web-console 4.0.3 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 843f71412a6d2c6a31f35062ad86326656caed6a75de13d9e9c3b09d143ccb3c
-  data.tar.gz: 6a7a70ff565431ff9f1a2f47db2cfaf9498abf95a030e5ea285c27cf42412dab
+  metadata.gz: 1e582f6eaaeff0b5fd7bedde53a6101c43eb8b5b86cda5f2a0e5a535b10c7bfc
+  data.tar.gz: 5ed7fe9a6bbb404eb7c1a9d4e594a559ca7e65f5184f342a1882cb33152aac2b
 SHA512:
-  metadata.gz: 34e95ab70102f30b04fb9f538a5773b927773be82e9d350374e50d743bbcc02186d66b71506198cde59e169ad0fbaf291ca15e43aeac1b6bb676bf993de668d5
-  data.tar.gz: 0b3ad53ed8e1d27d06f11bd9d8f07f197e2a60e902fdba4d7cb1c8014eeac7c3cbc5af2f34b359fb6f60fbd005795cfdcc58185144b8e2ca5a8ca18a767182c6
+  metadata.gz: 9805b430a93e04d8b1865efbb1c10824cd198f79fe8ba3bb2e4b934de2eed777f09c13200d3f07a4db82cf09285c8ea6e60b505186d86ac0d52e45ab937f3130
+  data.tar.gz: ac73f59d7603a019b5a0c96cb7d2583ee8280198dbd719a071c7b77af71650cfd7333c7bb481f98552ba7ed933ddbc3ee00e235292a4c337e2520d71e10975a9

data/CHANGELOG.markdown

@@ -2,6 +2,17 @@
 
 ## master (unreleased)
 
+## 4.1.0
+
+* [#304](https://github.com/rails/web-console/pull/304) Add support for Rails 6.1 ([@stephannv])
+* [#298](https://github.com/rails/web-console/pull/298) Prevent deprecation warnings by removing template formats ([@mikelkew])
+* [#297](https://github.com/rails/web-console/pull/297) Use MutationObserver instead of Mutation Events ([@mikelkew])
+* [#296](https://github.com/rails/web-console/pull/296) Add CSP nonce to injected scripts and styles ([@mikelkew])
+
+## 4.0.4
+
+* [fb483743](https://github.com/rails/web-console/commit/fb483743a6a2a4168cdc0b2e03f48fc393991b73) Fix a crash on webrick with Rack 2.2.3 ([@gsamokovarov])
+
 ## 4.0.3
 
 * [#291](https://github.com/rails/web-console/pull/291) Deprecate config.web_console.whitelisted_ips ([@JuanitoFatas])
@@ -141,6 +152,8 @@ go to 3.1.0 instead.
 * [#84](https://github.com/rails/web-console/pull/84) Allow Rails 5 as dependency in gemspec ([@jonatack])
 * [#69](https://github.com/rails/web-console/pull/69) Introduce middleware for request dispatch and console rendering ([@gsamokovarov])
 
+[@stephannv]: https://github.com/stephannv
+[@mikelkew]: https://github.com/mikelkew
 [@jonatack]: https://github.com/jonatack
 [@ryandao]: https://github.com/ryandao
 [@jeffnv]: https://github.com/jeffnv

data/README.markdown

@@ -1,7 +1,8 @@
 <p align=right>
-  Documentation for:
+  <strong>Current version: 4.1.0</strong> Documentation for:
   <a href=https://github.com/rails/web-console/tree/v1.0.4>v1.0.4</a>
   <a href=https://github.com/rails/web-console/tree/v2.2.1>v2.2.1</a>
+  <a href=https://github.com/rails/web-console/tree/v3.7.0>v3.7.0</a>
 </p>
 
 # Web Console [![Build Status](https://travis-ci.org/rails/web-console.svg?branch=master)](https://travis-ci.org/rails/web-console)

data/lib/web_console/injector.rb

@@ -16,7 +16,7 @@ module WebConsole
       # Set Content-Length header to the size of the current body
       # + the extra content. Otherwise the response will be truncated.
       if @headers["Content-Length"]
-        @headers["Content-Length"] = @body.bytesize + content.bytesize
+        @headers["Content-Length"] = (@body.bytesize + content.bytesize).to_s
       end
 
