Module: Hamlit::HamlHelpers::XssMods

Included in:

Hamlit::HamlHelpers

Defined in:

lib/hamlit/parser/haml_helpers/xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #capture_haml_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #escape_once_with_haml_xss(*args) ⇒ Object

  Output is always HTML safe.

• #find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #haml_concat_with_haml_xss(text = "") ⇒ Object

  Input will be escaped unless this is in a ‘with_raw_haml_concat` block.

• #haml_indent_with_haml_xss ⇒ Object

  Output is always HTML safe.

• #html_escape_with_haml_xss(text) ⇒ Object

  Don’t escape text that’s already safe, output is always HTML safe.

• #list_of_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #precede_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #succeed_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #surround_with_haml_xss(front, back = front, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

Class Method Details

.included(base) ⇒ Object

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 10

def self.included(base)
  %w[find_and_preserve preserve list_of surround
     precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
    base.send(:alias_method, "#{name}_without_haml_xss", name)
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
  # Those two always have _without_haml_xss
  %w[html_escape escape_once].each do |name|
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
end

Instance Method Details

#capture_haml_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 65

def capture_haml_with_haml_xss(*args, &block)
  Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block))
end

#escape_once_with_haml_xss(*args) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 93

def escape_once_with_haml_xss(*args)
  Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args))
end

#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 31

def find_and_preserve_with_haml_xss(*args, &block)
  Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block))
end

#haml_concat_with_haml_xss(text = "") ⇒ Object

Input will be escaped unless this is in a ‘with_raw_haml_concat` block. See #Hamlit::HamlHelpers::ActionViewExtensions#with_raw_haml_concat.

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 71

def haml_concat_with_haml_xss(text = "")
  raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
  if raw
    haml_internal_concat_raw text
  else
    haml_internal_concat text
  end
  ErrorReturn.new("haml_concat")
end

#haml_indent_with_haml_xss ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 88

def haml_indent_with_haml_xss
  Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss)
end

#html_escape_with_haml_xss(text) ⇒ Object

Don’t escape text that’s already safe, output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 24

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str))
end

#list_of_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 41

def list_of_with_haml_xss(*args, &block)
  Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block))
end

#precede_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 55

def precede_with_haml_xss(str, &block)
  Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
end

#preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 36

def preserve_with_haml_xss(*args, &block)
  Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block))
end

#succeed_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 60

def succeed_with_haml_xss(str, &block)
  Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
end

#surround_with_haml_xss(front, back = front, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 46

def surround_with_haml_xss(front, back = front, &block)
  Hamlit::HamlUtil.html_safe(
    surround_without_haml_xss(
      haml_xss_html_escape(front),
      haml_xss_html_escape(back),
      &block))
end