Class: Brakeman::Rails3Erubis
- Inherits:
-
Erubis::Eruby
- Object
- Erubis::Eruby
- Brakeman::Rails3Erubis
- Defined in:
- lib/brakeman/parsers/rails3_erubis.rb
Overview
This is from Rails 5 version of the Erubis handler github.com/rails/rails/blob/ec608107801b1e505db03ba76bae4a326a5804ca/actionview/lib/action_view/template/handlers/erb.rb#L7-L73
Constant Summary collapse
- BLOCK_EXPR =
/\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/
Instance Method Summary collapse
-
#add_expr(src, code, indicator) ⇒ Object
Erubis toggles <%= and <%== behavior when escaping is enabled.
- #add_expr_escaped(src, code) ⇒ Object
- #add_expr_literal(src, code) ⇒ Object
- #add_postamble(src) ⇒ Object
- #add_preamble(src) ⇒ Object
- #add_stmt(src, code) ⇒ Object
- #add_text(src, text) ⇒ Object
-
#convert_input(src, input) ⇒ Object
This is borrowed from graphql’s erb plugin: github.com/github/graphql-client/blob/51e76bd8d8b2ac0021d8fef7468b9a294e4bd6e8/lib/graphql/client/erubis.rb#L33-L38.
- #flush_newline_if_pending(src) ⇒ Object
Instance Method Details
#add_expr(src, code, indicator) ⇒ Object
Erubis toggles <%= and <%== behavior when escaping is enabled. We override to always treat <%== as escaped.
29 30 31 32 33 34 35 36 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 29 def add_expr(src, code, indicator) case indicator when '==' add_expr_escaped(src, code) else super end end |
#add_expr_escaped(src, code) ⇒ Object
49 50 51 52 53 54 55 56 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 49 def add_expr_escaped(src, code) flush_newline_if_pending(src) if code =~ BLOCK_EXPR src << "@output_buffer.safe_expr_append= " << code else src << "@output_buffer.safe_expr_append=(" << code << ");" end end |
#add_expr_literal(src, code) ⇒ Object
40 41 42 43 44 45 46 47 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 40 def add_expr_literal(src, code) flush_newline_if_pending(src) if code =~ BLOCK_EXPR src << '@output_buffer.append= ' << code else src << '@output_buffer.append=(' << code << ');' end end |
#add_postamble(src) ⇒ Object
63 64 65 66 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 63 def add_postamble(src) flush_newline_if_pending(src) src << '@output_buffer.to_s' end |
#add_preamble(src) ⇒ Object
7 8 9 10 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 7 def add_preamble(src) @newline_pending = 0 src << "@output_buffer = output_buffer || ActionView::OutputBuffer.new;" end |
#add_stmt(src, code) ⇒ Object
58 59 60 61 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 58 def add_stmt(src, code) flush_newline_if_pending(src) super end |
#add_text(src, text) ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 12 def add_text(src, text) return if text.empty? if text == "\n" @newline_pending += 1 else src << "@output_buffer.safe_append='" src << "\n" * @newline_pending if @newline_pending > 0 src << escape_text(text) src << "'.freeze;" @newline_pending = 0 end end |
#convert_input(src, input) ⇒ Object
This is borrowed from graphql’s erb plugin: github.com/github/graphql-client/blob/51e76bd8d8b2ac0021d8fef7468b9a294e4bd6e8/lib/graphql/client/erubis.rb#L33-L38
77 78 79 80 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 77 def convert_input(src, input) input = input.gsub(/<%graphql/, "<%#") super(src, input) end |
#flush_newline_if_pending(src) ⇒ Object
68 69 70 71 72 73 |
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 68 def flush_newline_if_pending(src) if @newline_pending > 0 src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;" @newline_pending = 0 end end |