3641f450b73c77caf36524583fa285c36e7aa
+  data.tar.gz: dbe8e882e7875489d750a5477ff731941360ae7f8c9e418c728a6893948dc23a
 SHA512:
-  metadata.gz: 957eb63eee7f194196b454c0321eb1052f71582762378cd3190d94f9017885af6f035ab8622bc9df83b84a05793544614b1643486ca1e0f1d344ef1fdf3590ad
-  data.tar.gz: 8ece3837631ec7cc14394996dba8c803bd49c73c25f9729ddf81a01e9ddfd4989e1a900435cad179157d115351cc6e24ac8c1f7f7a64b1d6ebaf3044b8088444
+  metadata.gz: 29567f4fdb9668df6cba8e4fab7a758dd640395490b39d67ee4187f8474e0ecc4f6c0b36ccda8cf5f54479a642dcb7d30be71b4baeef02d5bf87145fc4ee44f2
+  data.tar.gz: b3f432523d96491a4d0c9908457134999ecfc400c0d26de04ee5ef6105b93a1fb453c44ad4f271f3f22ceb0c654053b46f8107dad0f0d06e10b461ee81b841e7

data/lib/unpoly/rails/change/field.rb CHANGED Viewed

@@ -48,7 +48,7 @@ module Unpoly
         end
         ##
-        # An array of strings, serialized as JSON.
+        # An array of strings, separated by a space character.
         class SeparatedValues < Field
           def initialize(name, separator: ' ', default: nil)
@@ -60,8 +60,8 @@ module Unpoly
           def parse(raw)
             if raw
               raw.split(@separator)
-            elsif @default
-              instance_exec(&@default)
+            else
+              @default&.call
             end
           end
@@ -101,11 +101,7 @@ module Unpoly
           end
           def parse(raw)
-            if raw.present?
-              result = Util.json_decode(raw)
-            elsif @default
-              result = instance_exec(&@default)
-            end
+            result = Util.guard_json_decode(raw, &@default)
             if result.is_a?(::Hash)
               result = ActiveSupport::HashWithIndifferentAccess.new(result)
@@ -132,13 +128,7 @@ module Unpoly
           end
           def parse(raw)
-            if raw.present?
-              result = Util.json_decode(raw)
-            elsif @default
-              result = instance_exec(&@default)
-            end
-            result
+            Util.guard_json_decode(raw, &@default)
           end
           def stringify(value)

data/lib/unpoly/rails/util.rb CHANGED Viewed

@@ -3,8 +3,20 @@ module Unpoly
     class Util
       class << self
-        def json_decode(string)
-          ActiveSupport::JSON.decode(string)
+        def guard_json_decode(raw, &default)
+          if raw.present?
+            begin
+              ActiveSupport::JSON.decode(raw)
+            rescue ActiveSupport::JSON.parse_error
+              # We would love to crash here, as it might indicate a bug in the frontend code.
+              # Unfortunately security scanners may be spamming malformed JSON in X-Up headers,
+              # DOSing us with error notifications.
+              ::Rails.logger.error('unpoly-rails: Ignoring malformed JSON in X-Up header')
+              default&.call
+            end
+          else
+            default&.call
+          end
         end
         # We build a lot of JSON that goes into HTTP header.

data/lib/unpoly/rails/version.rb CHANGED Viewed

@@ -2,8 +2,7 @@ module Unpoly
   module Rails
     ##
     # The current version of the unpoly-rails gem.
-    # This version number is also used for releases of the Unpoly
-    # frontend code.
-    VERSION = '3.3.0'
+    # The first 3 digits should match the version of the Unpoly frontend code.
+    VERSION = '3.3.0.1'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: unpoly-rails
 version: !ruby/object:Gem::Version
-  version: 3.3.0
+  version: 3.3.0.1
 platform: ruby
 authors:
 - Henning Koch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-16 00:00:00.000000000 Z
+date: 2023-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties