RubyGems - web-console - Versions diffs - 4.0.2 → 4.2.0 - Mend

web-console 4.0.2 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.markdown +33 -6
data/MIT-LICENSE +1 -1
data/README.markdown +7 -6
data/lib/web_console/evaluator.rb +6 -1
data/lib/web_console/injector.rb +5 -3
data/lib/web_console/permissions.rb +1 -1
data/lib/web_console/railtie.rb +16 -1
data/lib/web_console/template.rb +1 -1
data/lib/web_console/templates/console.js.erb +17 -4
data/lib/web_console/templates/layouts/inlined_string.erb +1 -1
data/lib/web_console/templates/layouts/javascript.erb +1 -1
data/lib/web_console/templates/style.css.erb +1 -1
data/lib/web_console/version.rb +1 -1
data/lib/web_console/view.rb +1 -0
metadata +9 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 38b006503ec43ff88e05efa6c91767852bd16290dc0266a703f6210c5036c029
-  data.tar.gz: c2aa58c058cfc1593fdeca3f1b98c9f1c2dbc6355f66085c328213e8c14c097a
+  metadata.gz: a491428cda19f89cf20ad5ef83558e948feecb7acb7f46b453c5644ad419131b
+  data.tar.gz: 3e3d2902466fc03684b00591b294df2c19af06db31e43f58f1f9e8de14cb731f
 SHA512:
-  metadata.gz: 847df1cc274ff85315284188931ee700823ce9733f06c5a3d86191037dfcd281131b30a0da3d54fd9bc7b43820ee9fc91a4fca7a86f5e028b8a93c987ca7ec32
-  data.tar.gz: d183e3efaa71ecbf82672756a23fecbbe00ebe5cb7f9aeb15bce53f2f35a72de6fdf5e236de7a5a459cbbc5ba65b5c85746e85ce160b4a2f237df14c2ef4cbb6
+  metadata.gz: d949e602f1056bda92b2e7e13e030a78bd856befeb52ccd89c57c27a5341bab30830e27969f3fd9bf8e3d5e4467de381cb788cd9d5809ad6f5d662b2a00b3993
+  data.tar.gz: a17229c83c77f2fdc2b06ca4d25674391e9318490da932de015d0d8ebc59bf652ccb010577eea9d95c357fcd703ba6b5fb8f2afc8343ad79306e80834f52d77d

data/CHANGELOG.markdown CHANGED Viewed

@@ -2,6 +2,27 @@
 ## master (unreleased)
+## 4.2.0
+* [#308](https://github.com/rails/web-console/pull/308) Fix web-console inline templates rendering ([@voxik])
+* [#306](https://github.com/rails/web-console/pull/306) Support Ruby 3.0 and above ([@ruanwood])
+## 4.1.0
+* [#304](https://github.com/rails/web-console/pull/304) Add support for Rails 6.1 ([@stephannv])
+* [#298](https://github.com/rails/web-console/pull/298) Prevent deprecation warnings by removing template formats ([@mikelkew])
+* [#297](https://github.com/rails/web-console/pull/297) Use MutationObserver instead of Mutation Events ([@mikelkew])
+* [#296](https://github.com/rails/web-console/pull/296) Add CSP nonce to injected scripts and styles ([@mikelkew])
+## 4.0.4
+* [fb483743](https://github.com/rails/web-console/commit/fb483743a6a2a4168cdc0b2e03f48fc393991b73) Fix a crash on webrick with Rack 2.2.3 ([@gsamokovarov])
+## 4.0.3
+* [#291](https://github.com/rails/web-console/pull/291) Deprecate config.web_console.whitelisted_ips ([@JuanitoFatas])
+* [#290](https://github.com/rails/web-console/pull/290) Fix Content-Length for rack >= 2.1.0 ([@p8])
 ## 4.0.2
 * [#285](https://github.com/rails/web-console/pull/285) Increase timeout on paste ([@celvro])
@@ -12,12 +33,12 @@
 ## 4.0.0
-* [|61c](https://github.com/rails/web-console/commit/61ce65b599f56809de1bd8da6590a80acbd92017) Move to config.web_console.permissions ([@gsamokovarov])
-* [|961](https://github.com/rails/web-console/commit/96127aac143e1e653fffdc4bb65e1ce0b5ff342d) Introduce Binding#console as an alternative interface ([@gsamokovarov])
-* [|d45](https://github.com/rails/web-console/commit/d4591ca5396ed15a08818f3da11134852a485b27) Introduce Rails 6 support ([@gsamokovarov])
-* [|f97](https://github.com/rails/web-console/commit/f97d8a889a38366485e5c5e8985995c19bf61d13) Introduce Ruby 2.6 support ([@gsamokovarov])
-* [|d6d](https://github.com/rails/web-console/commit/d6deacd9d5fcaabf3e3051d6985b53f924f86956) Drop Rails 5 support ([@gsamokovarov])
-* [|90f](https://github.com/rails/web-console/commit/90fda8789d402f05647c18f8cdf8e5c3d01692dd) Drop Ruby 2.4 support ([@gsamokovarov])
+* [61ce65b5](https://github.com/rails/web-console/commit/61ce65b599f56809de1bd8da6590a80acbd92017) Move to config.web_console.permissions ([@gsamokovarov])
+* [96127ac1](https://github.com/rails/web-console/commit/96127aac143e1e653fffdc4bb65e1ce0b5ff342d) Introduce Binding#console as an alternative interface ([@gsamokovarov])
+* [d4591ca5](https://github.com/rails/web-console/commit/d4591ca5396ed15a08818f3da11134852a485b27) Introduce Rails 6 support ([@gsamokovarov])
+* [f97d8a88](https://github.com/rails/web-console/commit/f97d8a889a38366485e5c5e8985995c19bf61d13) Introduce Ruby 2.6 support ([@gsamokovarov])
+* [d6deacd9](https://github.com/rails/web-console/commit/d6deacd9d5fcaabf3e3051d6985b53f924f86956) Drop Rails 5 support ([@gsamokovarov])
+* [90fda878](https://github.com/rails/web-console/commit/90fda8789d402f05647c18f8cdf8e5c3d01692dd) Drop Ruby 2.4 support ([@gsamokovarov])
 * [#265](https://github.com/rails/web-console/pull/265) Add support for nested exceptions ([@yuki24])
 ## 3.7.0
@@ -136,6 +157,8 @@ go to 3.1.0 instead.
 * [#84](https://github.com/rails/web-console/pull/84) Allow Rails 5 as dependency in gemspec ([@jonatack])
 * [#69](https://github.com/rails/web-console/pull/69) Introduce middleware for request dispatch and console rendering ([@gsamokovarov])
+[@stephannv]: https://github.com/stephannv
+[@mikelkew]: https://github.com/mikelkew
 [@jonatack]: https://github.com/jonatack
 [@ryandao]: https://github.com/ryandao
 [@jeffnv]: https://github.com/jeffnv
@@ -159,3 +182,7 @@ go to 3.1.0 instead.
 [@yuki24]: https://github.com/yuki24
 [@patorash]: https://github.com/patorash
 [@celvro]: https://github.com/celvro
+[@JuanitoFatas]: https://github.com/JuanitoFatas
+[@p8]: https://github.com/p8
+[@voxik]: https://github.com/voxik
+[@ryanwood]: https://github.com/ryanwood

data/MIT-LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright 2014-2016 Charlie Somerville, Genadi Samokovarov, Guillermo Iguaran and Ryan Dao
+Copyright 2014-2016 Hailey Somerville, Genadi Samokovarov, Guillermo Iguaran and Ryan Dao
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.markdown CHANGED Viewed

@@ -1,7 +1,8 @@
 <p align=right>
-  Documentation for:
+  <strong>Current version: 4.1.0</strong> | Documentation for:
   <a href=https://github.com/rails/web-console/tree/v1.0.4>v1.0.4</a>
   <a href=https://github.com/rails/web-console/tree/v2.2.1>v2.2.1</a>
+  <a href=https://github.com/rails/web-console/tree/v3.7.0>v3.7.0</a>
 </p>
 # Web Console [![Build Status](https://travis-ci.org/rails/web-console.svg?branch=master)](https://travis-ci.org/rails/web-console)
@@ -66,7 +67,7 @@ By default, only requests coming from IPv4 and IPv6 localhosts are allowed.
 `config.web_console.permissions` lets you control which IP's have access to
 the console.
-You can whitelist single IP's or whole networks. Say you want to share your
+You can allow single IP's or whole networks. Say you want to share your
 console with `192.168.0.100`:
 ```ruby
@@ -75,7 +76,7 @@ class Application < Rails::Application
 end
 ```
-If you want to whitelist the whole private network:
+If you want to allow the whole private network:
 ```ruby
 Rails.application.configure do
@@ -174,15 +175,15 @@ Make sure your configuration lives in `config/environments/development.rb`.
 ## Credits
-* Shoutout to [Charlie Somerville] for [better_errors].
+* Shoutout to [Hailey Somerville] for [better_errors].
 * Kudos to [John Mair] for [binding_of_caller] and [debug_inspector].
 * Thanks to [Charles Oliver Nutter] for all the _JRuby_ feedback.
 * Hugs and kisses to all of our [contributors]!
-[better_errors]: https://github.com/charliesome/better_errors
+[better_errors]: https://github.com/BetterErrors/better_errors
 [debug_inspector]: https://github.com/banister/debug_inspector
 [binding_of_caller]: https://github.com/banister/binding_of_caller
-[Charlie Somerville]: https://github.com/charliesome
+[Hailey Somerville]: https://github.com/haileys
 [John Mair]: https://github.com/banister
 [Charles Oliver Nutter]: https://github.com/headius
 [templates]: https://github.com/rails/web-console/tree/master/lib/web_console/templates

data/lib/web_console/evaluator.rb CHANGED Viewed

@@ -19,7 +19,12 @@ module WebConsole
     end
     def eval(input)
-      "=> #{@binding.eval(input).inspect}\n"
+      # Binding#source_location is available since Ruby 2.6.
+      if @binding.respond_to? :source_location
+        "=> #{@binding.eval(input, *@binding.source_location).inspect}\n"
+      else
+        "=> #{@binding.eval(input).inspect}\n"
+      end
     rescue Exception => exc
       format_exception(exc)
     end

data/lib/web_console/injector.rb CHANGED Viewed

@@ -13,9 +13,11 @@ module WebConsole
     end
     def inject(content)
-      # Remove any previously set Content-Length header because we modify
-      # the body. Otherwise the response will be truncated.
-      @headers.delete("Content-Length")
+      # Set Content-Length header to the size of the current body
+      # + the extra content. Otherwise the response will be truncated.
+      if @headers["Content-Length"]
+        @headers["Content-Length"] = (@body.bytesize + content.bytesize).to_s
+      end
       [
         if position = @body.rindex("</body>")

data/lib/web_console/permissions.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require "ipaddr"
 module WebConsole
   class Permissions
-    # IPv4 and IPv6 localhost should be always whitelisted.
+    # IPv4 and IPv6 localhost should be always allowed.
     ALWAYS_PERMITTED_NETWORKS = %w( 127.0.0.0/8 ::1 )
     def initialize(networks = nil)

data/lib/web_console/railtie.rb CHANGED Viewed

@@ -52,10 +52,25 @@ module WebConsole
     end
     initializer "web_console.permissions" do
-      permissions = config.web_console.permissions || config.web_console.whitelisted_ips
+      permissions = web_console_permissions
       Request.permissions = Permissions.new(permissions)
     end
+    def web_console_permissions
+      case
+      when config.web_console.permissions
+        config.web_console.permissions
+      when config.web_console.allowed_ips
+        config.web_console.allowed_ips
+      when config.web_console.whitelisted_ips
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          The config.web_console.whitelisted_ips is deprecated and will be ignored in future release of web_console.
+          Please use config.web_console.allowed_ips instead.
+        MSG
+        config.web_console.whitelisted_ips
+      end
+    end
     initializer "web_console.whiny_requests" do
       if config.web_console.key?(:whiny_requests)
         Middleware.whiny_requests = config.web_console.whiny_requests

data/lib/web_console/template.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module WebConsole
     # Render a template (inferred from +template_paths+) as a plain string.
     def render(template)
-      view = View.new(ActionView::LookupContext.new(template_paths), instance_values)
+      view = View.with_empty_template_cache.with_view_paths(template_paths, instance_values)
       view.render(template: template, layout: false)
     end
   end

data/lib/web_console/templates/console.js.erb CHANGED Viewed

@@ -251,12 +251,14 @@ Autocomplete.prototype.removeView = function() {
 }
 // HTML strings for dynamic elements.
-var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup.html' %>;
-var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup.html' %>;
+var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup' %>;
+var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup' %>;
 // CSS
-var consoleStyleCss = <%= render_inlined_string 'style.css' %>;
+var consoleStyleCss = <%= render_inlined_string 'style' %>;
 // Insert a style element with the unique ID
 var styleElementId = 'sr02459pvbvrmhco';
+// Nonce to use for CSP
+var styleElementNonce = '<%= @nonce %>';
 // REPLConsole Constructor
 function REPLConsole(config) {
@@ -416,6 +418,14 @@ REPLConsole.prototype.install = function(container) {
     }
   }
+  var observer = new MutationObserver(function(mutationsList) {
+    for (let mutation of mutationsList) {
+      if (mutation.type === 'childList' && mutation.addedNodes.length > 0) {
+        shiftConsoleActions();
+      }
+    }
+  });
   // Initialize
   this.container = container;
   this.outer = consoleOuter;
@@ -427,7 +437,7 @@ REPLConsole.prototype.install = function(container) {
   findChild(container, 'resizer').addEventListener('mousedown', resizeContainer);
   findChild(consoleActions, 'close-button').addEventListener('click', closeContainer);
-  consoleOuter.addEventListener('DOMNodeInserted', shiftConsoleActions);
+  observer.observe(consoleOuter, { childList: true, subtree: true });
   REPLConsole.currentSession = this;
 };
@@ -441,6 +451,9 @@ REPLConsole.prototype.insertCss = function() {
   style.type = 'text/css';
   style.innerHTML = consoleStyleCss;
   style.id = styleElementId;
+  if (styleElementNonce.length > 0) {
+    style.nonce = styleElementNonce;
+  }
   document.getElementsByTagName('head')[0].appendChild(style);
 };

data/lib/web_console/templates/layouts/inlined_string.erb CHANGED Viewed

	@@ -1 +1 @@
1	- ~~"<%=~~ j yield ~~%>"~~
1	+ `<%= j yield %>`

data/lib/web_console/templates/layouts/javascript.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<script type="text/javascript" data-template="<%= @template %>">
+<script type="text/javascript" data-template="<%= @template %>" nonce="<%= @nonce %>">
 (function() {
   <%= yield %>
 }).call(this);

data/lib/web_console/templates/style.css.erb CHANGED Viewed

@@ -49,7 +49,7 @@
   font-size: 11px;
   width: 100%;
   height: 100%;
-  overflow: none;
+  overflow: unset;
   background: #333;
 }

data/lib/web_console/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module WebConsole
-  VERSION = "4.0.2"
+  VERSION = "4.2.0"
 end

data/lib/web_console/view.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module WebConsole
     # leaking globals, unless you explicitly want to.
     def render_javascript(template)
       assign(template: template)
+      assign(nonce: @env["action_dispatch.content_security_policy_nonce"])
       render(template: template, layout: "layouts/javascript")
     end

metadata CHANGED Viewed

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: web-console
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 4.2.0
 platform: ruby
 authors:
-- Charlie Somerville
+- Hailey Somerville
 - Genadi Samokovarov
 - Guillermo Iguaran
 - Ryan Dao
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-05 00:00:00.000000000 Z
+date: 2021-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -69,9 +69,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.4.0
-description:
+description:
 email:
-- charlie@charliesomerville.com
+- hailey@hailey.lol
 - gsamokovarov@gmail.com
 - guilleiguaran@gmail.com
 - daoduyducduong@gmail.com
@@ -123,7 +123,7 @@ homepage: https://github.com/rails/web-console
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -138,8 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: A debugging tool for your Ruby on Rails applications.
 test_files: []