better_html 0.0.12 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b31eee572de6668e1791c716a07c9d93658aa566
-  data.tar.gz: 6dd1906d36f68f59fbe4d6386f0d0e7e94ce244b
+  metadata.gz: 16bc95c4f55d720a177e9849dea00e7d83c66455
+  data.tar.gz: 376b80e51f2379ce6c5640e834de1c62aa990ae5
 SHA512:
-  metadata.gz: 1c96cfded69fd94221810490e37b279da7e57323062a06416dd3522d8b58971cd2bb727690d0373af647871170698ef4d4b8830f13e8fa3538699224b9c33dc8
-  data.tar.gz: 49d55494ae87ce77e2cd45883a8b37b1c999badf3fc8e0a7c06ba4631a4c1d0a698243a4810ec2f6fbd80f88508b3ed4b61e0e54e1d8c08a036c01bea664aa14
+  metadata.gz: bf07d75143cfde43414bb3e8a5c2520b527f047d0c796c7ff97e60aa2d23d0bc03ea1f06c72eab5db5f4c10cdb01eccf0c6abe585b0ae394dc662731599e296b
+  data.tar.gz: b7dd6bfc56b0a36d773dabbe13a7ad922bc9c5cd322f4a240ba8d9064c8753ec4efca3fb5b1a7c63d36291b60dd48ec142521b3af98811f3a017d5d62f90ab97

data/lib/better_html.rb

@@ -21,7 +21,5 @@ require 'better_html/config'
 require 'better_html/helpers'
 require 'better_html/errors'
 require 'better_html/html_attributes'
-require 'better_html/node_iterator'
-require 'better_html/tree'
 
 require 'better_html/railtie' if defined?(Rails)

data/lib/better_html/ast/iterator.rb

@@ -0,0 +1,32 @@
+require 'ast'
+require 'active_support/core_ext/array/wrap'
+
+module BetterHtml
+  module AST
+    class Iterator
+      def initialize(types, &block)
+        @types = Array.wrap(types)
+        @block = block
+      end
+
+      def traverse(node)
+        return unless node.is_a?(::AST::Node)
+        @block.call(node) if @types.include?(node.type)
+        traverse_all(node)
+      end
+
+      def traverse_all(nodes)
+        nodes.to_a.each do |node|
+          traverse(node) if node.is_a?(::AST::Node)
+        end
+      end
+
+      def self.descendants(root_node, type, &block)
+        Enumerator.new do |yielder|
+          t = new(type) { |node| yielder << node }
+          t.traverse(root_node)
+        end
+      end
+    end
+  end
+end

data/lib/better_html/ast/node.rb

@@ -0,0 +1,14 @@
+require 'ast'
+require_relative 'iterator'
+
+module BetterHtml
+  module AST
+    class Node < ::AST::Node
+      attr_reader :loc
+
+      def descendants(type, &block)
+        AST::Iterator.descendants(self, type, &block)
+      end
+    end
+  end
+end

data/lib/better_html/better_erb/runtime_checks.rb

@@ -111,7 +111,7 @@ class BetterHtml::BetterErb
     end
 
     def check_tag_name(type, start, stop, line, column)
-      text = @parser.extract(start, stop)
+      text = @parser.document[start...stop]
       return if text.upcase == "!DOCTYPE"
       return if @config.partial_tag_name_pattern === text
 
@@ -122,7 +122,7 @@ class BetterHtml::BetterErb
     end
 
     def check_attribute_name(type, start, stop, line, column)
-      text = @parser.extract(start, stop)
+      text = @parser.document[start...stop]
       return if @config.partial_attribute_name_pattern === text
 
       s = "Invalid attribute name #{text.inspect} does not match "\
@@ -133,7 +133,7 @@ class BetterHtml::BetterErb
 
     def check_quoted_value(type, start, stop, line, column)
       return if @config.allow_single_quoted_attributes
-      text = @parser.extract(start, stop)
+      text = @parser.document[start...stop]
       return if text == '"'
 
