Class: RailsXss::Erubis

Inherits:

Erubis::Eruby

Object
Erubis::Eruby
RailsXss::Erubis

show all

Defined in:: lib/rails_xss/erubis.rb

Constant Summary collapse

BLOCK_EXPR =

/\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/

Instance Method Summary collapse

Instance Method Details

#add_expr_escaped(src, code) ⇒ `Object`



29
30
31

# File 'lib/rails_xss/erubis.rb', line 29

def add_expr_escaped(src, code)
  src << '@output_buffer << ' << escaped_expr(code) << ';'
end

#add_expr_literal(src, code) ⇒ `Object`

# File 'lib/rails_xss/erubis.rb', line 21

def add_expr_literal(src, code)
  if code =~ BLOCK_EXPR
    src << "@output_buffer.safe_concat((" << $1 << ").to_s);"
  else
    src << '@output_buffer << ((' << code << ').to_s);'
  end
end

#add_postamble(src) ⇒ `Object`



33
34
35

# File 'lib/rails_xss/erubis.rb', line 33

def add_postamble(src)
  src << '@output_buffer.to_s'
end

#add_preamble(src) ⇒ `Object`



10
11
12

# File 'lib/rails_xss/erubis.rb', line 10

def add_preamble(src)
  src << "@output_buffer = ActiveSupport::SafeBuffer.new;"
end

#add_text(src, text) ⇒ `Object`

# File 'lib/rails_xss/erubis.rb', line 14

def add_text(src, text)
  return if text.empty?
  src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
end

Class: RailsXss::Erubis

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#add_expr_escaped(src, code) ⇒ Object

#add_expr_literal(src, code) ⇒ Object

#add_postamble(src) ⇒ Object

#add_preamble(src) ⇒ Object

#add_text(src, text) ⇒ Object

#add_expr_escaped(src, code) ⇒ `Object`

#add_expr_literal(src, code) ⇒ `Object`

#add_postamble(src) ⇒ `Object`

#add_preamble(src) ⇒ `Object`

#add_text(src, text) ⇒ `Object`