web-console 4.0.4 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.markdown +9 -0
  3. data/README.markdown +2 -1
  4. data/lib/web_console/template.rb +1 -1
  5. data/lib/web_console/templates/console.js.erb +17 -4
  6. data/lib/web_console/templates/layouts/javascript.erb +1 -1
  7. data/lib/web_console/templates/style.css.erb +1 -1
  8. data/lib/web_console/version.rb +1 -1
  9. data/lib/web_console/view.rb +1 -0
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17cae9167c8b3d4e2047cfaf811a37618feccf0061a79d16d25f79aec051dd58
4
- data.tar.gz: 97b196f4c170ce48a407cd44a9844d7ee5a7291d34504a73c3356c7b60ede6f2
3
+ metadata.gz: 1e582f6eaaeff0b5fd7bedde53a6101c43eb8b5b86cda5f2a0e5a535b10c7bfc
4
+ data.tar.gz: 5ed7fe9a6bbb404eb7c1a9d4e594a559ca7e65f5184f342a1882cb33152aac2b
5
5
  SHA512:
6
- metadata.gz: d1f7db6881432d184a73388a11750d84b7f14f5d1e0682cec3b916fbc34882b0ed648b381d64c2f552549251fb1281c83786f6960903ea6dc409662c3eec8e1f
7
- data.tar.gz: 9e1d58172566c9d9d3bdeb7692c4dc2196e26f4572694b37da22da62d1281749a5b8d592a76b8f3d26b813962d65b1b0077ee515c609b0e03b23c1d2e4f0ea03
6
+ metadata.gz: 9805b430a93e04d8b1865efbb1c10824cd198f79fe8ba3bb2e4b934de2eed777f09c13200d3f07a4db82cf09285c8ea6e60b505186d86ac0d52e45ab937f3130
7
+ data.tar.gz: ac73f59d7603a019b5a0c96cb7d2583ee8280198dbd719a071c7b77af71650cfd7333c7bb481f98552ba7ed933ddbc3ee00e235292a4c337e2520d71e10975a9
data/CHANGELOG.markdown CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  ## master (unreleased)
4
4
 
5
+ ## 4.1.0
6
+
7
+ * [#304](https://github.com/rails/web-console/pull/304) Add support for Rails 6.1 ([@stephannv])
8
+ * [#298](https://github.com/rails/web-console/pull/298) Prevent deprecation warnings by removing template formats ([@mikelkew])
9
+ * [#297](https://github.com/rails/web-console/pull/297) Use MutationObserver instead of Mutation Events ([@mikelkew])
10
+ * [#296](https://github.com/rails/web-console/pull/296) Add CSP nonce to injected scripts and styles ([@mikelkew])
11
+
5
12
  ## 4.0.4
6
13
 
7
14
  * [fb483743](https://github.com/rails/web-console/commit/fb483743a6a2a4168cdc0b2e03f48fc393991b73) Fix a crash on webrick with Rack 2.2.3 ([@gsamokovarov])
@@ -145,6 +152,8 @@ go to 3.1.0 instead.
145
152
  * [#84](https://github.com/rails/web-console/pull/84) Allow Rails 5 as dependency in gemspec ([@jonatack])
146
153
  * [#69](https://github.com/rails/web-console/pull/69) Introduce middleware for request dispatch and console rendering ([@gsamokovarov])
147
154
 
155
+ [@stephannv]: https://github.com/stephannv
156
+ [@mikelkew]: https://github.com/mikelkew
148
157
  [@jonatack]: https://github.com/jonatack
149
158
  [@ryandao]: https://github.com/ryandao
150
159
  [@jeffnv]: https://github.com/jeffnv
data/README.markdown CHANGED
@@ -1,7 +1,8 @@
1
1
  <p align=right>
2
- Documentation for:
2
+ <strong>Current version: 4.1.0</strong> Documentation for:
3
3
  <a href=https://github.com/rails/web-console/tree/v1.0.4>v1.0.4</a>
4
4
  <a href=https://github.com/rails/web-console/tree/v2.2.1>v2.2.1</a>
5
+ <a href=https://github.com/rails/web-console/tree/v3.7.0>v3.7.0</a>
5
6
  </p>
6
7
 
