Class: TaintedLove::Replacer::ReplaceActionView

Inherits:

Base

Object
Base
TaintedLove::Replacer::ReplaceActionView

show all

Defined in:: lib/tainted_love/replacer/replace_action_view.rb

Instance Method Summary collapse

Methods inherited from Base

replacers

Instance Method Details

#replace! ⇒ `Object`

# File 'lib/tainted_love/replacer/replace_action_view.rb', line 10

def replace!
  ActionView::OutputBuffer.class_eval do
    def append=(value)
      if value.tainted? && value.html_safe?
        TaintedLove.report(
          :ReplaceActionView,
          value,
          [:xss],
          'Tainted string is html_safe'
        )
      end

      self << value
    end
  end

  # Untaint the yield of a template
  mod = Module.new do
    def render(*args, &block)
      super(*args) do |*sub_args, &sub_block|
        block.call(*sub_args, &sub_block).untaint
      end.untaint
    end
  end

  ActionView::Template.prepend(mod) if Object.const_defined?('ActionView::Template')
end

#should_replace? ⇒ `Boolean`

Returns:

(Boolean)



6
7
8

# File 'lib/tainted_love/replacer/replace_action_view.rb', line 6

def should_replace?
  Object.const_defined?('ActionView')
end

Class: TaintedLove::Replacer::ReplaceActionView

Instance Method Summary collapse

Methods inherited from Base

Instance Method Details

#replace! ⇒ Object

#should_replace? ⇒ Boolean

#replace! ⇒ `Object`

#should_replace? ⇒ `Boolean`