Module: Haml::Helpers::XssMods
- Defined in:
- lib/haml/helpers/xss_mods.rb
Overview
This module overrides Haml helpers to work properly in the context of ActionView. Currently it's only used for modifying the helpers to work with Rails' XSS protection methods.
Class Method Summary collapse
Instance Method Summary collapse
-
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe.
-
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input is escaped.
-
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe.
-
#haml_tag_with_haml_xss(name, *rest, &block) ⇒ Object
Input is escaped, haml_concat'ed output is always HTML safe.
-
#html_escape_with_haml_xss(text) ⇒ Object
Don't escape text that's already safe, output is always HTML safe.
-
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe.
Class Method Details
.included(base) ⇒ Object
8 9 10 11 12 13 14 15 |
# File 'lib/haml/helpers/xss_mods.rb', line 8
def self.included(base)
%w[html_escape find_and_preserve preserve list_of surround
precede succeed capture_haml haml_concat haml_indent
haml_tag escape_once].each do |name|
base.send(:alias_method, "#{name}_without_haml_xss", name)
base.send(:alias_method, name, "#{name}_with_haml_xss")
end
end
|
Instance Method Details
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
59 60 61 |
# File 'lib/haml/helpers/xss_mods.rb', line 59
def capture_haml_with_haml_xss(*args, &block)
capture_haml_without_haml_xss(*args, &block).html_safe!
end
|
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe
81 82 83 |
# File 'lib/haml/helpers/xss_mods.rb', line 81
def escape_once_with_haml_xss(*args)
escape_once_without_haml_xss(*args).html_safe!
end
|
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
26 27 28 |
# File 'lib/haml/helpers/xss_mods.rb', line 26
def find_and_preserve_with_haml_xss(*args, &block)
find_and_preserve_without_haml_xss(*args, &block).html_safe!
end
|
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input is escaped
64 65 66 |
# File 'lib/haml/helpers/xss_mods.rb', line 64
def haml_concat_with_haml_xss(text = "")
haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text))
end
|
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe
69 70 71 |
# File 'lib/haml/helpers/xss_mods.rb', line 69
def haml_indent_with_haml_xss
haml_indent_without_haml_xss.html_safe!
end
|
#haml_tag_with_haml_xss(name, *rest, &block) ⇒ Object
Input is escaped, haml_concat'ed output is always HTML safe
74 75 76 77 78 |
# File 'lib/haml/helpers/xss_mods.rb', line 74
def haml_tag_with_haml_xss(name, *rest, &block)
name = haml_xss_html_escape(name.to_s)
rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
end
|
#html_escape_with_haml_xss(text) ⇒ Object
Don't escape text that's already safe, output is always HTML safe
19 20 21 22 23 |
# File 'lib/haml/helpers/xss_mods.rb', line 19
def html_escape_with_haml_xss(text)
str = text.to_s
return text if str.html_safe?
html_escape_without_haml_xss(str).html_safe!
end
|
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
36 37 38 |
# File 'lib/haml/helpers/xss_mods.rb', line 36
def list_of_with_haml_xss(*args, &block)
list_of_without_haml_xss(*args, &block).html_safe!
end
|
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
49 50 51 |
# File 'lib/haml/helpers/xss_mods.rb', line 49
def precede_with_haml_xss(str, &block)
precede_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end
|
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
31 32 33 |
# File 'lib/haml/helpers/xss_mods.rb', line 31
def preserve_with_haml_xss(*args, &block)
preserve_without_haml_xss(*args, &block).html_safe!
end
|
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
54 55 56 |
# File 'lib/haml/helpers/xss_mods.rb', line 54
def succeed_with_haml_xss(str, &block)
succeed_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end
|
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe
41 42 43 44 45 46 |
# File 'lib/haml/helpers/xss_mods.rb', line 41
def surround_with_haml_xss(front, back = front, &block)
surround_without_haml_xss(
haml_xss_html_escape(front),
haml_xss_html_escape(back),
&block).html_safe!
end
|