brakeman 4.5.1 → 4.7.1

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/error.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Haml
+  # An exception raised by Haml code.
+  class Error < StandardError
+
+    MESSAGES = {
+      bad_script_indent:            '"%s" is indented at wrong level: expected %d, but was at %d.',
+      cant_run_filter:              'Can\'t run "%s" filter; you must require its dependencies first',
+      cant_use_tabs_and_spaces:     "Indentation can't use both tabs and spaces.",
+      deeper_indenting:             "The line was indented %d levels deeper than the previous line.",
+      filter_not_defined:           'Filter "%s" is not defined.',
+      gem_install_filter_deps:      '"%s" filter\'s %s dependency missing: try installing it or adding it to your Gemfile',
+      illegal_element:              "Illegal element: classes and ids must have values.",
+      illegal_nesting_content:      "Illegal nesting: nesting within a tag that already has content is illegal.",
+      illegal_nesting_header:       "Illegal nesting: nesting within a header command is illegal.",
+      illegal_nesting_line:         "Illegal nesting: content can't be both given on the same line as %%%s and nested within it.",
+      illegal_nesting_plain:        "Illegal nesting: nesting within plain text is illegal.",
+      illegal_nesting_self_closing: "Illegal nesting: nesting within a self-closing tag is illegal.",
+      inconsistent_indentation:     "Inconsistent indentation: %s used for indentation, but the rest of the document was indented using %s.",
+      indenting_at_start:           "Indenting at the beginning of the document is illegal.",
+      install_haml_contrib:         'To use the "%s" filter, please install the haml-contrib gem.',
+      invalid_attribute_list:       'Invalid attribute list: %s.',
+      invalid_filter_name:          'Invalid filter name ":%s".',
+      invalid_tag:                  'Invalid tag: "%s".',
+      missing_if:                   'Got "%s" with no preceding "if"',
+      no_ruby_code:                 "There's no Ruby code for %s to evaluate.",
+      self_closing_content:         "Self-closing tags can't have content.",
+      unbalanced_brackets:          'Unbalanced brackets.',
+      no_end:                       <<-END
+You don't need to use "- end" in Haml. Un-indent to close a block:
+- if foo?
+  %strong Foo!
+- else
+  Not foo.
+%p This line is un-indented, so it isn't part of the "if" block
+END
+    }.freeze
+
+    def self.message(key, *args)
+      string = MESSAGES[key] or raise "[HAML BUG] No error messages for #{key}"
+      (args.empty? ? string : string % args).rstrip
+    end
+
+    # The line of the template on which the error occurred.
+    #
+    # @return [Fixnum]
+    attr_reader :line
+
+    # @param message [String] The error message
+    # @param line [Fixnum] See \{#line}
+    def initialize(message = nil, line = nil)
+      super(message)
+      @line = line
+    end
+  end
+
+  # SyntaxError is the type of exception raised when Haml encounters an
+  # ill-formatted document.
+  # It's not particularly interesting,
+  # except in that it's a subclass of {Haml::Error}.
+  class SyntaxError < Error; end
+
+  class InvalidAttributeNameError < SyntaxError; end
+end

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/escapable.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Haml
+  # Like Temple::Filters::Escapable, but with support for escaping by
+  # Haml::Herlpers.html_escape and Haml::Herlpers.escape_once.
+  class Escapable < Temple::Filter
+    def initialize(*)
+      super
+      @escape_code = "::Haml::Helpers.html_escape((%s))"
+      @escaper = eval("proc {|v| #{@escape_code % 'v'} }")
+      @once_escape_code = "::Haml::Helpers.escape_once((%s))"
+      @once_escaper = eval("proc {|v| #{@once_escape_code % 'v'} }")
+      @escape = false
+    end
+
+    def on_escape(flag, exp)
+      old = @escape
+      @escape = flag
+      compile(exp)
+    ensure
+      @escape = old
+    end
+
+    # The same as Haml::AttributeBuilder.build_attributes
+    def on_static(value)
+      [:static,
+       if @escape == :once
+         @once_escaper[value]
+       elsif @escape
+         @escaper[value]
+       else
+         value
+       end
+      ]
+    end
+
+    # The same as Haml::AttributeBuilder.build_attributes
+    def on_dynamic(value)
+      [:dynamic,
+       if @escape == :once
+         @once_escape_code % value
+       elsif @escape
+         @escape_code % value
+       else
+         "(#{value}).to_s"
+       end
+      ]
+    end
+  end
+end

data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/exec.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
+
 require 'optparse'
-require 'fileutils'
 require 'rbconfig'
 require 'pp'
 
@@ -120,7 +121,7 @@ module Haml
         @options[:input], @options[:output] = input, output
       end
 
-      COLORS = { :red => 31, :green => 32, :yellow => 33 }
+      COLORS = {red: 31, green: 32, yellow: 33}.freeze
 
       # Prints a status message about performing the given action,
       # colored using the given color (via terminal escapes) if possible.
@@ -212,11 +213,6 @@ END
           @options[:output] = StringIO.new
         end
 
-        opts.on('-t', '--style NAME',
-                'Output style. Can be indented (default) or ugly.') do |name|
-          @options[:for_engine][:ugly] = true if name.to_sym == :ugly
-        end
-
         opts.on('-f', '--format NAME',
                 'Output format. Can be html5 (default), xhtml, or html4.') do |name|
           @options[:for_engine][:format] = name.to_sym
@@ -237,6 +233,11 @@ END
           @options[:for_engine][:attr_wrapper] = '"'
         end
 
+        opts.on('--remove-whitespace',
+                'Remove whitespace surrounding and within tags') do
+          @options[:for_engine][:remove_whitespace] = true
+        end
+
         opts.on('--cdata',
                 'Always add CDATA sections to javascript and css blocks.') do
           @options[:for_engine][:cdata] = true
@@ -260,15 +261,13 @@ END
           @options[:load_paths] << path
         end
 
-        unless RUBY_VERSION < "1.9"
-          opts.on('-E ex[:in]', 'Specify the default external and internal character encodings.') do |encoding|
-            external, internal = encoding.split(':')
-            Encoding.default_external = external if external && !external.empty?
-            Encoding.default_internal = internal if internal && !internal.empty?
-          end
+        opts.on('-E ex[:in]', 'Specify the default external and internal character encodings.') do |encoding|
+          external, internal = encoding.split(':')
+          Encoding.default_external = external if external && !external.empty?
+          Encoding.default_internal = internal if internal && !internal.empty?
         end
 
-        opts.on('-d', '--debug', "Print out the precompiled Ruby source.") do
+        opts.on('-d', '--debug', "Print out the precompiled Ruby source, and show syntax errors in the Ruby code.") do
           @options[:debug] = true
         end
 
@@ -294,20 +293,33 @@ END
 
         begin
 
-          engine = ::Haml::Engine.new(template, @options[:for_engine])
-          if @options[:check_syntax]
-            puts "Syntax OK"
+          if @options[:parse]
+            parser = ::Haml::Parser.new(::Haml::Options.new(@options))
+            pp parser.call(template)
             return
           end
 
-          if @options[:parse]
-            pp engine.parser.root
+          engine = ::Haml::Engine.new(template, @options[:for_engine])
+
+          if @options[:check_syntax]
+            error = validate_ruby(engine.precompiled)
+            if error
+              puts error.message.split("\n").first
+              exit 1
+            end
+            puts "Syntax OK"
             return
           end
 
           if @options[:debug]
             puts engine.precompiled
-            puts '=' * 100
+            error = validate_ruby(engine.precompiled)
+            if error
+              puts '=' * 100
+              puts error.message.split("\n")[0]
+              exit 1
+            end
+            return
           end
 
           result = engine.to_html
@@ -324,6 +336,12 @@ END
         output.write(result)
         output.close() if output.is_a? File
       end
+
+      def validate_ruby(code)
+        eval("BEGIN {return nil}; #{code}", binding, @options[:filename] || "")
+      rescue ::SyntaxError # Not to be confused with Haml::SyntaxError
+        $!
+      end
     end
   end
 end

data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/filters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "tilt"
 
 module Haml
@@ -59,7 +61,7 @@ module Haml
     end
 
     # Removes a filter from Haml. If the filter was removed, it returns
-    # the that was remove Module upon success, or nil on failure. If you try
+    # the Module that was removed upon success, or nil on failure. If you try
     # to redefine a filter, Haml will raise an error. Use this method first to
     # explicitly remove the filter before redefining it.
     # @return Module The filter module that has been removed
@@ -118,7 +120,7 @@ module Haml
       # @param text [String] The source text for the filter to process
       # @return [String] The filtered result
       # @raise [Haml::Error] if it's not overridden
-      def render(text)
+      def render(_text)
         raise Error.new("#{self.inspect}#render not defined!")
       end
 
@@ -129,7 +131,7 @@ module Haml
       # @param text [String] The source text for the filter to process
       # @return [String] The filtered result
       # @raise [Haml::Error] if it or \{#render} isn't overridden
-      def render_with_options(text, options)
+      def render_with_options(text, _options)
         render(text)
       end
 
@@ -163,10 +165,14 @@ module Haml
           if contains_interpolation?(text)
             return if options[:suppress_eval]
 
-            text = unescape_interpolation(text).gsub(/(\\+)n/) do |s|
+            escape = options[:escape_filter_interpolations]
+            # `escape_filter_interpolations` defaults to `escape_html` if unset.
+            escape = options[:escape_html] if escape.nil?
+
+            text = unescape_interpolation(text, escape).gsub(/(\\+)n/) do |s|
               escapes = $1.size
               next s if escapes % 2 == 0
-              ("\\" * (escapes - 1)) + "\n"
+              "#{'\\' * (escapes - 1)}\n"
             end
             # We need to add a newline at the beginning to get the
             # filter lines to line up (since the Haml filter contains
@@ -174,20 +180,15 @@ module Haml
             # filter name). Then we need to escape the trailing
             # newline so that the whole filter block doesn't take up
             # too many.
-            text = "\n" + text.sub(/\n"\Z/, "\\n\"")
+            text = %[\n#{text.sub(/\n"\Z/, "\\n\"")}]
             push_script <<RUBY.rstrip, :escape_html => false
 find_and_preserve(#{filter.inspect}.render_with_options(#{text}, _hamlout.options))
 RUBY
             return
           end
 
-          rendered = Haml::Helpers::find_and_preserve(filter.render_with_options(text, compiler.options), compiler.options[:preserve])
-
-          if options[:ugly]
-            push_text(rendered.rstrip)
-          else
-            push_text(rendered.rstrip.gsub("\n", "\n#{'  ' * @output_tabs}"))
-          end
+          rendered = Haml::Helpers::find_and_preserve(filter.render_with_options(text.to_s, compiler.options), compiler.options[:preserve])
+          push_text("#{rendered.rstrip}\n")
         end
       end
     end
@@ -216,13 +217,10 @@ RUBY
           type = " type=#{options[:attr_wrapper]}text/javascript#{options[:attr_wrapper]}"
         end
 
-        str = "<script#{type}>\n"
-        str << "  //<![CDATA[\n" if options[:cdata]
-        str << "#{indent}#{text.rstrip.gsub("\n", "\n#{indent}")}\n"
-        str << "  //]]>\n" if options[:cdata]
-        str << "</script>"
+        text = text.rstrip
+        text.gsub!("\n", "\n#{indent}")
 
-        str
+        %!<script#{type}>\n#{"  //<![CDATA[\n" if options[:cdata]}#{indent}#{text}\n#{"  //]]>\n" if options[:cdata]}</script>!
       end
     end
 
@@ -240,13 +238,10 @@ RUBY
           type = " type=#{options[:attr_wrapper]}text/css#{options[:attr_wrapper]}"
         end
 
-        str = "<style#{type}>\n"
-        str << "  /*<![CDATA[*/\n" if options[:cdata]
-        str << "#{indent}#{text.rstrip.gsub("\n", "\n#{indent}")}\n"
-        str << "  /*]]>*/\n" if options[:cdata]
-        str << "</style>"
+        text = text.rstrip
+        text.gsub!("\n", "\n#{indent}")
 
-        str
+        %(<style#{type}>\n#{"  /*<![CDATA[*/\n" if options[:cdata]}#{indent}#{text}\n#{"  /*]]>*/\n" if options[:cdata]}</style>)
       end
     end
 
@@ -256,7 +251,7 @@ RUBY
 
       # @see Base#render
       def render(text)
-        "<![CDATA[#{("\n" + text).rstrip.gsub("\n", "\n    ")}\n]]>"
+        "<![CDATA[#{"\n#{text.rstrip}".gsub("\n", "\n    ")}\n]]>"
       end
     end
 
@@ -288,7 +283,7 @@ RUBY
       def compile(compiler, text)
         return if compiler.options[:suppress_eval]
         compiler.instance_eval do
-          push_silent <<-FIRST.gsub("\n", ';') + text + <<-LAST.gsub("\n", ';')
+          push_silent "#{<<-FIRST.tr("\n", ';')}#{text}#{<<-LAST.tr("\n", ';')}"
             begin
               haml_io = StringIO.new(_hamlout.buffer, 'a')
           FIRST

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/generator.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Haml
+  # Ruby code generator, which is a limited version of Temple::Generator.
+  # Limit methods since Haml doesn't need most of them.
+  class Generator
+    include Temple::Mixins::CompiledDispatcher
+    include Temple::Mixins::Options
+
+    define_options freeze_static: RUBY_VERSION >= '2.1'
+
+    def call(exp)
+      compile(exp)
+    end
+
+    def on_multi(*exp)
+      exp.map { |e| compile(e) }.join('; ')
+    end
+
+    def on_static(text)
+      concat(options[:freeze_static] ? "#{Util.inspect_obj(text)}.freeze" : Util.inspect_obj(text))
+    end
+
+    def on_dynamic(code)
+      concat(code)
+    end
+
+    def on_code(exp)
+      exp
+    end
+
+    def on_newline
+      "\n"
+    end
+
+    private
+
+    def concat(str)
+      "_hamlout.buffer << (#{str});"
+    end
+  end
+end

data/bundle/ruby/{2.5.0/gems/haml-4.0.7 → 2.6.0/gems/haml-5.1.2}/lib/haml/helpers.rb

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'erb'
+
 module Haml
   # This module contains various helpful methods to make it easier to do various tasks.
   # {Haml::Helpers} is automatically included in the context
@@ -106,7 +110,8 @@ MESSAGE
     #   @yield The block within which to escape newlines
     def find_and_preserve(input = nil, tags = haml_buffer.options[:preserve], &block)
       return find_and_preserve(capture_haml(&block), input || tags) if block
-      re = /<(#{tags.map(&Regexp.method(:escape)).join('|')})([^>]*)>(.*?)(<\/\1>)/im
+      tags = tags.map { |tag| Regexp.escape(tag) }.join('|')
+      re = /<(#{tags})([^>]*)>(.*?)(<\/\1>)/im
       input.to_s.gsub(re) do |s|
         s =~ re # Can't rely on $1, etc. existing since Rails' SafeBuffer#gsub is incompatible
         "<#{$1}#{$2}>#{preserve($3)}</#{$1}>"
@@ -117,17 +122,20 @@ MESSAGE
     # HTML entities so they'll render correctly in
     # whitespace-sensitive tags without screwing up the indentation.
     #
-    # @overload perserve(input)
+    # @overload preserve(input)
     #   Escapes newlines within a string.
     #
     #   @param input [String] The string within which to escape all newlines
-    # @overload perserve
+    # @overload preserve
     #   Escapes newlines within a block of Haml code.
     #
     #   @yield The block within which to escape newlines
     def preserve(input = nil, &block)
       return preserve(capture_haml(&block)) if block
-      input.to_s.chomp("\n").gsub(/\n/, '&#x000A;').gsub(/\r/, '')
+      s = input.to_s.chomp("\n")
+      s.gsub!(/\n/, '&#x000A;')
+      s.delete!("\r")
+      s
     end
     alias_method :flatten, :preserve
 
@@ -190,20 +198,19 @@ MESSAGE
     # @yield [item] A block which contains Haml code that goes within list items
     # @yieldparam item An element of `enum`
     def list_of(enum, opts={}, &block)
-      opts_attributes = opts.empty? ? "" : " ".<<(opts.map{|k,v| "#{k}='#{v}'" }.join(" "))
-      to_return = enum.collect do |i|
+      opts_attributes = opts.map { |k, v| " #{k}='#{v}'" }.join
+      enum.map do |i|
         result = capture_haml(i, &block)
 
         if result.count("\n") > 1
-          result = result.gsub("\n", "\n  ")
+          result.gsub!("\n", "\n  ")
           result = "\n  #{result.strip}\n"
         else
-          result = result.strip
+          result.strip!
         end
 
         %Q!<li#{opts_attributes}>#{result}</li>!
-      end
-      to_return.join("\n")
+      end.join("\n")
     end
 
     # Returns a hash containing default assignments for the `xmlns`, `lang`, and `xml:lang`
@@ -219,7 +226,11 @@ MESSAGE
     # @param lang [String] The value of `xml:lang` and `lang`
     # @return [{#to_s => String}] The attribute hash
     def html_attrs(lang = 'en-US')
-      {:xmlns => "http://www.w3.org/1999/xhtml", 'xml:lang' => lang, :lang => lang}
+      if haml_buffer.options[:format] == :xhtml
+        {:xmlns => "http://www.w3.org/1999/xhtml", 'xml:lang' => lang, :lang => lang}
+      else
+        {:lang => lang}
+      end
     end
 
     # Increments the number of tabs the buffer automatically adds
@@ -370,12 +381,10 @@ MESSAGE
         captured = haml_buffer.buffer.slice!(position..-1)
 
         if captured == '' and value != haml_buffer.buffer
-             captured = (value.is_a?(String) ? value : nil)
+          captured = (value.is_a?(String) ? value : nil)
         end
 
-        return nil if captured.nil?
-        return (haml_buffer.options[:ugly] ? captured : prettify(captured))
-
+        captured
       end
     ensure
       haml_buffer.capture_position = nil
@@ -385,14 +394,34 @@ MESSAGE
     #
     # @param text [#to_s] The text to output
     def haml_concat(text = "")
-      unless haml_buffer.options[:ugly] || haml_indent == 0
-        haml_buffer.buffer << haml_indent <<
-          text.to_s.gsub("\n", "\n" + haml_indent) << "\n"
+      haml_internal_concat text
+      ErrorReturn.new("haml_concat")
+    end
+
+    # Internal method to write directly to the buffer with control of
+    # whether the first line should be indented, and if there should be a
+    # final newline.
+    #
+    # Lines added will have the proper indentation. This can be controlled
+    # for the first line.
+    #
+    # Used by #haml_concat and #haml_tag.
+    #
+    # @param text [#to_s] The text to output
+    # @param newline [Boolean] Whether to add a newline after the text
+    # @param indent [Boolean] Whether to add indentation to the first line
+    def haml_internal_concat(text = "", newline = true, indent = true)
+      if haml_buffer.tabulation == 0
+        haml_buffer.buffer << "#{text}#{"\n" if newline}"
       else
-        haml_buffer.buffer << text.to_s << "\n"
+        haml_buffer.buffer << %[#{haml_indent if indent}#{text.to_s.gsub("\n", "\n#{haml_indent}")}#{"\n" if newline}]
       end
-      ErrorReturn.new("haml_concat")
     end
+    private :haml_internal_concat
+
+    # Allows writing raw content. `haml_internal_concat_raw` isn't
+    # effected by XSS mods. Used by #haml_tag to write the actual tags.
+    alias :haml_internal_concat_raw :haml_internal_concat
 
     # @return [String] The indentation string for the current line
     def haml_indent
@@ -466,14 +495,14 @@ MESSAGE
       attrs.keys.each {|key| attrs[key.to_s] = attrs.delete(key)} unless attrs.empty?
       name, attrs = merge_name_and_attributes(name.to_s, attrs)
 
-      attributes = Haml::Compiler.build_attributes(haml_buffer.html?,
+      attributes = Haml::AttributeBuilder.build_attributes(haml_buffer.html?,
         haml_buffer.options[:attr_wrapper],
         haml_buffer.options[:escape_attrs],
         haml_buffer.options[:hyphenate_data_attrs],
         attrs)
 
       if text.nil? && block.nil? && (haml_buffer.options[:autoclose].include?(name) || flags.include?(:/))
-        haml_concat "<#{name}#{attributes} />"
+        haml_internal_concat_raw "<#{name}#{attributes}#{' /' if haml_buffer.options[:format] == :xhtml}>"
         return ret
       end
 
@@ -483,17 +512,19 @@ MESSAGE
       end
 
       tag = "<#{name}#{attributes}>"
+      end_tag = "</#{name}>"
       if block.nil?
         text = text.to_s
         if text.include?("\n")
-          haml_concat tag
+          haml_internal_concat_raw tag
           tab_up
-          haml_concat text
+          haml_internal_concat text
           tab_down
-          haml_concat "</#{name}>"
+          haml_internal_concat_raw end_tag
         else
-          tag << text << "</#{name}>"
-          haml_concat tag
+          haml_internal_concat_raw tag, false
+          haml_internal_concat text, false, false
+          haml_internal_concat_raw end_tag, true, false
         end
         return ret
       end
@@ -503,67 +534,92 @@ MESSAGE
       end
 
       if flags.include?(:<)
-        tag << capture_haml(&block).strip << "</#{name}>"
-        haml_concat tag
+        haml_internal_concat_raw tag, false
+        haml_internal_concat "#{capture_haml(&block).strip}", false, false
+        haml_internal_concat_raw end_tag, true, false
         return ret
       end
 
-      haml_concat tag
+      haml_internal_concat_raw tag
       tab_up
       block.call
       tab_down
-      haml_concat "</#{name}>"
+      haml_internal_concat_raw end_tag
 
       ret
     end
 
-    # Characters that need to be escaped to HTML entities from user input
-    HTML_ESCAPE = { '&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;', '"'=>'&quot;', "'"=>'&#039;', }
+    # Conditionally wrap a block in an element. If `condition` is `true` then
+    # this method renders the tag described by the arguments in `tag` (using
+    # \{#haml_tag}) with the given block inside, otherwise it just renders the block.
+    #
+    # For example,
+    #
+    #     - haml_tag_if important, '.important' do
+    #       %p
+    #         A (possibly) important paragraph.
+    #
+    # will produce
+    #
+    #     <div class='important'>
+    #       <p>
+    #         A (possibly) important paragraph.
+    #       </p>
+    #     </div>
+    #
+    # if `important` is truthy, and just
+    #
+    #     <p>
+    #       A (possibly) important paragraph.
+    #     </p>
+    #
+    # otherwise.
+    #
+    # Like \{#haml_tag}, `haml_tag_if` outputs directly to the buffer and its
+    # return value should not be used. Use \{#capture_haml} if you need to use
+    # its results as a string.
+    #
+    # @param condition The condition to test to determine whether to render
+    #   the enclosing tag
+    # @param tag Definition of the enclosing tag. See \{#haml_tag} for details
+    #   (specifically the form that takes a block)
+    def haml_tag_if(condition, *tag)
+      if condition
+        haml_tag(*tag){ yield }
+      else
+        yield
+      end
+      ErrorReturn.new("haml_tag_if")
+    end
 
-    HTML_ESCAPE_REGEX = /[\"><&]/
+    # Characters that need to be escaped to HTML entities from user input
+    HTML_ESCAPE = {'&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#39;'}.freeze
 
-    if RUBY_VERSION >= '1.9'
-      # Include docs here so they are picked up by Yard
+    HTML_ESCAPE_REGEX = /['"><&]/
 
-      # Returns a copy of `text` with ampersands, angle brackets and quotes
-      # escaped into HTML entities.
-      #
-      # Note that if ActionView is loaded and XSS protection is enabled
-      # (as is the default for Rails 3.0+, and optional for version 2.3.5+),
-      # this won't escape text declared as "safe".
-      #
-      # @param text [String] The string to sanitize
-      # @return [String] The sanitized string
-      def html_escape(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
-      end
-    else
-      def html_escape(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_REGEX) {|s| HTML_ESCAPE[s]}
-      end
+    # Returns a copy of `text` with ampersands, angle brackets and quotes
+    # escaped into HTML entities.
+    #
+    # Note that if ActionView is loaded and XSS protection is enabled
+    # (as is the default for Rails 3.0+, and optional for version 2.3.5+),
+    # this won't escape text declared as "safe".
+    #
+    # @param text [String] The string to sanitize
+    # @return [String] The sanitized string
+    def html_escape(text)
+      ERB::Util.html_escape(text)
     end
 
-    HTML_ESCAPE_ONCE_REGEX = /[\"><]|&(?!(?:[a-zA-Z]+|(#\d+));)/
-
-    if RUBY_VERSION >= '1.9'
-      # Include docs here so they are picked up by Yard
+    HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
-      # Escapes HTML entities in `text`, but without escaping an ampersand
-      # that is already part of an escaped entity.
-      #
-      # @param text [String] The string to sanitize
-      # @return [String] The sanitized string
-      def escape_once(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
-      end
-    else
-      def escape_once(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_ONCE_REGEX){|s| HTML_ESCAPE[s]}
-      end
+    # Escapes HTML entities in `text`, but without escaping an ampersand
+    # that is already part of an escaped entity.
+    #
+    # @param text [String] The string to sanitize
+    # @return [String] The sanitized string
+    def escape_once(text)
+      text = text.to_s
+      text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
     end
 
     # Returns whether or not the current template is a Haml template.
@@ -593,7 +649,7 @@ MESSAGE
       # skip merging if no ids or classes found in name
       return name, attributes_hash unless name =~ /^(.+?)?([\.#].*)$/
 
-      return $1 || "div", Buffer.merge_attrs(
+      return $1 || "div", AttributeBuilder.merge_attributes!(
         Haml::Parser.parse_class_and_id($2), attributes_hash)
     end
 
@@ -630,22 +686,6 @@ MESSAGE
       _erbout = _erbout = _hamlout.buffer
       proc { |*args| proc.call(*args) }
     end
-
-    def prettify(text)
-      text = text.split(/^/)
-      text.delete('')
-
-      min_tabs = nil
-      text.each do |line|
-        tabs = line.index(/[^ ]/) || line.length
-        min_tabs ||= tabs
-        min_tabs = min_tabs > tabs ? tabs : min_tabs
-      end
-
-      text.map do |line|
-        line.slice(min_tabs, line.length)
-      end.join
-    end
   end
 end
 
@@ -661,4 +701,3 @@ class Object
     false
   end
 end
-