diff --git a/CHANGELOG.md b/CHANGELOG.md index e1738a9..f897958 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,22 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html ## Unreleased ### Compatible changes + +### Breaking changes + +## 1.0 2024-07-02 + +### Compatible changes +* Bump version to 1.0 as this gem is production-ready for 10 years +* Declare the gem to be unmaintained * Add compatibility with Rails 7.1 * Add compatibility with HAML 6 * NOTE: Don't use HAML 6.0.0. AngularXSS relies on a patch [introduced in 6.0.1](https://github.com/haml/haml/blob/main/CHANGELOG.md#601). Anything newer should be fine - the gem is currently tested against HAML 6.3 * Refactor our patches to use `Module#prepend` instead of `Module#module_eval` * Refactor gem version comparisons to use `Gem::Version` instances * Refactor specs to use the `expect` syntax -* Add missing unit tests for patched methods * Improve test coverage for more interpolation scenarios in ERB and HAML - -### Breaking changes - +* Add unit tests for patched methods ## 0.4.1 2022-03-16 diff --git a/README.md b/README.md index 244ab5b..38a63fe 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,12 @@ This gem patches ERB/rails_xss and Haml so Angular interpolation symbols are aut **This is an unsatisfactory hack.** A better solution is very much desired, but is not possible without some changes in AngularJS. See the [related AngularJS issue](https://github.com/angular/angular.js/issues/5601). +🚧 Notice: unmaintained gem +------------------ + +We are no longer actively maintaining this gem. + +The `1.0` release added support for HAML 6 and Rails 7.1, so the gem will at least support Rails 3.2 - 7.1 and HAML 4 - 6. `angular_xss` might still work for future versions HAML and Rails, but we won't actively ensure it does. Disable escaping locally ------------------------ diff --git a/spec/templates/_test_haml.haml b/spec/templates/_test_haml.haml index 4b96b2d..8231113 100644 --- a/spec/templates/_test_haml.haml +++ b/spec/templates/_test_haml.haml @@ -5,7 +5,6 @@ -# them at runtime. Since they can contain user input, XSS logic applies. -# precompiled (static) - - if Gem::Version.new(Haml::VERSION) >= Gem::Version.new(6) -# HAML 6 is smart enough to recognize static strings and will not -# escape it - so neither do we