Module: Hamlit::HamlHelpers::XssMods

Included in:

Hamlit::HamlHelpers

Defined in:

lib/hamlit/parser/haml_xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #capture_haml_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #escape_once_with_haml_xss(*args) ⇒ Object

  Output is always HTML safe.

• #find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #haml_concat_with_haml_xss(text = "") ⇒ Object

  Input will be escaped unless this is in a ‘with_raw_haml_concat` block.

• #haml_indent_with_haml_xss ⇒ Object

  Output is always HTML safe.

• #html_escape_with_haml_xss(text) ⇒ Object

  Don’t escape text that’s already safe, output is always HTML safe.

• #list_of_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #precede_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #succeed_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #surround_with_haml_xss(front, back = front, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

Class Method Details

.included(base) ⇒ Object

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 8

def self.included(base)
  %w[find_and_preserve preserve list_of surround
     precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
    base.send(:alias_method, "#{name}_without_haml_xss", name)
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
  # Those two always have _without_haml_xss
  %w[html_escape escape_once].each do |name|
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
end

Instance Method Details

#capture_haml_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 63

def capture_haml_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block))
end

#escape_once_with_haml_xss(*args) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 91

def escape_once_with_haml_xss(*args)
  ::Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args))
end

#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 29

def find_and_preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block))
end

#haml_concat_with_haml_xss(text = "") ⇒ Object

Input will be escaped unless this is in a ‘with_raw_haml_concat` block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 69

def haml_concat_with_haml_xss(text = "")
  raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
  if raw
    haml_internal_concat_raw text
  else
    haml_internal_concat text
  end
  ErrorReturn.new("haml_concat")
end

#haml_indent_with_haml_xss ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 86

def haml_indent_with_haml_xss
  ::Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss)
end

#html_escape_with_haml_xss(text) ⇒ Object

Don’t escape text that’s already safe, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 22

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  ::Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str))
end

#list_of_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 39

def list_of_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block))
end

#precede_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 53

def precede_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
end

#preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 34

def preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block))
end

#succeed_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 58

def succeed_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
end

#surround_with_haml_xss(front, back = front, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 44

def surround_with_haml_xss(front, back = front, &block)
  ::Hamlit::HamlUtil.html_safe(
    surround_without_haml_xss(
      haml_xss_html_escape(front),
      haml_xss_html_escape(back),
      &block))
end