brakeman 4.6.1 → 4.7.0

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/REFERENCE.md

@@ -115,13 +115,18 @@ Haml::Options.defaults:
 
     Haml::Options.defaults[:format] = :html5
 
+In sinatra specifically, you can set them in global config with:
+```ruby
+set :haml, { escape_html: true }
+```
+
 Finally, you can also set them by passing an options hash to
 {Haml::Engine#initialize}. For the complete list of available options, please
 see {Haml::Options}.
 
 ### Encodings
 
-When using Ruby 1.9 or later, Haml supports the same sorts of
+Haml supports the same sorts of
 encoding-declaration comments that Ruby does. Although both Ruby and Haml
 support several different styles, the easiest it just to add `-# coding:
 encoding-name` at the beginning of the Haml template (it must come before all
@@ -233,8 +238,7 @@ is compiled to:
 
     <script src='javascripts/script_9' type='text/javascript'></script>
 
-#### `:class` and `:id` Attributes
-{#class-and-id-attributes}
+#### `:class` and `:id` Attributes {#class-and-id-attributes}
 
 The `:class` and `:id` attributes can also be specified as a Ruby array whose
 elements will be joined together. A `:class` array is joined with `" "` and an
@@ -306,7 +310,7 @@ hash-style attributes:
 
 #### Ruby 1.9-style Hashes
 
-On Ruby 1.9, Haml also supports Ruby's new hash syntax:
+Haml also supports Ruby's new hash syntax:
 
     %a{title: @title, href: href} Stuff
 
@@ -389,27 +393,49 @@ or using `true` and `false`:
 
     %input(selected=true)
 
-#### HTML5 Custom Data Attributes
+<!-- The title to the next section (Prefixed Attributes) has changed. This
+<a> tag is so old links to here still work. -->
+<a id="html5_custom_data_attributes" style="border:0;"></a>
+
+#### Prefixed Attributes
+
+HTML5 allows for adding
+[custom non-visible data attributes](http://www.whatwg.org/specs/web-apps/current-work/multipage/elements.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
+to elements using attribute names beginning with `data-`. The
+[Accessible Rich Internet Applications](http://www.w3.org/WAI/intro/aria)
+specification makes use of attributes beginning with `aria-`. There are also
+frameworks that use non-standard attributes with a common prefix.
 
-HTML5 allows for adding [custom non-visible data
-attributes](http://www.whatwg.org/specs/web-apps/current-work/multipage/elements.html#embedding-custom-non-visible-data)
-to elements using attribute names beginning with `data-`. Custom data attributes
-can be used in Haml by using the key `:data` with a Hash value in an attribute
-hash. Each of the key/value pairs in the Hash will be transformed into a custom
-data attribute. For example:
+Haml can help generate collections of attributes that share a prefix like
+these. Any entry in an attribute hash that has a Hash as its value is expanded
+into a series of attributes, one for each key/value pair in the hash, with the
+attribute name formed by joining the “parent” key name to the key name with a
+hyphen.
 
-    %a{:href=>"/posts", :data => {:author_id => 123}} Posts By Author
+For example:
+
+    %a{:href=>"/posts", :data => {:author_id => 123, :category => 7}} Posts By Author
 
 will render as:
 
-    <a data-author-id='123' href='/posts'>Posts By Author</a>
+    <a data-author-id='123' data-category='7' href='/posts'>Posts By Author</a>
 
 Notice that the underscore in `author_id` was replaced by a hyphen. If you wish
 to suppress this behavior, you can set Haml's
 {Haml::Options#hyphenate_data_attrs `:hyphenate_data_attrs` option} to `false`,
 and the output will be rendered as:
 
-    <a data-author_id='123' href='/posts'>Posts By Author</a>
+    <a data-author_id='123' data-category='7' href='/posts'>Posts By Author</a>
+
+This expansion of hashes is recursive – any value of the child hash that is
+itself a hash will create an attribute for each entry, with the attribute name
+prefixed with all ancestor keys. For example:
+
+    .book-info{:data => {:book => {:id => 123, :genre => 'programming'}, :category => 7}}
+
+will render as:
+
+    <div class='book-info' data-book-genre='programming' data-book-id='123' data-category='7'></div>
 
 ### Class and ID: `.` and `#`
 
@@ -496,23 +522,23 @@ and is compiled to:
 The forward slash character, when placed at the end of a tag definition, causes
 Haml to treat it as being an empty (or void) element. Depending on the format,
 the tag will be rendered either without a closing tag (`:html4` or `:html5`), or
-as a self-closing tag (`:xhtml`). For example:
+as a self-closing tag (`:xhtml`).
+
+Taking the following as an example:
 
     %br/
     %meta{'http-equiv' => 'Content-Type', :content => 'text/html'}/
 
-is compiled to:
+When the format is `:html4` or `:html5` this is compiled to:
 
     <br>
     <meta content='text/html' http-equiv='Content-Type'>
 
-when the format is `:html4` or `:html5`, and to
+and when the format is `:xhtml` it is compiled to:
 
     <br />
     <meta content='text/html' http-equiv='Content-Type' />
 
-when the format is `:xhtml`.
-
 Some tags are automatically treated as being empty, as long as they have no
 content in the Haml source. `meta`, `img`, `link`, `br`, `hr`, `input`,
 `area`, `param`, `col` and `base` tags are treated as empty by default. This
@@ -779,6 +805,21 @@ is compiled to:
       </a>
     <![endif]-->
 
+To generate “downlevel-revealed” conditional comments, where the content is
+hidden from IE but not other browsers,  add a `!` before the brackets: `/![]`.
+Haml will produce valid HTML when generating this kind of conditional comment.
+
+For example:
+
+    /![if !IE]
+      You are not using Internet Explorer, or are using version 10+.
+
+is compiled to:
+
+    <!--[if !IE]><!-->
+      You are not using Internet Explorer, or are using version 10+.
+    <!--<![endif]-->
+
 ### Haml Comments: `-#`
 
 The hyphen followed immediately by the pound sign signifies a silent comment.
@@ -985,6 +1026,21 @@ might compile to:
       //]]>
     </script>
 
+#### Gotchas
+
+Haml uses an overly simplistic regular expression to identify string
+interpolation rather than a full-blown Ruby parser. This is fast and works for
+most code but you may have errors with code like the following:
+
+    %span #{'{'}
+
+This code will generate a syntax error, complaining about unbalanced brackets.
+In cases like this, the recommended workaround is output the code as a Ruby
+string to force Haml to parse the code with Ruby.
+
+    %span= "#{'{'}"
+
+
 ### Escaping HTML: `&=` {#escaping_html}
 
 An ampersand followed by one or two equals characters evaluates Ruby code just
@@ -1069,8 +1125,8 @@ is compiled to
       <p>I <strong>really</strong> prefer <em>raspberry</em> jam.</p>
     </div>
 
-Currently, filters ignore the {Haml::Options#escape_html `:escape_html`} option.
-This means that `#{}` interpolation within filters is never HTML-escaped.
+Note that `#{}` interpolation within filters is HTML-escaped if you specify true to
+{Haml::Options#escape_filter_interpolations `:escape_filter_interpolations`} option.
 
 The functionality of some filters such as Markdown can be provided by many
 different libraries. Usually you don't have to worry about this - you can just
@@ -1087,53 +1143,53 @@ more info.
 
 Haml comes with the following filters defined:
 
-{#cdata-filter}
-### `:cdata`
+### `:cdata` {#cdata-filter}
+
 Surrounds the filtered text with CDATA tags.
 
-{#coffee-filter}
-### `:coffee`
-Compiles the filtered text to Javascript using Cofeescript. You can also
-reference this filter as `:coffeescript`. This filter is implemented using
-Tilt.
+### `:coffee` {#coffee-filter}
+
+Compiles the filtered text to JavaScript in `<script>` tag using CoffeeScript.
+You can also reference this filter as `:coffeescript`. This filter is
+implemented using Tilt.
+
+### `:css` {#css-filter}
 
-{#css-filter}
-### `:css`
 Surrounds the filtered text with `<style>` and (optionally) CDATA tags. Useful
 for including inline CSS. Use the {Haml::Options#cdata `:cdata` option} to
 control when CDATA tags are added.
 
-{#erb-filter}
-### `:erb`
-Parses the filtered text with ERb, like an RHTML template. Not available if the
+### `:erb` {#erb-filter}
+
+Parses the filtered text with ERB, like an RHTML template. Not available if the
 {Haml::Options#suppress_eval `:suppress_eval`} option is set to true. Embedded
 Ruby code is evaluated in the same context as the Haml template. This filter is
 implemented using Tilt.
 
-{#escaped-filter}
-### `:escaped`
+### `:escaped` {#escaped-filter}
+
 Works the same as plain, but HTML-escapes the text
 before placing it in the document.
 
-{#javascript-filter}
-### `:javascript`
+### `:javascript` {#javascript-filter}
+
 Surrounds the filtered text with `<script>` and (optionally) CDATA tags.
 Useful for including inline Javascript. Use the {Haml::Options#cdata `:cdata`
 option} to control when CDATA tags are added.
 
-{#less-filter}
-### `:less`
-Parses the filtered text with [Less](http://lesscss.org/) to produce CSS output.
+### `:less` {#less-filter}
+
+Parses the filtered text with [Less](http://lesscss.org/) to produce CSS output in `<style>` tag.
 This filter is implemented using Tilt.
 
-{#markdown-filter}
-### `:markdown`
+### `:markdown` {#markdown-filter}
+
 Parses the filtered text with
 [Markdown](http://daringfireball.net/projects/markdown). This filter is
 implemented using Tilt.
 
-{#maruku-filter}
-### `:maruku`
+### `:maruku` {#maruku-filter}
+
 Parses the filtered text with [Maruku](https://github.com/nex3/maruku), which
 has some non-standard extensions to Markdown.
 
@@ -1142,39 +1198,40 @@ contrib](https://github.com/haml/haml-contrib) but is loaded automatically for
 historical reasons. In future versions of Haml it will likely not be loaded by
 default. This filter is implemented using Tilt.
 
-{#plain-filter}
-### `:plain`
+### `:plain` {#plain-filter}
+
 Does not parse the filtered text. This is useful for large blocks of text
 without HTML tags, when you don't want lines starting with `.` or `-` to be
 parsed.
 
-{#preserve-filter}
-### `:preserve`
+### `:preserve` {#preserve-filter}
+
 Inserts the filtered text into the template with whitespace preserved.
 `preserve`d blocks of text aren't indented, and newlines are replaced with the
 HTML escape code for newlines, to preserve nice-looking output. See also
 [Whitespace Preservation](#whitespace_preservation).
 
-{#ruby-filter}
-### `:ruby`
+### `:ruby` {#ruby-filter}
+
 Parses the filtered text with the normal Ruby interpreter. Creates an `IO`
 object named `haml_io`, anything written to it is output into the Haml document.
 Not available if the {Haml::Options#suppress_eval `:suppress_eval`} option is
 set to true. The Ruby code is evaluated in the same context as the Haml
 template.
 
-{#sass-filter}
-### `:sass`
+### `:sass` {#sass-filter}
+
 Parses the filtered text with [Sass](http://sass-lang.com/) to produce CSS
-output. This filter is implemented using Tilt.
+output in `<style>` tag. This filter is implemented using Tilt.
+
+### `:scss` {#scss-filter}
 
-{#scss-filter}
-### `:scss`
 Parses the filtered text with Sass like the `:sass` filter, but uses the newer
-SCSS syntax to produce CSS output. This filter is implemented using Tilt.
+SCSS syntax to produce CSS output in `<style>` tag. This filter is implemented
+using Tilt.
+
+### `:textile` {#textile-filter}
 
-{#textile-filter}
-### `:textile`
 Parses the filtered text with [Textile](http://www.textism.com/tools/textile).
 Only works if [RedCloth](http://redcloth.org) is installed.
 
@@ -1194,8 +1251,8 @@ the whitespace removal methods allow. There are a few helper methods that are
 useful when dealing with inline content. All these methods take a Haml block to
 modify.
 
-{#surround}
-### surround
+### surround {#surround}
+
 Surrounds a Haml block with text. Expects 1 or 2 string arguments used to
 surround the Haml block. If a second argument is not provided, the first
 argument is used as the second.
@@ -1203,15 +1260,15 @@ argument is used as the second.
     = surround "(", ")" do
       = link_to "learn more", "#"
 
-{#precede}
-### precede
+### precede {#precede}
+
 Prepends a Haml block with text. Expects 1 argument.
 
