Module: Haml::Helpers::XssMods
- Defined in:
- lib/haml/helpers/xss_mods.rb
Overview
This module overrides Haml helpers to work properly in the context of ActionView. Currently it's only used for modifying the helpers to work with Rails' XSS protection methods.
Class Method Summary collapse
Instance Method Summary collapse
-
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe.
-
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input is escaped.
-
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe.
-
#haml_tag_with_haml_xss(name, *rest, &block) ⇒ Object
Input is escaped, haml_concat'ed output is always HTML safe.
-
#html_escape_with_haml_xss(text) ⇒ Object
Don't escape text that's already safe, output is always HTML safe.
-
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe.
-
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe.
-
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe.
Class Method Details
.included(base) ⇒ Object
8 9 10 11 12 13 14 15 |
# File 'lib/haml/helpers/xss_mods.rb', line 8
def self.included(base)
%w[html_escape find_and_preserve preserve list_of surround
precede succeed capture_haml haml_concat haml_indent
haml_tag escape_once].each do |name|
base.send(:alias_method, "#{name}_without_haml_xss", name)
base.send(:alias_method, name, "#{name}_with_haml_xss")
end
end
|
Instance Method Details
#capture_haml_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
58 59 60 |
# File 'lib/haml/helpers/xss_mods.rb', line 58
def capture_haml_with_haml_xss(*args, &block)
capture_haml_without_haml_xss(*args, &block).html_safe!
end
|
#escape_once_with_haml_xss(*args) ⇒ Object
Output is always HTML safe
80 81 82 |
# File 'lib/haml/helpers/xss_mods.rb', line 80
def escape_once_with_haml_xss(*args)
escape_once_without_haml_xss(*args).html_safe!
end
|
#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
25 26 27 |
# File 'lib/haml/helpers/xss_mods.rb', line 25
def find_and_preserve_with_haml_xss(*args, &block)
find_and_preserve_without_haml_xss(*args, &block).html_safe!
end
|
#haml_concat_with_haml_xss(text = "") ⇒ Object
Input is escaped
63 64 65 |
# File 'lib/haml/helpers/xss_mods.rb', line 63
def haml_concat_with_haml_xss(text = "")
haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text))
end
|
#haml_indent_with_haml_xss ⇒ Object
Output is always HTML safe
68 69 70 |
# File 'lib/haml/helpers/xss_mods.rb', line 68
def haml_indent_with_haml_xss
haml_indent_without_haml_xss.html_safe!
end
|
#haml_tag_with_haml_xss(name, *rest, &block) ⇒ Object
Input is escaped, haml_concat'ed output is always HTML safe
73 74 75 76 77 |
# File 'lib/haml/helpers/xss_mods.rb', line 73
def haml_tag_with_haml_xss(name, *rest, &block)
name = haml_xss_html_escape(name.to_s)
rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
end
|
#html_escape_with_haml_xss(text) ⇒ Object
Don't escape text that's already safe, output is always HTML safe
19 20 21 22 |
# File 'lib/haml/helpers/xss_mods.rb', line 19
def html_escape_with_haml_xss(text)
return text if text.html_safe?
html_escape_without_haml_xss(text).html_safe!
end
|
#list_of_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
35 36 37 |
# File 'lib/haml/helpers/xss_mods.rb', line 35
def list_of_with_haml_xss(*args, &block)
list_of_without_haml_xss(*args, &block).html_safe!
end
|
#precede_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
48 49 50 |
# File 'lib/haml/helpers/xss_mods.rb', line 48
def precede_with_haml_xss(str, &block)
precede_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end
|
#preserve_with_haml_xss(*args, &block) ⇒ Object
Output is always HTML safe
30 31 32 |
# File 'lib/haml/helpers/xss_mods.rb', line 30
def preserve_with_haml_xss(*args, &block)
preserve_without_haml_xss(*args, &block).html_safe!
end
|
#succeed_with_haml_xss(str, &block) ⇒ Object
Input is escaped, output is always HTML safe
53 54 55 |
# File 'lib/haml/helpers/xss_mods.rb', line 53
def succeed_with_haml_xss(str, &block)
succeed_without_haml_xss(haml_xss_html_escape(str), &block).html_safe!
end
|
#surround_with_haml_xss(front, back = front, &block) ⇒ Object
Input is escaped, output is always HTML safe
40 41 42 43 44 45 |
# File 'lib/haml/helpers/xss_mods.rb', line 40
def surround_with_haml_xss(front, back = front, &block)
surround_without_haml_xss(
haml_xss_html_escape(front),
haml_xss_html_escape(back),
&block).html_safe!
end
|