Module: Hamlit::HamlHelpers::XssMods
- Included in:
- Hamlit::HamlHelpers
- Defined in:
- lib/hamlit/parser/haml_xss_mods.rb
Overview
This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.
Class Method Summary collapse
Instance Method Summary collapse
-
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe.
-
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input will be escaped unless this is in a ‘with_raw_haml_concat` block.
-
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe.
-
#html_escape_with_haml_xss(text) ⇒ Object
Don’t escape text that’s already safe, output is always HTML safe.
-
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe.
Class Method Details
.included(base) ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 8 def self.included(base) %w[find_and_preserve preserve list_of surround precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name| base.send(:alias_method, "#{name}_without_haml_xss", name) base.send(:alias_method, name, "#{name}_with_haml_xss") end # Those two always have _without_haml_xss %w[html_escape escape_once].each do |name| base.send(:alias_method, name, "#{name}_with_haml_xss") end end |
Instance Method Details
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
63 64 65 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 63 def capture_haml_with_haml_xss(*args, &block) ::Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block)) end |
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe
91 92 93 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 91 def escape_once_with_haml_xss(*args) ::Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args)) end |
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
29 30 31 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 29 def find_and_preserve_with_haml_xss(*args, &block) ::Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block)) end |
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input will be escaped unless this is in a ‘with_raw_haml_concat` block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.
69 70 71 72 73 74 75 76 77 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 69 def haml_concat_with_haml_xss(text = "") raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false if raw haml_internal_concat_raw text else haml_internal_concat text end ErrorReturn.new("haml_concat") end |
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe
86 87 88 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 86 def haml_indent_with_haml_xss ::Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss) end |
#html_escape_with_haml_xss(text) ⇒ Object
Don’t escape text that’s already safe, output is always HTML safe
22 23 24 25 26 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 22 def html_escape_with_haml_xss(text) str = text.to_s return text if str.html_safe? ::Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str)) end |
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
39 40 41 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 39 def list_of_with_haml_xss(*args, &block) ::Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block)) end |
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
53 54 55 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 53 def precede_with_haml_xss(str, &block) ::Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block)) end |
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
34 35 36 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 34 def preserve_with_haml_xss(*args, &block) ::Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block)) end |
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
58 59 60 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 58 def succeed_with_haml_xss(str, &block) ::Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block)) end |
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe
44 45 46 47 48 49 50 |
# File 'lib/hamlit/parser/haml_xss_mods.rb', line 44 def surround_with_haml_xss(front, back = front, &block) ::Hamlit::HamlUtil.html_safe( surround_without_haml_xss( haml_xss_html_escape(front), haml_xss_html_escape(back), &block)) end |