       s = "Single-quoted attributes are not allowed\n"

data/lib/better_html/config.rb

@@ -12,5 +12,17 @@ module BetterHtml
     property :javascript_attribute_names, default: [/\Aon/i]
     property :template_exclusion_filter
     property :lodash_safe_javascript_expression, default: [/\AJSON\.stringify\(/]
+
+    def javascript_attribute_name?(name)
+      javascript_attribute_names.any?{ |other| other === name.to_s }
+    end
+
+    def lodash_safe_javascript_expression?(code)
+      lodash_safe_javascript_expression.any?{ |other| other === code }
+    end
+
+    def javascript_safe_method?(name)
+      javascript_safe_methods.include?(name.to_s)
+    end
   end
 end

data/lib/better_html/parser.rb

@@ -0,0 +1,286 @@
+require_relative 'tokenizer/javascript_erb'
+require_relative 'tokenizer/html_erb'
+require_relative 'tokenizer/html_lodash'
+require_relative 'tokenizer/location'
+require_relative 'tokenizer/token_array'
+require_relative 'ast/node'
+
+module BetterHtml
+  class Parser
+    attr_reader :template_language
+
+    def initialize(document, template_language: :html)
+      @document = document
+      @template_language = template_language
+      @erb = case template_language
+      when :html
+        Tokenizer::HtmlErb.new(@document)
+      when :lodash
+        Tokenizer::HtmlLodash.new(@document)
+      when :javascript
+        Tokenizer::JavascriptErb.new(@document)
+      else
+        raise ArgumentError, "template_language can be :html or :javascript"
+      end
+    end
+
+    def nodes_with_type(*type)
+      types = Array.wrap(type)
+      ast.children.select{ |node| node.is_a?(::AST::Node) && types.include?(node.type) }
+    end
+
+    def ast
+      @ast ||= build_document_node
+    end
+
+    def inspect
+      "#<#{self.class.name} ast=#{ast.inspect}>"
+    end
+
+    private
+
+    INTERPOLATION_TYPES = [:erb_begin, :lodash_begin]
+
+    def build_document_node
+      children = []
+      tokens = Tokenizer::TokenArray.new(@erb.tokens)
+      while tokens.any?
+        case tokens.current.type
+        when :cdata_start
+          children << build_cdata_node(tokens)
+        when :comment_start
+          children << build_comment_node(tokens)
+        when :tag_start
+          children << build_tag_node(tokens)
+        when :text, *INTERPOLATION_TYPES
+          children << build_text_node(tokens)
+        else
+          raise RuntimeError, "Unhandled token #{tokens.current.type} line #{tokens.current.loc.line} column #{tokens.current.loc.column}, #{children.inspect}"
+        end
+      end
+
+      build_node(:document, children.empty? ? nil : children)
+    end
+
+    def build_erb_node(tokens)
+      erb_begin = shift_single(tokens, :erb_begin)
+      children = [
+        shift_single(tokens, :indicator),
+        shift_single(tokens, :trim),
+        shift_single(tokens, :code),
+        shift_single(tokens, :trim),
+      ]
+      erb_end = shift_single(tokens, :erb_end)
+
+      build_node(:erb, children, pre: erb_begin, post: erb_end)
+    end
+
+    def build_lodash_node(tokens)
+      lodash_begin = shift_single(tokens, :lodash_begin)
+      children = [
+        shift_single(tokens, :indicator),
+        shift_single(tokens, :code),
+      ]
+      lodash_end = shift_single(tokens, :lodash_end)
+
+      build_node(:lodash, children, pre: lodash_begin, post: lodash_end)
+    end
+
+    def build_cdata_node(tokens)
+      cdata_start, children, cdata_end = shift_between_with_interpolation(tokens, :cdata_start, :cdata_end)
+      build_node(:cdata, children, pre: cdata_start, post: cdata_end)
+    end
+
+    def build_comment_node(tokens)
+      comment_start, children, comment_end = shift_between_with_interpolation(tokens, :comment_start, :comment_end)
+      build_node(:comment, children, pre: comment_start, post: comment_end)
+    end
+
+    def build_tag_node(tokens)
+      tag_start, tag_content, tag_end = shift_between(tokens, :tag_start, :tag_end)
+      tag_tokens = Tokenizer::TokenArray.new(tag_content)
+      tag_tokens.trim(:whitespace)
+
+      children = [
+        shift_single(tag_tokens, :solidus),
+        build_tag_name_node(tag_tokens),
+        build_tag_attributes_node(tag_tokens),
+        shift_single(tag_tokens, :solidus),
+      ]
+
+      build_node(:tag, children, pre: tag_start, post: tag_end)
+    end
+
+    def build_tag_name_node(tokens)
+      children = shift_all_with_interpolation(tokens, :tag_name)
+      build_node(:tag_name, children) if children.any?
+    end
+
+    def build_tag_attributes_node(tokens)
+      attributes_tokens = []
+      while tokens.any?
+        break if tokens.size == 1 && tokens.last.type == :solidus
+        if tokens.current.type == :attribute_name
+          attributes_tokens << build_attribute_node(tokens)
+        elsif tokens.current.type == :attribute_quoted_value_start
+          attributes_tokens << build_nameless_attribute_node(tokens)
+        else
+          # todo: warn about ignored things
+          tokens.shift
+        end
+      end
+
+      build_node(:tag_attributes, attributes_tokens) if attributes_tokens.any?
+    end
+
+    def build_nameless_attribute_node(tokens)
+      value_node = build_attribute_value_node(tokens)
+      build_node(:attribute, [nil, nil, value_node])
+    end
+
+    def build_attribute_node(tokens)
+      name_node = build_attribute_name_node(tokens)
+      shift_all(tokens, :whitespace)
+      equal_token = shift_single(tokens, :equal)
+      shift_all(tokens, :whitespace)
+      value_node = build_attribute_value_node(tokens) if equal_token.present?
+
+      build_node(:attribute, [name_node, equal_token, value_node])
+    end
+
+    def build_attribute_name_node(tokens)
+      children = shift_all_with_interpolation(tokens, :attribute_name)
+      build_node(:attribute_name, children)
+    end
+
+    def build_attribute_value_node(tokens)
+      children = shift_all_with_interpolation(tokens,
+        :attribute_quoted_value_start, :attribute_quoted_value,
+        :attribute_quoted_value_end, :attribute_unquoted_value
+      )
+
+      build_node(:attribute_value, children)
+    end
+
+    def build_text_node(tokens)
+      text_tokens = shift_all_with_interpolation(tokens, :text)
+      build_node(:text, text_tokens)
+    end
+
+    def build_node(type, tokens, pre: nil, post: nil)
+      BetterHtml::AST::Node.new(
+        type,
+        tokens.present? ? wrap_tokens(tokens) : [],
+        loc: tokens.present? ? build_location([pre, *tokens, post]) : empty_location
+      )
+    end
+
+    def build_location(enumerable)
+      enumerable = enumerable.compact
+      raise ArgumentError, "cannot build location for #{enumerable.inspect}" unless enumerable.first && enumerable.last
+      Tokenizer::Location.new(@document, enumerable.first.loc.start, enumerable.last.loc.stop)
+    end
+
+    def empty_location
+      Tokenizer::Location.new(@document, 0, 0)
+    end
+
+    def shift_all(tokens, *types)
+      [].tap do |items|
+        while tokens.any?
+          if types.include?(tokens.current.type)
+            items << tokens.shift
+          else
+            break
+          end
+        end
+      end
+    end
+
+    def shift_single(tokens, *types)
+      tokens.shift if tokens.any? && types.include?(tokens.current.type)
+    end
+
+    def shift_until(tokens, *types)
+      [].tap do |items|
+        while tokens.any?
+          if !types.include?(tokens.current.type)
+            items << tokens.shift
+          else
+            break
+          end
+        end
+      end
+    end
+
+    def build_interpolation_node(tokens)
+      if tokens.current.type == :erb_begin
+        build_erb_node(tokens)
+      elsif tokens.current.type == :lodash_begin
+        build_lodash_node(tokens)
+      else
+        tokens.shift
+      end
+    end
+
+    def shift_all_with_interpolation(tokens, *types)
+      types = [*INTERPOLATION_TYPES, *types]
+      [].tap do |result|
+        while tokens.any?
+          if types.include?(tokens.current.type)
+            result << build_interpolation_node(tokens)
+          else
+            break
+          end
+        end
+      end
+    end
+
+    def shift_until_with_interpolation(tokens, *types)
+      [].tap do |result|
+        while tokens.any?
+          if !types.include?(tokens.current.type)
+            result << build_interpolation_node(tokens)
+          else
+            break
+          end
+        end
+      end
+    end
+
+    def shift_between(tokens, start_type, end_type)
+      start_token = shift_single(tokens, start_type)
+      children = shift_until(tokens, end_type)
+      end_token = shift_single(tokens, end_type)
+
+      [start_token, children, end_token]
+    end
+
+    def shift_between_with_interpolation(tokens, start_type, end_type)
+      start_token = shift_single(tokens, start_type)
+      children = shift_until_with_interpolation(tokens, end_type)
+      end_token = shift_single(tokens, end_type)
+
+      [start_token, children, end_token]
+    end
+
+    def wrap_token(object)
+      return unless object
+      if object.is_a?(::AST::Node)
+        object
+      elsif [:text, :tag_name, :attribute_name, :attribute_quoted_value, :attribute_unquoted_value].include?(object.type)
+        object.loc.source
+      elsif [:attribute_quoted_value_start, :attribute_quoted_value_end].include?(object.type)
+        BetterHtml::AST::Node.new(:quote, [object.loc.source], loc: object.loc)
+      elsif [:indicator, :code].include?(object.type)
+        BetterHtml::AST::Node.new(object.type, [object.loc.source], loc: object.loc)
+      else
+        BetterHtml::AST::Node.new(object.type, [], loc: object.loc)
+      end
+    end
+
+    def wrap_tokens(enumerable)
+      enumerable.map { |object| wrap_token(object) }
+    end
+  end
+end

