web-console 4.0.4 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.markdown +9 -0
  3. data/README.markdown +2 -1
  4. data/lib/web_console/template.rb +1 -1
  5. data/lib/web_console/templates/console.js.erb +17 -4
  6. data/lib/web_console/templates/layouts/javascript.erb +1 -1
  7. data/lib/web_console/templates/style.css.erb +1 -1
  8. data/lib/web_console/version.rb +1 -1
  9. data/lib/web_console/view.rb +1 -0
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17cae9167c8b3d4e2047cfaf811a37618feccf0061a79d16d25f79aec051dd58
4
- data.tar.gz: 97b196f4c170ce48a407cd44a9844d7ee5a7291d34504a73c3356c7b60ede6f2
3
+ metadata.gz: 1e582f6eaaeff0b5fd7bedde53a6101c43eb8b5b86cda5f2a0e5a535b10c7bfc
4
+ data.tar.gz: 5ed7fe9a6bbb404eb7c1a9d4e594a559ca7e65f5184f342a1882cb33152aac2b
5
5
  SHA512:
6
- metadata.gz: d1f7db6881432d184a73388a11750d84b7f14f5d1e0682cec3b916fbc34882b0ed648b381d64c2f552549251fb1281c83786f6960903ea6dc409662c3eec8e1f
7
- data.tar.gz: 9e1d58172566c9d9d3bdeb7692c4dc2196e26f4572694b37da22da62d1281749a5b8d592a76b8f3d26b813962d65b1b0077ee515c609b0e03b23c1d2e4f0ea03
6
+ metadata.gz: 9805b430a93e04d8b1865efbb1c10824cd198f79fe8ba3bb2e4b934de2eed777f09c13200d3f07a4db82cf09285c8ea6e60b505186d86ac0d52e45ab937f3130
7
+ data.tar.gz: ac73f59d7603a019b5a0c96cb7d2583ee8280198dbd719a071c7b77af71650cfd7333c7bb481f98552ba7ed933ddbc3ee00e235292a4c337e2520d71e10975a9
data/CHANGELOG.markdown CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  ## master (unreleased)
4
4
 
5
+ ## 4.1.0
6
+
7
+ * [#304](https://github.com/rails/web-console/pull/304) Add support for Rails 6.1 ([@stephannv])
8
+ * [#298](https://github.com/rails/web-console/pull/298) Prevent deprecation warnings by removing template formats ([@mikelkew])
9
+ * [#297](https://github.com/rails/web-console/pull/297) Use MutationObserver instead of Mutation Events ([@mikelkew])
10
+ * [#296](https://github.com/rails/web-console/pull/296) Add CSP nonce to injected scripts and styles ([@mikelkew])
11
+
5
12
  ## 4.0.4
6
13
 
7
14
  * [fb483743](https://github.com/rails/web-console/commit/fb483743a6a2a4168cdc0b2e03f48fc393991b73) Fix a crash on webrick with Rack 2.2.3 ([@gsamokovarov])
@@ -145,6 +152,8 @@ go to 3.1.0 instead.
145
152
  * [#84](https://github.com/rails/web-console/pull/84) Allow Rails 5 as dependency in gemspec ([@jonatack])
146
153
  * [#69](https://github.com/rails/web-console/pull/69) Introduce middleware for request dispatch and console rendering ([@gsamokovarov])
147
154
 
155
+ [@stephannv]: https://github.com/stephannv
156
+ [@mikelkew]: https://github.com/mikelkew
148
157
  [@jonatack]: https://github.com/jonatack
149
158
  [@ryandao]: https://github.com/ryandao
150
159
  [@jeffnv]: https://github.com/jeffnv
data/README.markdown CHANGED
@@ -1,7 +1,8 @@
1
1
  <p align=right>
2
- Documentation for:
2
+ <strong>Current version: 4.1.0</strong> Documentation for:
3
3
  <a href=https://github.com/rails/web-console/tree/v1.0.4>v1.0.4</a>
4
4
  <a href=https://github.com/rails/web-console/tree/v2.2.1>v2.2.1</a>
5
+ <a href=https://github.com/rails/web-console/tree/v3.7.0>v3.7.0</a>
5
6
  </p>
6
7
 
7
8
  # Web Console [![Build Status](https://travis-ci.org/rails/web-console.svg?branch=master)](https://travis-ci.org/rails/web-console)
data/lib/web_console/template.rb CHANGED
@@ -17,7 +17,7 @@ module WebConsole
17
17
 
