Class: Brakeman::Rails3Erubis
- Defined in:
- lib/brakeman/parsers/rails3_erubis.rb
Overview
This is from Rails 3 version of the Erubis handler
Constant Summary collapse
- BLOCK_EXPR =
/\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
Instance Method Summary collapse
- #add_expr_escaped(src, code) ⇒ Object
- #add_expr_literal(src, code) ⇒ Object
-
#add_postamble(src) ⇒ Object
Add code to output buffer.
- #add_preamble(src) ⇒ Object
- #add_stmt(src, code) ⇒ Object
-
#add_text(src, text) ⇒ Object
This is different from Rails 3 - fixes some line number issues.
Instance Method Details
#add_expr_escaped(src, code) ⇒ Object
48 49 50 51 52 53 54 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 48 def add_expr_escaped(src, code) if code =~ BLOCK_EXPR src << "@output_buffer.safe_append= " << code else src << "@output_buffer.safe_concat(" << code << ");" end end |
#add_expr_literal(src, code) ⇒ Object
32 33 34 35 36 37 38 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 32 def add_expr_literal(src, code) if code =~ BLOCK_EXPR src << '@output_buffer.append= ' << code else src << '@output_buffer.append= (' << code << ');' end end |
#add_postamble(src) ⇒ Object
Add code to output buffer.
57 58 59 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 57 def add_postamble(src) # src << '_buf.to_s' end |
#add_preamble(src) ⇒ Object
4 5 6 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 4 def add_preamble(src) # src << "_buf = ActionView::SafeBuffer.new;\n" end |
#add_stmt(src, code) ⇒ Object
40 41 42 43 44 45 46 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 40 def add_stmt(src, code) if code =~ BLOCK_EXPR src << '@output_buffer.append_if_string= ' << code else super end end |
#add_text(src, text) ⇒ Object
This is different from Rails 3 - fixes some line number issues
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 9 def add_text(src, text) if text == "\n" src << "\n" elsif text.include? "\n" lines = text.split("\n") if text.match(/\n\z/) lines.each do |line| src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n" end else lines[0..-2].each do |line| src << "@output_buffer << ('" << escape_text(line) << "'.html_safe!);\n" end src << "@output_buffer << ('" << escape_text(lines.last) << "'.html_safe!);" end else src << "@output_buffer << ('" << escape_text(text) << "'.html_safe!);" end end |