data/lib/better_html/test_helper/ruby_expr.rb

@@ -22,14 +22,17 @@ module BetterHtml
       end
 
       def initialize(ast)
-        raise ArgumentError, "expect first argument to be Parser::AST::Node" unless ast.is_a?(Parser::AST::Node)
+        raise ArgumentError, "expect first argument to be Parser::AST::Node" unless ast.is_a?(::Parser::AST::Node)
         @ast = ast
       end
 
       def self.parse(code)
-        parser = Parser::CurrentRuby.new
-        parser.diagnostics.consumer = lambda { |diag| }
-        buf = Parser::Source::Buffer.new('(string)')
+        parser = ::Parser::CurrentRuby.new
+        parser.diagnostics.ignore_warnings = true
+        parser.diagnostics.all_errors_are_fatal = false
+        parser.diagnostics.consumer = nil
+
+        buf = ::Parser::Source::Buffer.new('(string)')
         buf.source = code.sub(BLOCK_EXPR, '')
         parsed = parser.parse(buf)
         raise ParseError, "error parsing code: #{code.inspect}" unless parsed
@@ -53,7 +56,7 @@ module BetterHtml
 
       def each_child_node(current=@ast, only: nil, range: (0..-1))
         current.children[range].each do |child|
-          if child.is_a?(Parser::AST::Node) && node_match?(child, only)
+          if child.is_a?(::Parser::AST::Node) && node_match?(child, only)
             yield child
           end
         end