       [

data/lib/web_console/template.rb

@@ -17,7 +17,7 @@ module WebConsole
 
     # Render a template (inferred from +template_paths+) as a plain string.
     def render(template)
-      view = View.new(ActionView::LookupContext.new(template_paths), instance_values)
+      view = View.with_empty_template_cache.with_view_paths(template_paths, instance_values)
       view.render(template: template, layout: false)
     end
   end

data/lib/web_console/templates/console.js.erb

@@ -251,12 +251,14 @@ Autocomplete.prototype.removeView = function() {
 }
 
 // HTML strings for dynamic elements.
-var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup.html' %>;
-var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup.html' %>;
+var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup' %>;
+var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup' %>;
 // CSS
-var consoleStyleCss = <%= render_inlined_string 'style.css' %>;
+var consoleStyleCss = <%= render_inlined_string 'style' %>;
 // Insert a style element with the unique ID
 var styleElementId = 'sr02459pvbvrmhco';
+// Nonce to use for CSP
+var styleElementNonce = '<%= @nonce %>';
 
 // REPLConsole Constructor
 function REPLConsole(config) {
@@ -416,6 +418,14 @@ REPLConsole.prototype.install = function(container) {
     }
   }
 
+  var observer = new MutationObserver(function(mutationsList) {
+    for (let mutation of mutationsList) {
+      if (mutation.type === 'childList' && mutation.addedNodes.length > 0) {
+        shiftConsoleActions();
+      }
+    }
+  });
+
   // Initialize
   this.container = container;
   this.outer = consoleOuter;
@@ -427,7 +437,7 @@ REPLConsole.prototype.install = function(container) {
 
   findChild(container, 'resizer').addEventListener('mousedown', resizeContainer);
   findChild(consoleActions, 'close-button').addEventListener('click', closeContainer);
-  consoleOuter.addEventListener('DOMNodeInserted', shiftConsoleActions);
+  observer.observe(consoleOuter, { childList: true, subtree: true });
 
   REPLConsole.currentSession = this;
 };
@@ -441,6 +451,9 @@ REPLConsole.prototype.insertCss = function() {
   style.type = 'text/css';
   style.innerHTML = consoleStyleCss;
   style.id = styleElementId;
+  if (styleElementNonce.length > 0) {
+    style.nonce = styleElementNonce;
+  }
   document.getElementsByTagName('head')[0].appendChild(style);
 };
 

data/lib/web_console/templates/layouts/javascript.erb

@@ -1,4 +1,4 @@
-<script type="text/javascript" data-template="<%= @template %>">
+<script type="text/javascript" data-template="<%= @template %>" nonce="<%= @nonce %>">
 (function() {
   <%= yield %>
 }).call(this);

data/lib/web_console/templates/style.css.erb

@@ -49,7 +49,7 @@
   font-size: 11px;
   width: 100%;
   height: 100%;
-  overflow: none;
+  overflow: unset;
   background: #333;
 }
 

data/lib/web_console/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WebConsole
-  VERSION = "4.0.3"
+  VERSION = "4.1.0"
 end

data/lib/web_console/view.rb

@@ -22,6 +22,7 @@ module WebConsole
     # leaking globals, unless you explicitly want to.
     def render_javascript(template)
       assign(template: template)
+      assign(nonce: @env["action_dispatch.content_security_policy_nonce"])
       render(template: template, layout: "layouts/javascript")
     end
 

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: web-console
 version: !ruby/object:Gem::Version
-  version: 4.0.3
+  version: 4.1.0
 platform: ruby
 authors:
 - Charlie Somerville
 - Genadi Samokovarov
 - Guillermo Iguaran
 - Ryan Dao
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-17 00:00:00.000000000 Z
+date: 2020-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -69,7 +69,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.4.0
-description: 
+description:
 email:
 - charlie@charliesomerville.com
 - gsamokovarov@gmail.com
@@ -123,7 +123,7 @@ homepage: https://github.com/rails/web-console
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -139,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: A debugging tool for your Ruby on Rails applications.
 test_files: []