7
8
  # Web Console [![Build Status](https://travis-ci.org/rails/web-console.svg?branch=master)](https://travis-ci.org/rails/web-console)
data/lib/web_console/template.rb CHANGED
@@ -17,7 +17,7 @@ module WebConsole
17
17
 
18
18
  # Render a template (inferred from +template_paths+) as a plain string.
19
19
  def render(template)
20
- view = View.new(ActionView::LookupContext.new(template_paths), instance_values)
20
+ view = View.with_empty_template_cache.with_view_paths(template_paths, instance_values)
21
21
  view.render(template: template, layout: false)
22
22
  end
23
23
  end
data/lib/web_console/templates/console.js.erb CHANGED
@@ -251,12 +251,14 @@ Autocomplete.prototype.removeView = function() {
251
251
  }
252
252
 
253
253
  // HTML strings for dynamic elements.
254
- var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup.html' %>;
255
- var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup.html' %>;
254
+ var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup' %>;
255
+ var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup' %>;
256
256
  // CSS
257
- var consoleStyleCss = <%= render_inlined_string 'style.css' %>;
257
+ var consoleStyleCss = <%= render_inlined_string 'style' %>;
258
258
  // Insert a style element with the unique ID
259
259
  var styleElementId = 'sr02459pvbvrmhco';
260
+ // Nonce to use for CSP
261
+ var styleElementNonce = '<%= @nonce %>';
260
262
 
261
263
  // REPLConsole Constructor
262
264
  function REPLConsole(config) {
@@ -416,6 +418,14 @@ REPLConsole.prototype.install = function(container) {
416
418
  }
417
419
  }
418
420
 
421
+ var observer = new MutationObserver(function(mutationsList) {
422
+ for (let mutation of mutationsList) {
423
+ if (mutation.type === 'childList' && mutation.addedNodes.length > 0) {
424
+ shiftConsoleActions();
425
+ }
426
+ }
427
+ });
428
+
419
429
  // Initialize
420
430
  this.container = container;
421
431
  this.outer = consoleOuter;
@@ -427,7 +437,7 @@ REPLConsole.prototype.install = function(container) {
427
437
 
428
438
  findChild(container, 'resizer').addEventListener('mousedown', resizeContainer);
429
439
  findChild(consoleActions, 'close-button').addEventListener('click', closeContainer);
430
- consoleOuter.addEventListener('DOMNodeInserted', shiftConsoleActions);
440
+ observer.observe(consoleOuter, { childList: true, subtree: true });
431
441
 
432
442
  REPLConsole.currentSession = this;
433
443
  };
@@ -441,6 +451,9 @@ REPLConsole.prototype.insertCss = function() {
441
451
  style.type = 'text/css';
442
452
  style.innerHTML = consoleStyleCss;
443
453
  style.id = styleElementId;
454
+ if (styleElementNonce.length > 0) {
455
+ style.nonce = styleElementNonce;
456
+ }
444
457
  document.getElementsByTagName('head')[0].appendChild(style);
445
458
  };
446
459
 
data/lib/web_console/templates/layouts/javascript.erb CHANGED
@@ -1,4 +1,4 @@
1
- <script type="text/javascript" data-template="<%= @template %>">
1
+ <script type="text/javascript" data-template="<%= @template %>" nonce="<%= @nonce %>">
2
2
  (function() {
3
3
  <%= yield %>
4
4
  }).call(this);
data/lib/web_console/templates/style.css.erb CHANGED
@@ -49,7 +49,7 @@
49
49
  font-size: 11px;
50
50
  width: 100%;
51
51
  height: 100%;
52
- overflow: none;
52
+ overflow: unset;
53
53
  background: #333;
54
54
  }
55
55
 
data/lib/web_console/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WebConsole
4
- VERSION = "4.0.4"
4
+ VERSION = "4.1.0"
5
5
  end
data/lib/web_console/view.rb CHANGED
@@ -22,6 +22,7 @@ module WebConsole
22
22
  # leaking globals, unless you explicitly want to.
23
23
  def render_javascript(template)
24
24
  assign(template: template)
25
+ assign(nonce: @env["action_dispatch.content_security_policy_nonce"])
25
26
  render(template: template, layout: "layouts/javascript")
26
27
  end
27
28
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web-console
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.4
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charlie Somerville
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2020-07-12 00:00:00.000000000 Z
14
+ date: 2020-11-05 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties