Class: AngularXss::Escaper

Inherits:

Object

Object
AngularXss::Escaper

show all

Defined in:: lib/angular_xss/escaper.rb

Constant Summary collapse

XSS_DISABLED_KEY =

:_angular_xss_disabled

Class Method Summary collapse

.disable ⇒ Object
.disabled? ⇒ Boolean
.escape(string) ⇒ Object

BRACE = [ ‘{’, ‘{’, ‘{’, ‘&#x0*7b;’, ‘&#0*123;’, ] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#BRACE.join(‘|’))”, Regexp::IGNORECASE).
.escape_if_unsafe(string) ⇒ Object

Class Method Details

.disable ⇒ `Object`

# File 'lib/angular_xss/escaper.rb', line 42

def self.disable
  old_disabled = Thread.current[XSS_DISABLED_KEY]
  Thread.current[XSS_DISABLED_KEY] = true
  yield
ensure
  Thread.current[XSS_DISABLED_KEY] = old_disabled
end

.disabled? ⇒ `Boolean`

Returns:

(Boolean)



38
39
40

# File 'lib/angular_xss/escaper.rb', line 38

def self.disabled?
  !!Thread.current[XSS_DISABLED_KEY]
end

.escape(string) ⇒ `Object`

BRACE = [

'\\{',
'&lcub;',
'&lbrace;',
'&#x0*7b;',
'&#0*123;',

] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#{BRACE.join(‘|’)})”, Regexp::IGNORECASE)

# File 'lib/angular_xss/escaper.rb', line 21

def self.escape(string)
  return unless string
  if disabled?
    string
  else
    string.to_s.gsub('{{'.freeze, '{{ $root.DOUBLE_LEFT_CURLY_BRACE }}'.freeze)
  end
end

.escape_if_unsafe(string) ⇒ `Object`

# File 'lib/angular_xss/escaper.rb', line 30

def self.escape_if_unsafe(string)
  if string.nil? || string.to_s.html_safe?
    string
  else
    escape(string.to_s)
  end
end

Class: AngularXss::Escaper

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.disable ⇒ Object

.disabled? ⇒ Boolean

.escape(string) ⇒ Object

.escape_if_unsafe(string) ⇒ Object

.disable ⇒ `Object`

.disabled? ⇒ `Boolean`

.escape(string) ⇒ `Object`

.escape_if_unsafe(string) ⇒ `Object`