view_component 2.49.0 → 2.49.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/docs/CHANGELOG.md +12 -0
- data/lib/view_component/translatable.rb +30 -0
- data/lib/view_component/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ef9372866a072103dd38b8da27bfcf57ad66012524b6a80f6caf311a97533435
|
|
4
|
+
data.tar.gz: 654c9561c09c8cae7ca8720d126060e8196d38b0cd832d6a5a6e1f7e8c8ad133
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fbd9bf43a06132fa0d26fba5155382be904bba9aaf181c9bb0f715a3caf103f5ae7bff74640e62c31e3ea8600a61f5405e364553b5f56f3cbc5af7a22a77f5f8
|
|
7
|
+
data.tar.gz: 946639d557fd6dd76889c6a645187fc1235bd7e76817944429f306be1d7798ac9fe9b8005301f3ea106c564d6502d3e1bc21fc1ea5b9902784d99296979c8d93
|
data/docs/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,12 @@ title: Changelog
|
|
|
7
7
|
|
|
8
8
|
## main
|
|
9
9
|
|
|
10
|
+
## 2.49.1
|
|
11
|
+
|
|
12
|
+
* Patch XSS vulnerability in `Translatable` module caused by improperly escaped interpolation arguments.
|
|
13
|
+
|
|
14
|
+
*Cameron Dutro*
|
|
15
|
+
|
|
10
16
|
## 2.49.0
|
|
11
17
|
|
|
12
18
|
* Fix path handling for evaluated view components that broke in Ruby 3.1.
|
|
@@ -657,6 +663,12 @@ _Note: This release includes an underlying change to Slots that may affect incor
|
|
|
657
663
|
|
|
658
664
|
*Joel Hawksley*
|
|
659
665
|
|
|
666
|
+
## 2.29.1
|
|
667
|
+
|
|
668
|
+
* Patch XSS vulnerability in `ViewComponent::Translatable` module caused by improperly escaped interpolation arguments.
|
|
669
|
+
|
|
670
|
+
*Cameron Dutro*
|
|
671
|
+
|
|
660
672
|
## 2.29.0
|
|
661
673
|
|
|
662
674
|
* Allow Slot lambdas to share data from the parent component and allow chaining on the returned component.
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "erb"
|
|
3
4
|
require "set"
|
|
4
5
|
require "i18n"
|
|
5
6
|
require "action_view/helpers/translation_helper"
|
|
@@ -70,6 +71,10 @@ module ViewComponent
|
|
|
70
71
|
key = key&.to_s unless key.is_a?(String)
|
|
71
72
|
key = "#{i18n_scope}#{key}" if key.start_with?(".")
|
|
72
73
|
|
|
74
|
+
if HTML_SAFE_TRANSLATION_KEY.match?(key)
|
|
75
|
+
html_escape_translation_options!(options)
|
|
76
|
+
end
|
|
77
|
+
|
|
73
78
|
if key.start_with?(i18n_scope + ".")
|
|
74
79
|
translated =
|
|
75
80
|
catch(:exception) do
|
|
@@ -96,5 +101,30 @@ module ViewComponent
|
|
|
96
101
|
def i18n_scope
|
|
97
102
|
self.class.i18n_scope
|
|
98
103
|
end
|
|
104
|
+
|
|
105
|
+
def html_safe_translation(translation)
|
|
106
|
+
if translation.respond_to?(:map)
|
|
107
|
+
translation.map { |element| html_safe_translation(element) }
|
|
108
|
+
else
|
|
109
|
+
# It's assumed here that objects loaded by the i18n backend will respond to `#html_safe?`.
|
|
110
|
+
# It's reasonable that if we're in Rails, `active_support/core_ext/string/output_safety.rb`
|
|
111
|
+
# will provide this to `Object`.
|
|
112
|
+
translation.html_safe # rubocop:disable Rails/OutputSafety
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
private
|
|
117
|
+
|
|
118
|
+
def html_escape_translation_options!(options)
|
|
119
|
+
options.each do |name, value|
|
|
120
|
+
unless i18n_option?(name) || (name == :count && value.is_a?(Numeric))
|
|
121
|
+
options[name] = ERB::Util.html_escape(value.to_s)
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def i18n_option?(name)
|
|
127
|
+
(@i18n_option_names ||= I18n::RESERVED_KEYS.to_set).include?(name)
|
|
128
|
+
end
|
|
99
129
|
end
|
|
100
130
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: view_component
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.49.
|
|
4
|
+
version: 2.49.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub Open Source
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-02
|
|
11
|
+
date: 2022-03-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -373,7 +373,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
373
373
|
- !ruby/object:Gem::Version
|
|
374
374
|
version: '0'
|
|
375
375
|
requirements: []
|
|
376
|
-
rubygems_version: 3.
|
|
376
|
+
rubygems_version: 3.2.32
|
|
377
377
|
signing_key:
|
|
378
378
|
specification_version: 4
|
|
379
379
|
summary: View components for Rails
|