data/lib/better_html/test_helper/safe_erb_tester.rb

@@ -1,6 +1,7 @@
 require 'better_html/test_helper/ruby_expr'
 require 'better_html/test_helper/safety_error'
-require 'parser/current'
+require 'better_html/parser'
+require 'better_html/tree/tag'
 
 module BetterHtml
   module TestHelper
@@ -58,7 +59,7 @@ EOF
           @errors = Errors.new
           @options = options.present? ? options.dup : {}
           @options[:template_language] ||= :html
-          @nodes = BetterHtml::NodeIterator.new(data, @options.slice(:template_language))
+          @parser = BetterHtml::Parser.new(data, @options.slice(:template_language))
           validate!
         end
 
@@ -67,86 +68,98 @@ EOF
         end
 
         def validate!
-          @nodes.each_with_index do |node, index|
-            case node
-            when BetterHtml::NodeIterator::Element
-              validate_element(node)
-
-              if node.name == 'script'
-                next_node = @nodes[index + 1]
-                if next_node.is_a?(BetterHtml::NodeIterator::ContentNode) && !node.closing?
-                  if javascript_tag_type?(node, "text/javascript")
-                    validate_script_tag_content(next_node)
-                  end
-                  validate_no_statements(next_node) unless javascript_tag_type?(node, "text/html")
+          @parser.nodes_with_type(:tag).each do |tag_node|
+            tag = Tree::Tag.from_node(tag_node)
+            next if tag.closing?
+
+            validate_tag_attributes(tag)
+
+            if tag.name == 'script'
+              index = @parser.ast.to_a.find_index(tag_node)
+              next_node = @parser.ast.to_a[index + 1]
+              if next_node.type == :text
+                if (tag.attributes['type']&.value || "text/javascript") == "text/javascript"
+                  validate_script_tag_content(next_node)
                 end
-
-                validate_javascript_tag_type(node) unless node.closing?
-              end
-            when BetterHtml::NodeIterator::Text
-              validate_text_content(node)
-
-              if @nodes.template_language == :javascript
-                validate_script_tag_content(node)
-                validate_no_statements(node)
-              else
-                validate_no_javascript_tag(node)
+                validate_no_statements(next_node) unless tag.attributes['type']&.value == "text/html"
               end
-            when BetterHtml::NodeIterator::CData, BetterHtml::NodeIterator::Comment
+
+              validate_javascript_tag_type(tag)
+            end
+          end
+
+          @parser.nodes_with_type(:text).each do |node|
+            validate_text_node(node)
+
+            if @parser.template_language == :javascript
+              validate_script_tag_content(node)
               validate_no_statements(node)
+            else
+              validate_no_javascript_tag(node)
             end
           end
-        end
 
-        def javascript_tag_type?(element, which)
-          typeattr = element['type']
-          value = typeattr&.unescaped_value || "text/javascript"
-          value == which
+          @parser.nodes_with_type(:cdata, :comment).each do |node|
+            validate_no_statements(node)
+          end
         end
 
-        def validate_javascript_tag_type(element)
-          typeattr = element['type']
-          return if typeattr.nil?
-          if !VALID_JAVASCRIPT_TAG_TYPES.include?(typeattr.unescaped_value)
-            add_error(
-              "#{typeattr.value} is not a valid type, valid types are #{VALID_JAVASCRIPT_TAG_TYPES.join(', ')}",
-              location: typeattr.value_parts.first.location
-            )
+        def erb_nodes(node)
+          Enumerator.new do |yielder|
+            next if node.nil?
+            node.descendants(:erb).each do |erb_node|
+              indicator_node, _, code_node, _ = *erb_node
+              yielder.yield(erb_node, indicator_node, code_node)
+            end
           end
         end
 
-        def validate_element(element)
-          element.attributes.each do |attr_token|
-            attr_token.value_parts.each do |value_token|
-              case value_token.type
-              when :expr_literal
+        def validate_javascript_tag_type(tag)
+          return unless type_attribute = tag.attributes['type']
+          return if VALID_JAVASCRIPT_TAG_TYPES.include?(type_attribute.value)
+
+          add_error(
+            "#{type_attribute.value} is not a valid type, valid types are #{VALID_JAVASCRIPT_TAG_TYPES.join(', ')}",
+            location: type_attribute.loc
+          )
+        end
+
+        def validate_tag_attributes(tag)
+          tag.attributes.each do |attribute|
+            erb_nodes(attribute.value_node).each do |erb_node, indicator_node, code_node|
+              next if indicator_node.nil?
+
+              indicator = indicator_node.loc.source
+              source = code_node.loc.source
+
+              if indicator == '='
                 begin
-                  expr = RubyExpr.parse(value_token.code)
-                  validate_tag_expression(value_token, expr, attr_token.name)
+                  expr = RubyExpr.parse(source)
+                  validate_tag_expression(code_node, expr, attribute.name)
                 rescue RubyExpr::ParseError
                   nil
                 end
-              when :expr_escaped
+              elsif indicator == '=='
                 add_error(
                   "erb interpolation with '<%==' inside html attribute is never safe",
-                  location: value_token.location
+                  location: erb_node.loc
                 )
               end
             end
           end
         end
 
-        def validate_text_content(text)
-          text.content_parts.each do |text_token|
-            case text_token.type
-            when :stmt, :expr_literal, :expr_escaped
-              next if text_token.type == :stmt && text_token.code.start_with?('#')
-              begin
-                expr = RubyExpr.parse(text_token.code)
-                validate_ruby_helper(text_token, expr)
-              rescue RubyExpr::ParseError
-                nil
-              end
+        def validate_text_node(text_node)
+          erb_nodes(text_node).each do |erb_node, indicator_node, code_node|
+            indicator = indicator_node&.loc&.source
+            next if indicator == '#'
+            source = code_node.loc.source
+
+            begin
+              expr = RubyExpr.parse(source)
+              validate_ruby_helper(code_node, expr)
+            rescue RubyExpr::ParseError
+              nil
             end
           end
         end
@@ -185,13 +198,13 @@ EOF
         def validate_tag_expression(parent_token, expr, attr_name)
           return if expr.static_value?
 
-          if javascript_attribute_name?(attr_name) && expr.calls.empty?
+          if @config.javascript_attribute_name?(attr_name) && expr.calls.empty?
             add_error(
               "erb interpolation in javascript attribute must call '(...).to_json'",
-              location: NodeIterator::Location.new(
+              location: Tokenizer::Location.new(
                 @data,
-                parent_token.code_location.start + expr.start,
-                parent_token.code_location.start + expr.end
+                parent_token.loc.start + expr.start,
+                parent_token.loc.start + expr.end - 1
               )
             )
             return
@@ -201,57 +214,54 @@ EOF
             if call.method == :raw
               add_error(
                 "erb interpolation with '<%= raw(...) %>' inside html attribute is never safe",
-                location: NodeIterator::Location.new(
+                location: Tokenizer::Location.new(
                   @data,
-                  parent_token.code_location.start + expr.start,
-                  parent_token.code_location.start + expr.end
+                  parent_token.loc.start + expr.start,
+                  parent_token.loc.start + expr.end - 1
                 )
               )
             elsif call.method == :html_safe
               add_error(
                 "erb interpolation with '<%= (...).html_safe %>' inside html attribute is never safe",
-                location: NodeIterator::Location.new(
+                location: Tokenizer::Location.new(
                   @data,
-                  parent_token.code_location.start + expr.start,
-                  parent_token.code_location.start + expr.end
+                  parent_token.loc.start + expr.start,
+                  parent_token.loc.start + expr.end - 1
                 )
               )
-            elsif javascript_attribute_name?(attr_name) && !javascript_safe_method?(call.method)
+            elsif @config.javascript_attribute_name?(attr_name) && !@config.javascript_safe_method?(call.method)
               add_error(
                 "erb interpolation in javascript attribute must call '(...).to_json'",
-                location: NodeIterator::Location.new(
+                location: Tokenizer::Location.new(
                   @data,
-                  parent_token.code_location.start + expr.start,
-                  parent_token.code_location.start + expr.end
+                  parent_token.loc.start + expr.start,
+                  parent_token.loc.start + expr.end - 1
                 )
               )
             end
           end
         end
 
