Module: Hamlit::HamlHelpers::XssMods

Included in:

Hamlit::HamlHelpers

Defined in:

lib/hamlit/parser/haml_xss_mods.rb

Overview

This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #capture_haml_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #escape_once_with_haml_xss(*args) ⇒ Object

  Output is always HTML safe.

• #find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #haml_concat_with_haml_xss(text = "") ⇒ Object

  Input will be escaped unless this is in a ‘with_raw_haml_concat` block.

• #haml_indent_with_haml_xss ⇒ Object

  Output is always HTML safe.

• #html_escape_with_haml_xss(text) ⇒ Object

  Don’t escape text that’s already safe, output is always HTML safe.

• #list_of_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #precede_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #preserve_with_haml_xss(*args, &block) ⇒ Object

  Output is always HTML safe.

• #succeed_with_haml_xss(str, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

• #surround_with_haml_xss(front, back = front, &block) ⇒ Object

  Input is escaped, output is always HTML safe.

Class Method Details

.included(base) ⇒ Object

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 8

def self.included(base)
  %w[html_escape find_and_preserve preserve list_of surround
     precede succeed capture_haml haml_concat haml_internal_concat haml_indent
     escape_once].each do |name|
    base.send(:alias_method, "#{name}_without_haml_xss", name)
    base.send(:alias_method, name, "#{name}_with_haml_xss")
  end
end

Instance Method Details

#capture_haml_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 60

def capture_haml_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block))
end

#escape_once_with_haml_xss(*args) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 88

def escape_once_with_haml_xss(*args)
  ::Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args))
end

#find_and_preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 26

def find_and_preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block))
end

#haml_concat_with_haml_xss(text = "") ⇒ Object

Input will be escaped unless this is in a ‘with_raw_haml_concat` block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 66

def haml_concat_with_haml_xss(text = "")
  raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
  if raw
    haml_internal_concat_raw text
  else
    haml_internal_concat text
  end
  ErrorReturn.new("haml_concat")
end

#haml_indent_with_haml_xss ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 83

def haml_indent_with_haml_xss
  ::Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss)
end

#html_escape_with_haml_xss(text) ⇒ Object

Don’t escape text that’s already safe, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 19

def html_escape_with_haml_xss(text)
  str = text.to_s
  return text if str.html_safe?
  ::Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str))
end

#list_of_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 36

def list_of_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block))
end

#precede_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 50

def precede_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
end

#preserve_with_haml_xss(*args, &block) ⇒ Object

Output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 31

def preserve_with_haml_xss(*args, &block)
  ::Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block))
end

#succeed_with_haml_xss(str, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 55

def succeed_with_haml_xss(str, &block)
  ::Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
end

#surround_with_haml_xss(front, back = front, &block) ⇒ Object

Input is escaped, output is always HTML safe

# File 'lib/hamlit/parser/haml_xss_mods.rb', line 41

def surround_with_haml_xss(front, back = front, &block)
  ::Hamlit::HamlUtil.html_safe(
    surround_without_haml_xss(
      haml_xss_html_escape(front),
      haml_xss_html_escape(back),
      &block))
end