     = precede "*" do
       %span Required
 
-{#succeed}
-### succeed
+### succeed {#succeed}
+
 Appends a Haml block with text. Expects 1 argument.
 
     Begin by

data/bundle/ruby/2.6.0/gems/haml-5.1.2/TODO

@@ -0,0 +1,24 @@
+# -*- mode: org -*-
+#+STARTUP: nofold
+
+* Documentation
+  Redo tutorial?
+  Using helpers
+    haml_concat and haml_tag in particular
+  Syntax highlighting?
+
+* Code
+  Keep track of error offsets everywhere
+    Use this to show error location in messages
+** Haml
+   Support finer-grained HTML-escaping in filters
+   Speed
+     Make tags with dynamic attributes pre-render as much as possible
+     Including the attribute name where doable
+   :html improvements
+     Ignore closing tags where we can
+       http://code.google.com/speed/articles/optimizing-html.html
+       Requires Haml parsing refactor
+     Don't quote attributes that don't require it
+       http://www.w3.org/TR/REC-html40/intro/sgmltut.html#h-3.2.2
+       http://www.w3.org/TR/html5/syntax.html#attributes

data/bundle/ruby/2.6.0/gems/haml-5.1.2/haml.gemspec

@@ -0,0 +1,44 @@
+($LOAD_PATH << File.expand_path("../lib", __FILE__)).uniq!
+require "haml/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = 'haml'
+  spec.summary     = "An elegant, structured (X)HTML/XML templating engine."
+  spec.version     = Haml::VERSION
+  spec.authors     = ['Natalie Weizenbaum', 'Hampton Catlin', 'Norman Clarke', 'Akira Matsuda']
+  spec.email       = ['haml@googlegroups.com', 'ronnie@dio.jp']
+
+  spec.executables = ['haml']
+  spec.files       = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{\Atest/})
+  end
+  spec.homepage    = 'http://haml.info/'
+  spec.license     = "MIT"
+  spec.metadata    = {
+    "bug_tracker_uri"   => "https://github.com/haml/haml/issues",
+    "changelog_uri"     => "https://github.com/haml/haml/blob/master/CHANGELOG.md",
+    "documentation_uri" => "http://haml.info/docs.html",
+    "homepage_uri"      => "http://haml.info",
+    "mailing_list_uri"  => "https://groups.google.com/forum/?fromgroups#!forum/haml",
+    "source_code_uri"   => "https://github.com/haml/haml"
+  }
+
+  spec.required_ruby_version = '>= 2.0.0'
+
+  spec.add_dependency 'temple', '>= 0.8.0'
+  spec.add_dependency 'tilt'
+
+  spec.add_development_dependency 'rails', '>= 4.0.0'
+  spec.add_development_dependency 'rbench'
+  spec.add_development_dependency 'minitest', '>= 4.0'
+  spec.add_development_dependency 'nokogiri'
+
+  spec.description = <<-END
+Haml (HTML Abstraction Markup Language) is a layer on top of HTML or XML that's
+designed to express the structure of documents in a non-repetitive, elegant, and
+easy way by using indentation rather than closing tags and allowing Ruby to be
+embedded with ease. It was originally envisioned as a plugin for Ruby on Rails,
+but it can function as a stand-alone templating engine.
+END
+
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'haml/version'
 
 # The module that contains everything Haml-related:

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_builder.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+module Haml
+  module AttributeBuilder
+    # https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+    INVALID_ATTRIBUTE_NAME_REGEX = /[ \0"'>\/=]/
+
+    class << self
+      def build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
+        # @TODO this is an absolutely ridiculous amount of arguments. At least
+        # some of this needs to be moved into an instance method.
+        join_char = hyphenate_data_attrs ? '-' : '_'
+
+        attributes.each do |key, value|
+          if value.is_a?(Hash)
+            data_attributes = attributes.delete(key)
+            data_attributes = flatten_data_attributes(data_attributes, '', join_char)
+            data_attributes = build_data_keys(data_attributes, hyphenate_data_attrs, key)
+            verify_attribute_names!(data_attributes.keys)
+            attributes = data_attributes.merge(attributes)
+          end
+        end
+
+        result = attributes.collect do |attr, value|
+          next if value.nil?
+
+          value = filter_and_join(value, ' ') if attr == 'class'
+          value = filter_and_join(value, '_') if attr == 'id'
+
+          if value == true
+            next " #{attr}" if is_html
+            next " #{attr}=#{attr_wrapper}#{attr}#{attr_wrapper}"
+          elsif value == false
+            next
+          end
+
+          value =
+            if escape_attrs == :once
+              Haml::Helpers.escape_once(value.to_s)
+            elsif escape_attrs
+              Haml::Helpers.html_escape(value.to_s)
+            else
+              value.to_s
+            end
+          " #{attr}=#{attr_wrapper}#{value}#{attr_wrapper}"
+        end
+        result.compact!
+        result.sort!
+        result.join
+      end
+
+      # @return [String, nil]
+      def filter_and_join(value, separator)
+        return '' if (value.respond_to?(:empty?) && value.empty?)
+
+        if value.is_a?(Array)
+          value = value.flatten
+          value.map! {|item| item ? item.to_s : nil}
+          value.compact!
+          value = value.join(separator)
+        else
+          value = value ? value.to_s : nil
+        end
+        !value.nil? && !value.empty? && value
+      end
+
+      # Merges two attribute hashes.
+      # This is the same as `to.merge!(from)`,
+      # except that it merges id, class, and data attributes.
+      #
+      # ids are concatenated with `"_"`,
+      # and classes are concatenated with `" "`.
+      # data hashes are simply merged.
+      #
+      # Destructively modifies `to`.
+      #
+      # @param to [{String => String,Hash}] The attribute hash to merge into
+      # @param from [{String => Object}] The attribute hash to merge from
+      # @return [{String => String,Hash}] `to`, after being merged
+      def merge_attributes!(to, from)
+        from.keys.each do |key|
+          to[key] = merge_value(key, to[key], from[key])
+        end
+        to
+      end
+
+      # Merge multiple values to one attribute value. No destructive operation.
+      #
+      # @param key [String]
+      # @param values [Array<Object>]
+      # @return [String,Hash]
+      def merge_values(key, *values)
+        values.inject(nil) do |to, from|
+          merge_value(key, to, from)
+        end
+      end
+
+      def verify_attribute_names!(attribute_names)
+        attribute_names.each do |attribute_name|
+          if attribute_name =~ INVALID_ATTRIBUTE_NAME_REGEX
+            raise InvalidAttributeNameError.new("Invalid attribute name '#{attribute_name}' was rendered")
+          end
+        end
+      end
+
+      private
+
+      # Merge a couple of values to one attribute value. No destructive operation.
+      #
+      # @param to [String,Hash,nil]
+      # @param from [Object]
+      # @return [String,Hash]
+      def merge_value(key, to, from)
+        if from.kind_of?(Hash) || to.kind_of?(Hash)
+          from = { nil => from } if !from.is_a?(Hash)
+          to   = { nil => to }   if !to.is_a?(Hash)
+          to.merge(from)
+        elsif key == 'id'
+          merged_id = filter_and_join(from, '_')
+          if to && merged_id
+            merged_id = "#{to}_#{merged_id}"
+          elsif to || merged_id
+            merged_id ||= to
+          end
+          merged_id
+        elsif key == 'class'
+          merged_class = filter_and_join(from, ' ')
+          if to && merged_class
+            merged_class = (merged_class.split(' ') | to.split(' ')).sort.join(' ')
+          elsif to || merged_class
+            merged_class ||= to
+          end
+          merged_class
+        else
+          from
+        end
+      end
+
+      def build_data_keys(data_hash, hyphenate, attr_name="data")
+        Hash[data_hash.map do |name, value|
+          if name == nil
+            [attr_name, value]
+          elsif hyphenate
+            ["#{attr_name}-#{name.to_s.tr('_', '-')}", value]
+          else
+            ["#{attr_name}-#{name}", value]
+          end
+        end]
+      end
+
+      def flatten_data_attributes(data, key, join_char, seen = [])
+        return {key => data} unless data.is_a?(Hash)
+
+        return {key => nil} if seen.include? data.object_id
+        seen << data.object_id
+
+        data.sort {|x, y| x[0].to_s <=> y[0].to_s}.inject({}) do |hash, (k, v)|
+          joined = key == '' ? k : [key, k].join(join_char)
+          hash.merge! flatten_data_attributes(v, joined, join_char, seen)
+        end
+      end
+    end
+  end
+end