Module: Haml::Helpers::XssMods

Defined in:
lib/haml/helpers/xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it's only used for modifying the helpers to work with Rails' XSS protection methods.

Instance Method Summary collapse

Instance Method Details

#capture_haml_with_haml_xss(*args, &block)

Output is always HTML safe



60
61
62
 
# File 'lib/haml/helpers/xss_mods.rb', line 60

def capture_haml_with_haml_xss(*args, &block)
  Haml::Util.html_safe(capture_haml_without_haml_xss(*args, &block))
end

#escape_once_with_haml_xss(*args)

Output is always HTML safe



82
83
84
 
# File 'lib/haml/helpers/xss_mods.rb', line 82

def escape_once_with_haml_xss(*args)
  Haml::Util.html_safe(escape_once_without_haml_xss(*args))
end

#find_and_preserve_with_haml_xss(*args, &block)

Output is always HTML safe



26
27
28
 
# File 'lib/haml/helpers/xss_mods.rb', line 26

def find_and_preserve_with_haml_xss(*args, &block)
  Haml::Util.html_safe(find_and_preserve_without_haml_xss(*args, &block))
end

#haml_concat_with_haml_xss(text = "")

Input is escaped



65
66
67
 
# File 'lib/haml/helpers/xss_mods.rb', line 65

def haml_concat_with_haml_xss(text = "")
  haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text))
end

#haml_indent_with_haml_xss

Output is always HTML safe



70
71
72
 
# File 'lib/haml/helpers/xss_mods.rb', line 70

def haml_indent_with_haml_xss
  Haml::Util.html_safe(haml_indent_without_haml_xss)
end

#haml_tag_with_haml_xss(name, *rest, &block)

Input is escaped, haml_concat'ed output is always HTML safe



75
76
77
78
79
 
# File 'lib/haml/helpers/xss_mods.rb', line 75

def haml_tag_with_haml_xss(name, *rest, &block)
  name = haml_xss_html_escape(name.to_s)
  rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
  with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
end

#html_escape_with_haml_xss(text)

Don't escape text that's already safe, output is always HTML safe



19
20
21
22
23
 
# File 'lib/haml/helpers/xss_mods.rb', line 19

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  Haml::Util.html_safe(html_escape_without_haml_xss(str))
end

#list_of_with_haml_xss(*args, &block)

Output is always HTML safe



36
37
38
 
# File 'lib/haml/helpers/xss_mods.rb', line 36

def list_of_with_haml_xss(*args, &block)
  Haml::Util.html_safe(list_of_without_haml_xss(*args, &block))
end

#precede_with_haml_xss(str, &block)

Input is escaped, output is always HTML safe



50
51
52
 
# File 'lib/haml/helpers/xss_mods.rb', line 50

def precede_with_haml_xss(str, &block)
  Haml::Util.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
end

#preserve_with_haml_xss(*args, &block)

Output is always HTML safe



31
32
33
 
# File 'lib/haml/helpers/xss_mods.rb', line 31

def preserve_with_haml_xss(*args, &block)
  Haml::Util.html_safe(preserve_without_haml_xss(*args, &block))
end

#succeed_with_haml_xss(str, &block)

Input is escaped, output is always HTML safe



55
56
57
 
# File 'lib/haml/helpers/xss_mods.rb', line 55

def succeed_with_haml_xss(str, &block)
  Haml::Util.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
end

#surround_with_haml_xss(front, back = front, &block)

Input is escaped, output is always HTML safe



41
42
43
44
45
46
47
 
# File 'lib/haml/helpers/xss_mods.rb', line 41

def surround_with_haml_xss(front, back = front, &block)
  Haml::Util.html_safe(
    surround_without_haml_xss(
      haml_xss_html_escape(front),
      haml_xss_html_escape(back),
      &block))
end