Module: Hamlit::HamlHelpers::XssMods

Included in:
Hamlit::HamlHelpers
Defined in:
lib/hamlit/parser/haml_xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it's only used for modifying the helpers to work with Rails' XSS protection methods.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object


8
9
10
11
12
13
14
15
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 8

def self.included(base)
  %w[html_escape find_and_preserve preserve list_of surround
     precede succeed capture_haml haml_concat haml_internal_concat haml_indent
     escape_once].each do |name|
    base.send(:alias_method, "#{name}_without_haml_xss", name)
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
end

Instance Method Details

#capture_haml_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe


60
61
62
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 60

def capture_haml_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block))
end

#escape_once_with_haml_xss(*args) ⇒ Object

Output is always HTML safe


88
89
90
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 88

def escape_once_with_haml_xss(*args)
  ::Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args))
end

#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe


26
27
28
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 26

def find_and_preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block))
end

#haml_concat_with_haml_xss(text = "") ⇒ Object

Input will be escaped unless this is in a `with_raw_haml_concat` block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.


66
67
68
69
70
71
72
73
74
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 66

def haml_concat_with_haml_xss(text = "")
  raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
  if raw
    haml_internal_concat_raw text
  else
    haml_internal_concat text
  end
  ErrorReturn.new("haml_concat")
end

#haml_indent_with_haml_xssObject

Output is always HTML safe


83
84
85
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 83

def haml_indent_with_haml_xss
  ::Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss)
end

#html_escape_with_haml_xss(text) ⇒ Object

Don't escape text that's already safe, output is always HTML safe


19
20
21
22
23
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 19

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  ::Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str))
end

#list_of_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe


36
37
38
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 36

def list_of_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block))
end

#precede_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe


50
51
52
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 50

def precede_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
end

#preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe


31
32
33
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 31

def preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block))
end

#succeed_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe


55
56
57
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 55

def succeed_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
end

#surround_with_haml_xss(front, back = front, &block) ⇒ Object

Input is escaped, output is always HTML safe


41
42
43
44
45
46
47
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 41

def surround_with_haml_xss(front, back = front, &block)
  ::Hamlit::HamlUtil.html_safe(
    surround_without_haml_xss(
      haml_xss_html_escape(front),
      haml_xss_html_escape(back),
      &block))
end