Module: Hamlit::HamlHelpers::XssMods
- Included in:
- Hamlit::HamlHelpers
- Defined in:
- lib/hamlit/parser/haml_helpers/xss_mods.rb
Overview
This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.
Class Method Summary collapse
Instance Method Summary collapse
-
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe.
-
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input will be escaped unless this is in a ‘with_raw_haml_concat` block.
-
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe.
-
#html_escape_with_haml_xss(text) ⇒ Object
Don’t escape text that’s already safe, output is always HTML safe.
-
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe.
Class Method Details
.included(base) ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 10 def self.included(base) %w[find_and_preserve preserve list_of surround precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name| base.send(:alias_method, "#{name}_without_haml_xss", name) base.send(:alias_method, name, "#{name}_with_haml_xss") end # Those two always have _without_haml_xss %w[html_escape escape_once].each do |name| base.send(:alias_method, name, "#{name}_with_haml_xss") end end |
Instance Method Details
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
65 66 67 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 65 def capture_haml_with_haml_xss(*args, &block) Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block)) end |
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe
93 94 95 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 93 def escape_once_with_haml_xss(*args) Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args)) end |
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
31 32 33 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 31 def find_and_preserve_with_haml_xss(*args, &block) Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block)) end |
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input will be escaped unless this is in a ‘with_raw_haml_concat` block. See #Hamlit::HamlHelpers::ActionViewExtensions#with_raw_haml_concat.
71 72 73 74 75 76 77 78 79 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 71 def haml_concat_with_haml_xss(text = "") raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false if raw haml_internal_concat_raw text else haml_internal_concat text end ErrorReturn.new("haml_concat") end |
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe
88 89 90 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 88 def haml_indent_with_haml_xss Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss) end |
#html_escape_with_haml_xss(text) ⇒ Object
Don’t escape text that’s already safe, output is always HTML safe
24 25 26 27 28 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 24 def html_escape_with_haml_xss(text) str = text.to_s return text if str.html_safe? Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str)) end |
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
41 42 43 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 41 def list_of_with_haml_xss(*args, &block) Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block)) end |
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
55 56 57 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 55 def precede_with_haml_xss(str, &block) Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block)) end |
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
36 37 38 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 36 def preserve_with_haml_xss(*args, &block) Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block)) end |
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
60 61 62 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 60 def succeed_with_haml_xss(str, &block) Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block)) end |
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe
46 47 48 49 50 51 52 |
# File 'lib/hamlit/parser/haml_helpers/xss_mods.rb', line 46 def surround_with_haml_xss(front, back = front, &block) Hamlit::HamlUtil.html_safe( surround_without_haml_xss( haml_xss_html_escape(front), haml_xss_html_escape(back), &block)) end |