18
18
  # Render a template (inferred from +template_paths+) as a plain string.
19
19
  def render(template)
20
- view = View.new(ActionView::LookupContext.new(template_paths), instance_values)
20
+ view = View.with_empty_template_cache.with_view_paths(template_paths, instance_values)
21
21
  view.render(template: template, layout: false)
22
22
  end
23
23
  end
data/lib/web_console/templates/console.js.erb CHANGED
@@ -251,12 +251,14 @@ Autocomplete.prototype.removeView = function() {
251
251
  }
252
252
 
253
253
  // HTML strings for dynamic elements.
254
- var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup.html' %>;
255
- var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup.html' %>;
254
+ var consoleInnerHtml = <%= render_inlined_string '_inner_console_markup' %>;
255
+ var promptBoxHtml = <%= render_inlined_string '_prompt_box_markup' %>;
256
256
  // CSS
257
- var consoleStyleCss = <%= render_inlined_string 'style.css' %>;
257
+ var consoleStyleCss = <%= render_inlined_string 'style' %>;
258
258
  // Insert a style element with the unique ID
259
259
  var styleElementId = 'sr02459pvbvrmhco';
260
+ // Nonce to use for CSP
261
+ var styleElementNonce = '<%= @nonce %>';
260
262
 
261
263
  // REPLConsole Constructor
262
264
  function REPLConsole(config) {
@@ -416,6 +418,14 @@ REPLConsole.prototype.install = function(container) {
416
418
  }
417
419
  }
418
420
 
421
+ var observer = new MutationObserver(function(mutationsList) {
422
+ for (let mutation of mutationsList) {
423
+ if (mutation.type === 'childList' && mutation.addedNodes.length > 0) {
424
+ shiftConsoleActions();
425
+ }
426
+ }
427
+ });
428
+
419
429
  // Initialize
420
430
  this.container = container;
421
431
  this.outer = consoleOuter;
@@ -427,7 +437,7 @@ REPLConsole.prototype.install = function(container) {
427
437
 
428
438
  findChild(container, 'resizer').addEventListener('mousedown', resizeContainer);
429
439
  findChild(consoleActions, 'close-button').addEventListener('click', closeContainer);
430
- consoleOuter.addEventListener('DOMNodeInserted', shiftConsoleActions);
440
+ observer.observe(consoleOuter, { childList: true, subtree: true });
431
441
 
432
442
  REPLConsole.currentSession = this;
433
443
  };
@@ -441,6 +451,9 @@ REPLConsole.prototype.insertCss = function() {
441
451
  style.type = 'text/css';
442
452
  style.innerHTML = consoleStyleCss;
443
453
  style.id = styleElementId;
454
+ if (styleElementNonce.length > 0) {
455
+ style.nonce = styleElementNonce;
456
+ }
444
457
  document.getElementsByTagName('head')[0].appendChild(style);
445
458
  };
446
459
 
data/lib/web_console/templates/layouts/javascript.erb CHANGED
@@ -1,4 +1,4 @@
1
- <script type="text/javascript" data-template="<%= @template %>">
1
+ <script type="text/javascript" data-template="<%= @template %>" nonce="<%= @nonce %>">
2
2
  (function() {
3
3
  <%= yield %>
4
4
  }).call(this);
data/lib/web_console/templates/style.css.erb CHANGED
@@ -49,7 +49,7 @@
49
49
  font-size: 11px;
50
50
  width: 100%;
51
51
  height: 100%;
52
- overflow: none;
52
+ overflow: unset;
53
53
  background: #333;
54
54
  }
55
55
 
data/lib/web_console/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WebConsole
4
- VERSION = "4.0.4"
4
+ VERSION = "4.1.0"
5
5
  end
data/lib/web_console/view.rb CHANGED
@@ -22,6 +22,7 @@ module WebConsole
22
22
  # leaking globals, unless you explicitly want to.
23
23
  def render_javascript(template)
24
24
  assign(template: template)
25
+ assign(nonce: @env["action_dispatch.content_security_policy_nonce"])
25
26
  render(template: template, layout: "layouts/javascript")
26
27
  end
27
28
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web-console
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.4
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charlie Somerville
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2020-07-12 00:00:00.000000000 Z
14
+ date: 2020-11-05 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties