Class: AngularXss::Escaper

Inherits:

Object

Object
AngularXss::Escaper

show all

Defined in:: lib/angular_xss/escaper.rb

Constant Summary collapse

XSS_DISABLED_KEY =

:_angular_xss_disabled

Class Method Summary collapse

.disable ⇒ Object
.disabled? ⇒ Boolean
.escape(string) ⇒ Object

BRACE = [ ‘{’, ‘{’, ‘{’, ‘&#x0*7b;’, ‘&#0*123;’, ] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#BRACE.join(‘|’))”, Regexp::IGNORECASE).

Class Method Details

.disable ⇒ `Object`

# File 'lib/angular_xss/escaper.rb', line 33

def self.disable
  old_disabled = Thread.current[XSS_DISABLED_KEY]
  Thread.current[XSS_DISABLED_KEY] = true
  yield
ensure
  Thread.current[XSS_DISABLED_KEY] = old_disabled
end

.disabled? ⇒ `Boolean`

Returns:

(Boolean)



29
30
31

# File 'lib/angular_xss/escaper.rb', line 29

def self.disabled?
  !!Thread.current[XSS_DISABLED_KEY]
end

.escape(string) ⇒ `Object`

BRACE = [

'\\{',
'&lcub;',
'&lbrace;',
'&#x0*7b;',
'&#0*123;',

] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#{BRACE.join(‘|’)})”, Regexp::IGNORECASE)

# File 'lib/angular_xss/escaper.rb', line 21

def self.escape(string)
  if disabled?
    string
  else
    string.gsub('{{', ' { { ')
  end
end

Class: AngularXss::Escaper

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.disable ⇒ Object

.disabled? ⇒ Boolean

.escape(string) ⇒ Object

.disable ⇒ `Object`

.disabled? ⇒ `Boolean`

.escape(string) ⇒ `Object`