SB: Safe buffers for Mote

Trivial implementation of the concept of a "safe buffer" for Mote templates. This is, a String that auto-escapes input from untrusted sources, such that it helps avoid XSS attacks.

Usage

buffer = SB.new
buffer << "<blink>Uh-oh</blink>\n"
p buffer #=> "&lt;blink&gt;Uh-oh&lt;&#x2F;blink&gt;\n"

# Mark a string as "safe" by wrapping it in an SB
buffer = SB.new
buffer << SB("<blink>safe!</blink>\n")
p buffer #=> "<blink>safe!</blink>\n"

For a Mote template, you'd use:

include Mote::Helpers

def mote(file, params = {}, context = self, buffer = SB.new)
  mote_cache[file] ||= Mote.parse(File.read(file), context, params.keys)
  mote_cache[file][params, buffer]
end

Then the template will automatically escape any input in between {{ and }} that hasn't been flagged as safe.

Install

gem install sb

See also

You should take a look at HMote, for a fork of Mote that solves this same problem by changing how Mote works.

License

Licensed under the MIT license. See the attached LICENSE file for details.