Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:as_python3_module
rubygem-actionview-5_1.30716
rubygem-actionview-5_1-CVE-2023-23913.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-actionview-5_1-CVE-2023-23913.patch of Package rubygem-actionview-5_1.30716
Index: actionview-5.1.4/lib/assets/compiled/rails-ujs.js =================================================================== --- actionview-5.1.4.orig/lib/assets/compiled/rails-ujs.js +++ actionview-5.1.4/lib/assets/compiled/rails-ujs.js @@ -58,6 +58,22 @@ Released under the MIT license return element[expando][key] = value; }; + Rails.isContentEditable = function(element) { + var isEditable; + isEditable = false; + while (true) { + if (element.isContentEditable) { + isEditable = true; + break; + } + element = element.parentElement; + if (!element) { + break; + } + } + return isEditable; + }; + Rails.$ = function(selector) { return Array.prototype.slice.call(document.querySelectorAll(selector)); }; @@ -361,9 +377,9 @@ Released under the MIT license }).call(this); (function() { - var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, matches, setData, stopEverything; + var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isContentEditable, matches, setData, stopEverything; - matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements; + matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements, isContentEditable = Rails.isContentEditable; Rails.handleDisabledElement = function(e) { var element; @@ -376,6 +392,9 @@ Released under the MIT license Rails.enableElement = function(e) { var element; element = e instanceof Event ? e.target : e; + if (isContentEditable(element)) { + return; + } if (matches(element, Rails.linkDisableSelector)) { return enableLinkElement(element); } else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formEnableSelector)) { @@ -388,6 +407,9 @@ Released under the MIT license Rails.disableElement = function(e) { var element; element = e instanceof Event ? e.target : e; + if (isContentEditable(element)) { + return; + } if (matches(element, Rails.linkDisableSelector)) { return disableLinkElement(element); } else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formDisableSelector)) { @@ -460,10 +482,12 @@ Released under the MIT license }).call(this); (function() { - var stopEverything; + var isContentEditable, stopEverything; stopEverything = Rails.stopEverything; + isContentEditable = Rails.isContentEditable; + Rails.handleMethod = function(e) { var csrfParam, csrfToken, form, formContent, href, link, method; link = this; @@ -471,6 +495,9 @@ Released under the MIT license if (!method) { return; } + if (isContentEditable(this)) { + return; + } href = Rails.href(link); csrfToken = Rails.csrfToken(); csrfParam = Rails.csrfParam(); @@ -492,10 +519,10 @@ Released under the MIT license }).call(this); (function() { - var ajax, fire, getData, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything, + var ajax, fire, getData, isContentEditable, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything, slice = [].slice; - matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement; + matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement, isContentEditable = Rails.isContentEditable; isRemote = function(element) { var value; @@ -513,6 +540,10 @@ Released under the MIT license fire(element, 'ajax:stopped'); return false; } + if (isContentEditable(element)) { + fire(element, 'ajax:stopped'); + return false; + } withCredentials = element.getAttribute('data-with-credentials'); dataType = element.getAttribute('data-type') || 'script'; if (matches(element, Rails.formSubmitSelector)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor