Class Index [+]

Quicksearch

Haml::Helpers::XssMods

This module overrides Haml helpers to work properly in the context of ActionView. Currently it’s only used for modifying the helpers to work with Rails’ XSS protection methods.

Public Class Methods

included(base) click to toggle source
    # File lib/haml/helpers/xss_mods.rb, line 8
 8:       def self.included(base)
 9:         ]html_escape find_and_preserve preserve list_of surround
10:            precede succeed capture_haml haml_concat haml_indent
11:            haml_tag escape_once].each do |name|
12:           base.send(:alias_method, "#{name}_without_haml_xss", name)
13:           base.send(:alias_method, name, "#{name}_with_haml_xss")
14:         end
15:       end

Public Instance Methods

capture_haml_with_haml_xss(*args, &block) click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 60
60:       def capture_haml_with_haml_xss(*args, &block)
61:         Haml::Util.html_safe(capture_haml_without_haml_xss(*args, &block))
62:       end
escape_once_with_haml_xss(*args) click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 82
82:       def escape_once_with_haml_xss(*args)
83:         Haml::Util.html_safe(escape_once_without_haml_xss(*args))
84:       end
find_and_preserve_with_haml_xss(*args, &block) click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 26
26:       def find_and_preserve_with_haml_xss(*args, &block)
27:         Haml::Util.html_safe(find_and_preserve_without_haml_xss(*args, &block))
28:       end
haml_concat_with_haml_xss(text = "") click to toggle source

Input is escaped

    # File lib/haml/helpers/xss_mods.rb, line 65
65:       def haml_concat_with_haml_xss(text = "")
66:         haml_concat_without_haml_xss(@_haml_concat_raw ? text : haml_xss_html_escape(text))
67:       end
haml_indent_with_haml_xss() click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 70
70:       def haml_indent_with_haml_xss
71:         Haml::Util.html_safe(haml_indent_without_haml_xss)
72:       end
haml_tag_with_haml_xss(name, *rest, &block) click to toggle source

Input is escaped, haml_concat‘ed output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 75
75:       def haml_tag_with_haml_xss(name, *rest, &block)
76:         name = haml_xss_html_escape(name.to_s)
77:         rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
78:         with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
79:       end
html_escape_with_haml_xss(text) click to toggle source

Don’t escape text that’s already safe, output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 19
19:       def html_escape_with_haml_xss(text)
20:         str = text.to_s
21:         return text if str.html_safe?
22:         Haml::Util.html_safe(html_escape_without_haml_xss(str))
23:       end
list_of_with_haml_xss(*args, &block) click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 36
36:       def list_of_with_haml_xss(*args, &block)
37:         Haml::Util.html_safe(list_of_without_haml_xss(*args, &block))
38:       end
precede_with_haml_xss(str, &block) click to toggle source

Input is escaped, output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 50
50:       def precede_with_haml_xss(str, &block)
51:         Haml::Util.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
52:       end
preserve_with_haml_xss(*args, &block) click to toggle source

Output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 31
31:       def preserve_with_haml_xss(*args, &block)
32:         Haml::Util.html_safe(preserve_without_haml_xss(*args, &block))
33:       end
succeed_with_haml_xss(str, &block) click to toggle source

Input is escaped, output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 55
55:       def succeed_with_haml_xss(str, &block)
56:         Haml::Util.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
57:       end
surround_with_haml_xss(front, back = front, &block) click to toggle source

Input is escaped, output is always HTML safe

    # File lib/haml/helpers/xss_mods.rb, line 41
41:       def surround_with_haml_xss(front, back = front, &block)
42:         Haml::Util.html_safe(
43:           surround_without_haml_xss(
44:             haml_xss_html_escape(front),
45:             haml_xss_html_escape(back),
46:             &block))
47:       end

Private Instance Methods

haml_xss_html_escape(text) click to toggle source

Escapes the HTML in the text if and only if Rails XSS protection is enabled and the `:escape_html` option is set.

    # File lib/haml/helpers/xss_mods.rb, line 90
90:       def haml_xss_html_escape(text)
91:         return text unless Haml::Util.rails_xss_safe? && haml_buffer.options[:escape_html]
92:         html_escape(text)
93:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.