Class: Brakeman::Rails3Erubis

Inherits:
Erubis::Eruby
  • Object
show all
Defined in:
lib/brakeman/parsers/rails3_erubis.rb

Overview

This is from Rails 3 version of the Erubis handler

Constant Summary collapse

BLOCK_EXPR =
/\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/

Instance Method Summary collapse

Instance Method Details

#add_expr_escaped(src, code) ⇒ Object



48
49
50
51
52
53
54
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 48

def add_expr_escaped(src, code)
  if code =~ BLOCK_EXPR
    src << "@output_buffer.safe_append= " << code
  else
    src << "@output_buffer.safe_concat(" << code << ");"
  end
end

#add_expr_literal(src, code) ⇒ Object



32
33
34
35
36
37
38
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 32

def add_expr_literal(src, code)
  if code =~ BLOCK_EXPR
    src << '@output_buffer.append= ' << code
  else
    src << '@output_buffer.append= (' << code << ');'
  end
end

#add_postamble(src) ⇒ Object

Add code to output buffer.



57
58
59
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 57

def add_postamble(src)
  # src << '_buf.to_s'
end

#add_preamble(src) ⇒ Object



4
5
6
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 4

def add_preamble(src)
  # src << "_buf = ActionView::SafeBuffer.new;\n"
end

#add_stmt(src, code) ⇒ Object



40
41
42
43
44
45
46
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 40

def add_stmt(src, code)
  if code =~ BLOCK_EXPR
    src << '@output_buffer.append_if_string= ' << code
  else
    super
  end
end

#add_text(src, text) ⇒ Object

This is different from Rails 3 - fixes some line number issues



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 9

def add_text(src, text)
  if text == "\n"
    src << "\n"
  elsif text.include? "\n"
    lines = text.split("\n")
    if text.match(/\n\z/)
      lines.each do |line|
        src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
      end
    else
      lines[0..-2].each do |line|
        src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n"
      end

      src << "@output_buffer << ('" << escape_text(lines.last) << "'.html_safe!);"
    end
  else
    src << "@output_buffer << ('" << escape_text(text) << "'.html_safe!);"
  end
end