Module | Haml::Helpers::XssMods |
In: |
lib/haml/helpers/xss_mods.rb
|
This module overrides Haml helpers to work properly in the context of ActionView. Currently it‘s only used for modifying the helpers to work with Rails’ XSS protection methods.
# File lib/haml/helpers/xss_mods.rb, line 8 8: def self.included(base) 9: %w[html_escape find_and_preserve preserve list_of surround 10: precede succeed capture_haml haml_concat haml_indent 11: haml_tag escape_once].each do |name| 12: base.send(:alias_method, "#{name}_without_haml_xss", name) 13: base.send(:alias_method, name, "#{name}_with_haml_xss") 14: end 15: end
Input is escaped
# File lib/haml/helpers/xss_mods.rb, line 65 65: def haml_concat_with_haml_xss(text = "") 66: haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text)) 67: end
Input is escaped, haml_concat‘ed output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 75 75: def haml_tag_with_haml_xss(name, *rest, &block) 76: name = haml_xss_html_escape(name.to_s) 77: rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t} 78: with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)} 79: end
Input is escaped, output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 41 41: def surround_with_haml_xss(front, back = front, &block) 42: Haml::Util.html_safe( 43: surround_without_haml_xss( 44: haml_xss_html_escape(front), 45: haml_xss_html_escape(back), 46: &block)) 47: end