Module: Haml::Helpers::XssMods

Defined in:
lib/haml/helpers/xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it's only used for modifying the helpers to work with Rails' XSS protection methods.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



8
9
10
11
12
13
14
15
 
# File 'lib/haml/helpers/xss_mods.rb', line 8

def self.included(base)
  %w[html_escape find_and_preserve preserve list_of surround
     precede succeed capture_haml haml_concat haml_indent
     haml_tag escape_once].each do |name|
    base.send(:alias_method, "#{name}_without_haml_xss", name)
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
end

Instance Method Details

#capture_haml_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe



59
60
61
 
# File 'lib/haml/helpers/xss_mods.rb', line 59

def capture_haml_with_haml_xss(*args, &block)
  capture_haml_without_haml_xss(*args, &block).html_safe!
end

#escape_once_with_haml_xss(*args) ⇒ Object

Output is always HTML safe



81
82
83
 
# File 'lib/haml/helpers/xss_mods.rb', line 81

def escape_once_with_haml_xss(*args)
  escape_once_without_haml_xss(*args).html_safe!
end

#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe



26
27
28
 
# File 'lib/haml/helpers/xss_mods.rb', line 26

def find_and_preserve_with_haml_xss(*args, &block)
  find_and_preserve_without_haml_xss(*args, &block).html_safe!
end

#haml_concat_with_haml_xss(text = "") ⇒ Object

Input is escaped



64
65
66
 
# File 'lib/haml/helpers/xss_mods.rb', line 64

def haml_concat_with_haml_xss(text = "")
  haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text))
end

#haml_indent_with_haml_xssObject

Output is always HTML safe



69
70
71
 
# File 'lib/haml/helpers/xss_mods.rb', line 69

def haml_indent_with_haml_xss
  haml_indent_without_haml_xss.html_safe!
end

#haml_tag_with_haml_xss(name, *rest, &block) ⇒ Object

Input is escaped, haml_concat'ed output is always HTML safe



74
75
76
77
78
 
# File 'lib/haml/helpers/xss_mods.rb', line 74

def haml_tag_with_haml_xss(name, *rest, &block)
  name = haml_xss_html_escape(name.to_s)
  rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
  with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
end

#html_escape_with_haml_xss(text) ⇒ Object

Don't escape text that's already safe, output is always HTML safe



19
20
21
22
23
 
# File 'lib/haml/helpers/xss_mods.rb', line 19

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  html_escape_without_haml_xss(str).html_safe!
end

#list_of_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe



36
37
38
 
# File 'lib/haml/helpers/xss_mods.rb', line 36

def list_of_with_haml_xss(*args, &block)
  list_of_without_haml_xss(*args, &block).html_safe!
end

#precede_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe



49
50
51
 
# File 'lib/haml/helpers/xss_mods.rb', line 49

def precede_with_haml_xss(str, &block)
  precede_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end

#preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe



31
32
33
 
# File 'lib/haml/helpers/xss_mods.rb', line 31

def preserve_with_haml_xss(*args, &block)
  preserve_without_haml_xss(*args, &block).html_safe!
end

#succeed_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe



54
55
56
 
# File 'lib/haml/helpers/xss_mods.rb', line 54

def succeed_with_haml_xss(str, &block)
  succeed_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end

#surround_with_haml_xss(front, back = front, &block) ⇒ Object

Input is escaped, output is always HTML safe



41
42
43
44
45
46
 
# File 'lib/haml/helpers/xss_mods.rb', line 41

def surround_with_haml_xss(front, back = front, &block)
  surround_without_haml_xss(
    haml_xss_html_escape(front),
    haml_xss_html_escape(back),
    &block).html_safe!
end