This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.
# File lib/haml/helpers/xss_mods.rb, line 8 8: def self.included(base) 9: ]html_escape find_and_preserve preserve list_of surround 10: precede succeed capture_haml haml_concat haml_indent 11: haml_tag escape_once].each do |name| 12: base.send(:alias_method, "#{name}_without_haml_xss", name) 13: base.send(:alias_method, name, "#{name}_with_haml_xss") 14: end 15: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 60 60: def capture_haml_with_haml_xss(*args, &block) 61: Haml::Util.html_safe(capture_haml_without_haml_xss(*args, &block)) 62: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 82 82: def escape_once_with_haml_xss(*args) 83: Haml::Util.html_safe(escape_once_without_haml_xss(*args)) 84: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 26 26: def find_and_preserve_with_haml_xss(*args, &block) 27: Haml::Util.html_safe(find_and_preserve_without_haml_xss(*args, &block)) 28: end
Input is escaped
# File lib/haml/helpers/xss_mods.rb, line 65 65: def haml_concat_with_haml_xss(text = "") 66: haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text)) 67: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 70 70: def haml_indent_with_haml_xss 71: Haml::Util.html_safe(haml_indent_without_haml_xss) 72: end
Input is escaped, haml_concat‘ed output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 75 75: def haml_tag_with_haml_xss(name, *rest, &block) 76: name = haml_xss_html_escape(name.to_s) 77: rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t} 78: with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)} 79: end
Don’t escape text that’s already safe, output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 19 19: def html_escape_with_haml_xss(text) 20: str = text.to_s 21: return text if str.html_safe? 22: Haml::Util.html_safe(html_escape_without_haml_xss(str)) 23: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 36 36: def list_of_with_haml_xss(*args, &block) 37: Haml::Util.html_safe(list_of_without_haml_xss(*args, &block)) 38: end
Input is escaped, output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 50 50: def precede_with_haml_xss(str, &block) 51: Haml::Util.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block)) 52: end
Output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 31 31: def preserve_with_haml_xss(*args, &block) 32: Haml::Util.html_safe(preserve_without_haml_xss(*args, &block)) 33: end
Input is escaped, output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 55 55: def succeed_with_haml_xss(str, &block) 56: Haml::Util.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block)) 57: end
Input is escaped, output is always HTML safe
# File lib/haml/helpers/xss_mods.rb, line 41 41: def surround_with_haml_xss(front, back = front, &block) 42: Haml::Util.html_safe( 43: surround_without_haml_xss( 44: haml_xss_html_escape(front), 45: haml_xss_html_escape(back), 46: &block)) 47: end
Escapes the HTML in the text if and only if Rails XSS protection is enabled and the `:escape_html` option is set.
# File lib/haml/helpers/xss_mods.rb, line 90 90: def haml_xss_html_escape(text) 91: return text unless Haml::Util.rails_xss_safe? && haml_buffer.options[:escape_html] 92: html_escape(text) 93: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.