-        def javascript_attribute_name?(name)
-          @config.javascript_attribute_names.any?{ |other| other === name.to_s }
-        end
-
-        def javascript_safe_method?(name)
-          @config.javascript_safe_methods.include?(name.to_s)
-        end
-
         def validate_script_tag_content(node)
-          node.content_parts.each do |token|
-            case token.type
-            when :expr_literal, :expr_escaped
-              expr = RubyExpr.parse(token.code)
-              validate_script_expression(node, token, expr)
+          erb_nodes(node).each do |erb_node, indicator_node, code_node|
+            next unless indicator_node.present?
+            indicator = indicator_node.loc.source
+            next if indicator == '#'
+            source = code_node.loc.source
+
+            begin
+              expr = RubyExpr.parse(source)
+              validate_script_expression(erb_node, expr)
+            rescue RubyExpr::ParseError
             end
           end
         end
 
-        def validate_script_expression(node, token, expr)
+        def validate_script_expression(parent_node, expr)
           if expr.calls.empty?
             add_error(
               "erb interpolation in javascript tag must call '(...).to_json'",
-              location: token.location,
+              location: parent_node.loc,
             )
             return
           end
@@ -260,46 +270,49 @@ EOF
             if call.method == :raw
               call.arguments.each do |argument_node|
                 arguments_expr = RubyExpr.new(argument_node)
-                validate_script_expression(node, token, arguments_expr)
+                validate_script_expression(parent_node, arguments_expr)
               end
             elsif call.method == :html_safe
               instance_expr = RubyExpr.new(call.instance)
-              validate_script_expression(node, token, instance_expr)
-            elsif !javascript_safe_method?(call.method)
+              validate_script_expression(parent_node, instance_expr)
+            elsif !@config.javascript_safe_method?(call.method)
               add_error(
                 "erb interpolation in javascript tag must call '(...).to_json'",
-                location: token.location,
+                location: parent_node.loc,
               )
             end
           end
         end
 
         def validate_no_statements(node)
-          node.content_parts.each do |token|
-            if token.type == :stmt && !(/\A\s*end/m === token.code) && !token.code.start_with?('#')
-              add_error(
-                "erb statement not allowed here; did you mean '<%=' ?",
-                location: token.location,
-              )
-            end
+          erb_nodes(node).each do |erb_node, indicator_node, code_node|
+            next unless indicator_node.nil?
+            source = code_node.loc.source
+            next if /\A\s*end/m === source
+
+            add_error(
+              "erb statement not allowed here; did you mean '<%=' ?",
+              location: erb_node.loc,
+            )
           end
         end
 
         def validate_no_javascript_tag(node)
-          node.content_parts.each do |token|
-            next if token.type == :stmt && token.code.start_with?('#')
-            if [:stmt, :expr_literal, :expr_escaped].include?(token.type)
-              expr = begin
-                RubyExpr.parse(token.code)
-              rescue RubyExpr::ParseError
-                next
-              end
+          erb_nodes(node).each do |erb_node, indicator_node, code_node|
+            indicator = indicator_node&.loc&.source
+            next if indicator == '#'
+            source = code_node.loc.source
+
+            begin
+              expr = RubyExpr.parse(source)
+
               if expr.calls.size == 1 && expr.calls.first.method == :javascript_tag
                 add_error(
                   "'javascript_tag do' syntax is deprecated; use inline <script> instead",
-                  location: token.location,
+                  location: erb_node.loc,
                 )
               end
+            rescue RubyExpr::ParseError
             end
           end
         end