@rails/ujs
Advanced tools
Comparing version 6.0.0-beta3 to 6.0.0-rc1
@@ -0,9 +1,44 @@ | ||
## Rails 6.0.0.rc1 (April 24, 2019) ## | ||
* Fix partial caching skips same item issue | ||
If we render cached collection partials with repeated items, those repeated items | ||
will get skipped. For example, if you have 5 identical items in your collection, Rails | ||
only renders the first one when `cached` is set to true. But it should render all | ||
5 items instead. | ||
Fixes #35114. | ||
*Stan Lo* | ||
* Only clear ActionView cache in development on file changes | ||
To speed up development mode, view caches are only cleared when files in | ||
the view paths have changed. Applications which have implemented custom | ||
`ActionView::Resolver` subclasses may need to add their own cache clearing. | ||
*John Hawthorn* | ||
* Fix `ActionView::FixtureResolver` so that it handles template variants correctly. | ||
*Edward Rudd* | ||
## Rails 6.0.0.beta3 (March 11, 2019) ## | ||
* No changes. | ||
* Only accept formats from registered mime types | ||
A lack of filtering on mime types could allow an attacker to read | ||
arbitrary files on the target server or to perform a denial of service | ||
attack. | ||
Fixes CVE-2019-5418 | ||
Fixes CVE-2019-5419 | ||
*John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* | ||
## Rails 6.0.0.beta2 (February 25, 2019) ## | ||
* ActionView::Template.finalize_compiled_template_methods is deprecated with | ||
* `ActionView::Template.finalize_compiled_template_methods` is deprecated with | ||
no replacement. | ||
@@ -13,3 +48,3 @@ | ||
* config.action_view.finalize_compiled_template_methods is deprecated with | ||
* `config.action_view.finalize_compiled_template_methods` is deprecated with | ||
no replacement. | ||
@@ -20,4 +55,5 @@ | ||
* Ensure unique DOM IDs for collection inputs with float values. | ||
Fixes #34974 | ||
Fixes #34974. | ||
*Mark Edmondson* | ||
@@ -24,0 +60,0 @@ |
@@ -35,10 +35,15 @@ /* | ||
(function() { | ||
var cspNonce; | ||
var nonce; | ||
cspNonce = Rails.cspNonce = function() { | ||
var meta; | ||
meta = document.querySelector('meta[name=csp-nonce]'); | ||
return meta && meta.content; | ||
nonce = null; | ||
Rails.loadCSPNonce = function() { | ||
var ref; | ||
return nonce = (ref = document.querySelector("meta[name=csp-nonce]")) != null ? ref.content : void 0; | ||
}; | ||
Rails.cspNonce = function() { | ||
return nonce != null ? nonce : Rails.loadCSPNonce(); | ||
}; | ||
}).call(this); | ||
@@ -269,3 +274,3 @@ (function() { | ||
document.head.appendChild(script).parentNode.removeChild(script); | ||
} else if (type.match(/\bxml\b/)) { | ||
} else if (type.match(/\b(xml|html|svg)\b/)) { | ||
parser = new DOMParser(); | ||
@@ -659,5 +664,5 @@ type = type.replace(/;.+/, ''); | ||
(function() { | ||
var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMethod, handleRemote, preventInsignificantClick, refreshCSRFTokens; | ||
var $, CSRFProtection, delegate, disableElement, enableElement, fire, formSubmitButtonClick, getData, handleConfirm, handleDisabledElement, handleMethod, handleRemote, loadCSPNonce, preventInsignificantClick, refreshCSRFTokens; | ||
fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, preventInsignificantClick = Rails.preventInsignificantClick, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMethod = Rails.handleMethod; | ||
fire = Rails.fire, delegate = Rails.delegate, getData = Rails.getData, $ = Rails.$, refreshCSRFTokens = Rails.refreshCSRFTokens, CSRFProtection = Rails.CSRFProtection, loadCSPNonce = Rails.loadCSPNonce, enableElement = Rails.enableElement, disableElement = Rails.disableElement, handleDisabledElement = Rails.handleDisabledElement, handleConfirm = Rails.handleConfirm, preventInsignificantClick = Rails.preventInsignificantClick, handleRemote = Rails.handleRemote, formSubmitButtonClick = Rails.formSubmitButtonClick, handleMethod = Rails.handleMethod; | ||
@@ -725,2 +730,3 @@ if ((typeof jQuery !== "undefined" && jQuery !== null) && (jQuery.ajax != null)) { | ||
document.addEventListener('DOMContentLoaded', refreshCSRFTokens); | ||
document.addEventListener('DOMContentLoaded', loadCSPNonce); | ||
return window._rails_loaded = true; | ||
@@ -727,0 +733,0 @@ }; |
{ | ||
"name": "@rails/ujs", | ||
"version": "6.0.0-beta3", | ||
"version": "6.0.0-rc1", | ||
"description": "Ruby on Rails unobtrusive scripting adapter", | ||
@@ -5,0 +5,0 @@ "main": "lib/assets/compiled/rails-ujs.js", |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
37928
669
41
0