brakeman 4.6.1 → 4.7.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of brakeman might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +11 -0
- data/bundle/load.rb +7 -7
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/CHANGELOG.md +122 -4
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/FAQ.md +4 -14
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/Gemfile +19 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/MIT-LICENSE +2 -2
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/README.md +80 -42
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/REFERENCE.md +121 -64
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/TODO +24 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/haml.gemspec +44 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_builder.rb +164 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_compiler.rb +224 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/attribute_parser.rb +150 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/buffer.rb +25 -132
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/compiler.rb +330 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/engine.rb +34 -41
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/error.rb +65 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/escapable.rb +50 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/exec.rb +38 -20
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/filters.rb +22 -27
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/generator.rb +42 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers.rb +129 -90
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_extensions.rb +4 -2
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_mods.rb +45 -60
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_xss_mods.rb +2 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/helpers/safe_erubi_template.rb +20 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/safe_erubis_template.rb +5 -1
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/xss_mods.rb +19 -12
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/options.rb +63 -69
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/parser.rb +292 -228
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/plugin.rb +37 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/railtie.rb +48 -0
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/sass_rails_filter.rb +18 -4
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/template.rb +13 -6
- data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/template/options.rb +13 -2
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_engine.rb +123 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/temple_line_counter.rb +30 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/util.rb +258 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/version.rb +5 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/fulldoc/html/css/common.sass +15 -0
- data/bundle/ruby/2.6.0/gems/haml-5.1.2/yard/default/layout/html/footer.erb +12 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/AUTHORS +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/COPYING +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/Changelog.md +3 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/Gemfile +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/LICENSE +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/README.md +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/TODO +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/appveyor.yml +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/highline.gemspec +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/builtin_styles.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/color_scheme.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/compatibility.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/custom_errors.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/import.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/io_console_compatible.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/list.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/list_renderer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/menu.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/menu/item.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/paginator.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/question.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/question/answer_converter.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/question_asker.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/simulate.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/statement.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/string.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/string_extensions.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/style.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/template_renderer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/terminal.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/terminal/io_console.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/terminal/ncurses.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/terminal/unix_stty.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/version.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{highline-2.0.2 → highline-2.0.3}/lib/highline/wrapper.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby2ruby-2.4.3 → ruby2ruby-2.4.4}/History.rdoc +6 -0
- data/bundle/ruby/2.6.0/gems/{ruby2ruby-2.4.3 → ruby2ruby-2.4.4}/Manifest.txt +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby2ruby-2.4.3 → ruby2ruby-2.4.4}/README.rdoc +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby2ruby-2.4.3 → ruby2ruby-2.4.4}/lib/ruby2ruby.rb +3 -3
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/History.rdoc +38 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/Manifest.txt +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/README.rdoc +3 -3
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/compare/normalize.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/debugging.md +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/rp_extensions.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/rp_stringscanner.rb +0 -0
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby20_parser.rb +7045 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1/lib/ruby_parser.yy → ruby_parser-3.14.0/lib/ruby20_parser.y} +390 -397
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby21_parser.rb +7116 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby21_parser.y +399 -254
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby22_parser.rb +7149 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby22_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby23_parser.rb +7166 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby23_parser.y +400 -255
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby24_parser.rb +7178 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby24_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby25_parser.rb +7178 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby25_parser.y +404 -257
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby26_parser.rb +7198 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby26_parser.y +410 -261
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby_lexer.rb +424 -432
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby_lexer.rex +0 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby_lexer.rex.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby_parser.rb +27 -27
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.14.0/lib/ruby_parser.yy +2732 -0
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/lib/ruby_parser_extras.rb +627 -406
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/tools/munge.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{ruby_parser-3.13.1 → ruby_parser-3.14.0}/tools/ripper.rb +13 -2
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/History.rdoc +13 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/Manifest.txt +1 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/README.rdoc +0 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/lib/composite_sexp_processor.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/lib/pt_testcase.rb +0 -0
- data/bundle/ruby/2.6.0/gems/sexp_processor-4.13.0/lib/sexp.rb +381 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1/lib/sexp.rb → sexp_processor-4.13.0/lib/sexp_matcher.rb} +25 -385
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/lib/sexp_processor.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/lib/strict_sexp.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{sexp_processor-4.12.1 → sexp_processor-4.13.0}/lib/unique.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/CHANGES +5 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/EXPRESSIONS.md +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/Gemfile +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/LICENSE +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/README.md +1 -1
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/engine.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/erb/engine.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/erb/parser.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/erb/template.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/erb/trimming.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/exceptions.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filter.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/code_merger.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/control_flow.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/dynamic_inliner.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/encoding.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/eraser.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/escapable.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/multi_flattener.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/remove_bom.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/static_analyzer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/static_merger.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/string_splitter.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/filters/validator.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generator.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generators/array.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generators/array_buffer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generators/erb.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generators/rails_output_buffer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/generators/string_buffer.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/grammar.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/attribute_merger.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/attribute_remover.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/attribute_sorter.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/dispatcher.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/fast.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/filter.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/pretty.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/html/safe.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/map.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/mixins/dispatcher.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/mixins/engine_dsl.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/mixins/grammar_dsl.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/mixins/options.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/mixins/template.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/parser.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/static_analyzer.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/templates.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/templates/rails.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/templates/tilt.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/lib/temple/utils.rb +0 -0
- data/bundle/ruby/2.6.0/gems/temple-0.8.2/lib/temple/version.rb +3 -0
- data/bundle/ruby/2.6.0/gems/{temple-0.8.1 → temple-0.8.2}/temple.gemspec +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/COPYING +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt.rb +1 -1
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/asciidoc.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/babel.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/bluecloth.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/builder.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/coffee.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/commonmarker.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/creole.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/csv.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/dummy.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/erb.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/erubi.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/erubis.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/etanni.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/haml.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/kramdown.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/less.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/liquid.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/livescript.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/mapping.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/markaby.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/maruku.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/nokogiri.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/pandoc.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/plain.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/prawn.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/radius.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/rdiscount.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/rdoc.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/redcarpet.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/redcloth.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/rst-pandoc.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/sass.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/sigil.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/string.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/template.rb +7 -12
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/typescript.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/wikicloth.rb +0 -0
- data/bundle/ruby/2.6.0/gems/{tilt-2.0.9 → tilt-2.0.10}/lib/tilt/yajl.rb +0 -0
- data/lib/brakeman/checks/base_check.rb +23 -1
- data/lib/brakeman/checks/check_cookie_serialization.rb +1 -1
- data/lib/brakeman/checks/check_cross_site_scripting.rb +1 -1
- data/lib/brakeman/checks/check_execute.rb +26 -1
- data/lib/brakeman/differ.rb +16 -28
- data/lib/brakeman/parsers/haml_embedded.rb +1 -1
- data/lib/brakeman/parsers/template_parser.rb +3 -1
- data/lib/brakeman/processors/alias_processor.rb +10 -0
- data/lib/brakeman/processors/base_processor.rb +2 -0
- data/lib/brakeman/processors/haml_template_processor.rb +86 -122
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +1 -1
- data/lib/brakeman/processors/template_alias_processor.rb +28 -0
- data/lib/brakeman/tracker/config.rb +33 -92
- data/lib/brakeman/version.rb +1 -1
- metadata +215 -206
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/compiler.rb +0 -540
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/error.rb +0 -61
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/railtie.rb +0 -22
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/template/plugin.rb +0 -41
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/util.rb +0 -377
- data/bundle/ruby/2.6.0/gems/haml-4.0.7/lib/haml/version.rb +0 -3
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.rb +0 -6869
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby20_parser.y +0 -2431
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby21_parser.rb +0 -6944
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby22_parser.rb +0 -6968
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby23_parser.rb +0 -6987
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby24_parser.rb +0 -6994
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby25_parser.rb +0 -6994
- data/bundle/ruby/2.6.0/gems/ruby_parser-3.13.1/lib/ruby26_parser.rb +0 -7012
- data/bundle/ruby/2.6.0/gems/temple-0.8.1/lib/temple/version.rb +0 -3
- data/bundle/ruby/2.6.0/gems/tilt-2.0.9/CHANGELOG.md +0 -132
- data/bundle/ruby/2.6.0/gems/tilt-2.0.9/Gemfile +0 -70
- data/bundle/ruby/2.6.0/gems/tilt-2.0.9/HACKING +0 -16
- data/bundle/ruby/2.6.0/gems/tilt-2.0.9/README.md +0 -233
- data/bundle/ruby/2.6.0/gems/tilt-2.0.9/tilt.gemspec +0 -130
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Haml
|
4
|
+
# An exception raised by Haml code.
|
5
|
+
class Error < StandardError
|
6
|
+
|
7
|
+
MESSAGES = {
|
8
|
+
bad_script_indent: '"%s" is indented at wrong level: expected %d, but was at %d.',
|
9
|
+
cant_run_filter: 'Can\'t run "%s" filter; you must require its dependencies first',
|
10
|
+
cant_use_tabs_and_spaces: "Indentation can't use both tabs and spaces.",
|
11
|
+
deeper_indenting: "The line was indented %d levels deeper than the previous line.",
|
12
|
+
filter_not_defined: 'Filter "%s" is not defined.',
|
13
|
+
gem_install_filter_deps: '"%s" filter\'s %s dependency missing: try installing it or adding it to your Gemfile',
|
14
|
+
illegal_element: "Illegal element: classes and ids must have values.",
|
15
|
+
illegal_nesting_content: "Illegal nesting: nesting within a tag that already has content is illegal.",
|
16
|
+
illegal_nesting_header: "Illegal nesting: nesting within a header command is illegal.",
|
17
|
+
illegal_nesting_line: "Illegal nesting: content can't be both given on the same line as %%%s and nested within it.",
|
18
|
+
illegal_nesting_plain: "Illegal nesting: nesting within plain text is illegal.",
|
19
|
+
illegal_nesting_self_closing: "Illegal nesting: nesting within a self-closing tag is illegal.",
|
20
|
+
inconsistent_indentation: "Inconsistent indentation: %s used for indentation, but the rest of the document was indented using %s.",
|
21
|
+
indenting_at_start: "Indenting at the beginning of the document is illegal.",
|
22
|
+
install_haml_contrib: 'To use the "%s" filter, please install the haml-contrib gem.',
|
23
|
+
invalid_attribute_list: 'Invalid attribute list: %s.',
|
24
|
+
invalid_filter_name: 'Invalid filter name ":%s".',
|
25
|
+
invalid_tag: 'Invalid tag: "%s".',
|
26
|
+
missing_if: 'Got "%s" with no preceding "if"',
|
27
|
+
no_ruby_code: "There's no Ruby code for %s to evaluate.",
|
28
|
+
self_closing_content: "Self-closing tags can't have content.",
|
29
|
+
unbalanced_brackets: 'Unbalanced brackets.',
|
30
|
+
no_end: <<-END
|
31
|
+
You don't need to use "- end" in Haml. Un-indent to close a block:
|
32
|
+
- if foo?
|
33
|
+
%strong Foo!
|
34
|
+
- else
|
35
|
+
Not foo.
|
36
|
+
%p This line is un-indented, so it isn't part of the "if" block
|
37
|
+
END
|
38
|
+
}.freeze
|
39
|
+
|
40
|
+
def self.message(key, *args)
|
41
|
+
string = MESSAGES[key] or raise "[HAML BUG] No error messages for #{key}"
|
42
|
+
(args.empty? ? string : string % args).rstrip
|
43
|
+
end
|
44
|
+
|
45
|
+
# The line of the template on which the error occurred.
|
46
|
+
#
|
47
|
+
# @return [Fixnum]
|
48
|
+
attr_reader :line
|
49
|
+
|
50
|
+
# @param message [String] The error message
|
51
|
+
# @param line [Fixnum] See \{#line}
|
52
|
+
def initialize(message = nil, line = nil)
|
53
|
+
super(message)
|
54
|
+
@line = line
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
# SyntaxError is the type of exception raised when Haml encounters an
|
59
|
+
# ill-formatted document.
|
60
|
+
# It's not particularly interesting,
|
61
|
+
# except in that it's a subclass of {Haml::Error}.
|
62
|
+
class SyntaxError < Error; end
|
63
|
+
|
64
|
+
class InvalidAttributeNameError < SyntaxError; end
|
65
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Haml
|
4
|
+
# Like Temple::Filters::Escapable, but with support for escaping by
|
5
|
+
# Haml::Herlpers.html_escape and Haml::Herlpers.escape_once.
|
6
|
+
class Escapable < Temple::Filter
|
7
|
+
def initialize(*)
|
8
|
+
super
|
9
|
+
@escape_code = "::Haml::Helpers.html_escape((%s))"
|
10
|
+
@escaper = eval("proc {|v| #{@escape_code % 'v'} }")
|
11
|
+
@once_escape_code = "::Haml::Helpers.escape_once((%s))"
|
12
|
+
@once_escaper = eval("proc {|v| #{@once_escape_code % 'v'} }")
|
13
|
+
@escape = false
|
14
|
+
end
|
15
|
+
|
16
|
+
def on_escape(flag, exp)
|
17
|
+
old = @escape
|
18
|
+
@escape = flag
|
19
|
+
compile(exp)
|
20
|
+
ensure
|
21
|
+
@escape = old
|
22
|
+
end
|
23
|
+
|
24
|
+
# The same as Haml::AttributeBuilder.build_attributes
|
25
|
+
def on_static(value)
|
26
|
+
[:static,
|
27
|
+
if @escape == :once
|
28
|
+
@once_escaper[value]
|
29
|
+
elsif @escape
|
30
|
+
@escaper[value]
|
31
|
+
else
|
32
|
+
value
|
33
|
+
end
|
34
|
+
]
|
35
|
+
end
|
36
|
+
|
37
|
+
# The same as Haml::AttributeBuilder.build_attributes
|
38
|
+
def on_dynamic(value)
|
39
|
+
[:dynamic,
|
40
|
+
if @escape == :once
|
41
|
+
@once_escape_code % value
|
42
|
+
elsif @escape
|
43
|
+
@escape_code % value
|
44
|
+
else
|
45
|
+
"(#{value}).to_s"
|
46
|
+
end
|
47
|
+
]
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -1,5 +1,6 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'optparse'
|
2
|
-
require 'fileutils'
|
3
4
|
require 'rbconfig'
|
4
5
|
require 'pp'
|
5
6
|
|
@@ -120,7 +121,7 @@ module Haml
|
|
120
121
|
@options[:input], @options[:output] = input, output
|
121
122
|
end
|
122
123
|
|
123
|
-
COLORS = {
|
124
|
+
COLORS = {red: 31, green: 32, yellow: 33}.freeze
|
124
125
|
|
125
126
|
# Prints a status message about performing the given action,
|
126
127
|
# colored using the given color (via terminal escapes) if possible.
|
@@ -212,11 +213,6 @@ END
|
|
212
213
|
@options[:output] = StringIO.new
|
213
214
|
end
|
214
215
|
|
215
|
-
opts.on('-t', '--style NAME',
|
216
|
-
'Output style. Can be indented (default) or ugly.') do |name|
|
217
|
-
@options[:for_engine][:ugly] = true if name.to_sym == :ugly
|
218
|
-
end
|
219
|
-
|
220
216
|
opts.on('-f', '--format NAME',
|
221
217
|
'Output format. Can be html5 (default), xhtml, or html4.') do |name|
|
222
218
|
@options[:for_engine][:format] = name.to_sym
|
@@ -237,6 +233,11 @@ END
|
|
237
233
|
@options[:for_engine][:attr_wrapper] = '"'
|
238
234
|
end
|
239
235
|
|
236
|
+
opts.on('--remove-whitespace',
|
237
|
+
'Remove whitespace surrounding and within tags') do
|
238
|
+
@options[:for_engine][:remove_whitespace] = true
|
239
|
+
end
|
240
|
+
|
240
241
|
opts.on('--cdata',
|
241
242
|
'Always add CDATA sections to javascript and css blocks.') do
|
242
243
|
@options[:for_engine][:cdata] = true
|
@@ -260,15 +261,13 @@ END
|
|
260
261
|
@options[:load_paths] << path
|
261
262
|
end
|
262
263
|
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
Encoding.default_internal = internal if internal && !internal.empty?
|
268
|
-
end
|
264
|
+
opts.on('-E ex[:in]', 'Specify the default external and internal character encodings.') do |encoding|
|
265
|
+
external, internal = encoding.split(':')
|
266
|
+
Encoding.default_external = external if external && !external.empty?
|
267
|
+
Encoding.default_internal = internal if internal && !internal.empty?
|
269
268
|
end
|
270
269
|
|
271
|
-
opts.on('-d', '--debug', "Print out the precompiled Ruby source.") do
|
270
|
+
opts.on('-d', '--debug', "Print out the precompiled Ruby source, and show syntax errors in the Ruby code.") do
|
272
271
|
@options[:debug] = true
|
273
272
|
end
|
274
273
|
|
@@ -294,20 +293,33 @@ END
|
|
294
293
|
|
295
294
|
begin
|
296
295
|
|
297
|
-
|
298
|
-
|
299
|
-
|
296
|
+
if @options[:parse]
|
297
|
+
parser = ::Haml::Parser.new(::Haml::Options.new(@options))
|
298
|
+
pp parser.call(template)
|
300
299
|
return
|
301
300
|
end
|
302
301
|
|
303
|
-
|
304
|
-
|
302
|
+
engine = ::Haml::Engine.new(template, @options[:for_engine])
|
303
|
+
|
304
|
+
if @options[:check_syntax]
|
305
|
+
error = validate_ruby(engine.precompiled)
|
306
|
+
if error
|
307
|
+
puts error.message.split("\n").first
|
308
|
+
exit 1
|
309
|
+
end
|
310
|
+
puts "Syntax OK"
|
305
311
|
return
|
306
312
|
end
|
307
313
|
|
308
314
|
if @options[:debug]
|
309
315
|
puts engine.precompiled
|
310
|
-
|
316
|
+
error = validate_ruby(engine.precompiled)
|
317
|
+
if error
|
318
|
+
puts '=' * 100
|
319
|
+
puts error.message.split("\n")[0]
|
320
|
+
exit 1
|
321
|
+
end
|
322
|
+
return
|
311
323
|
end
|
312
324
|
|
313
325
|
result = engine.to_html
|
@@ -324,6 +336,12 @@ END
|
|
324
336
|
output.write(result)
|
325
337
|
output.close() if output.is_a? File
|
326
338
|
end
|
339
|
+
|
340
|
+
def validate_ruby(code)
|
341
|
+
eval("BEGIN {return nil}; #{code}", binding, @options[:filename] || "")
|
342
|
+
rescue ::SyntaxError # Not to be confused with Haml::SyntaxError
|
343
|
+
$!
|
344
|
+
end
|
327
345
|
end
|
328
346
|
end
|
329
347
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "tilt"
|
2
4
|
|
3
5
|
module Haml
|
@@ -59,7 +61,7 @@ module Haml
|
|
59
61
|
end
|
60
62
|
|
61
63
|
# Removes a filter from Haml. If the filter was removed, it returns
|
62
|
-
# the that was
|
64
|
+
# the Module that was removed upon success, or nil on failure. If you try
|
63
65
|
# to redefine a filter, Haml will raise an error. Use this method first to
|
64
66
|
# explicitly remove the filter before redefining it.
|
65
67
|
# @return Module The filter module that has been removed
|
@@ -118,7 +120,7 @@ module Haml
|
|
118
120
|
# @param text [String] The source text for the filter to process
|
119
121
|
# @return [String] The filtered result
|
120
122
|
# @raise [Haml::Error] if it's not overridden
|
121
|
-
def render(
|
123
|
+
def render(_text)
|
122
124
|
raise Error.new("#{self.inspect}#render not defined!")
|
123
125
|
end
|
124
126
|
|
@@ -129,7 +131,7 @@ module Haml
|
|
129
131
|
# @param text [String] The source text for the filter to process
|
130
132
|
# @return [String] The filtered result
|
131
133
|
# @raise [Haml::Error] if it or \{#render} isn't overridden
|
132
|
-
def render_with_options(text,
|
134
|
+
def render_with_options(text, _options)
|
133
135
|
render(text)
|
134
136
|
end
|
135
137
|
|
@@ -163,10 +165,14 @@ module Haml
|
|
163
165
|
if contains_interpolation?(text)
|
164
166
|
return if options[:suppress_eval]
|
165
167
|
|
166
|
-
|
168
|
+
escape = options[:escape_filter_interpolations]
|
169
|
+
# `escape_filter_interpolations` defaults to `escape_html` if unset.
|
170
|
+
escape = options[:escape_html] if escape.nil?
|
171
|
+
|
172
|
+
text = unescape_interpolation(text, escape).gsub(/(\\+)n/) do |s|
|
167
173
|
escapes = $1.size
|
168
174
|
next s if escapes % 2 == 0
|
169
|
-
|
175
|
+
"#{'\\' * (escapes - 1)}\n"
|
170
176
|
end
|
171
177
|
# We need to add a newline at the beginning to get the
|
172
178
|
# filter lines to line up (since the Haml filter contains
|
@@ -174,20 +180,15 @@ module Haml
|
|
174
180
|
# filter name). Then we need to escape the trailing
|
175
181
|
# newline so that the whole filter block doesn't take up
|
176
182
|
# too many.
|
177
|
-
text =
|
183
|
+
text = %[\n#{text.sub(/\n"\Z/, "\\n\"")}]
|
178
184
|
push_script <<RUBY.rstrip, :escape_html => false
|
179
185
|
find_and_preserve(#{filter.inspect}.render_with_options(#{text}, _hamlout.options))
|
180
186
|
RUBY
|
181
187
|
return
|
182
188
|
end
|
183
189
|
|
184
|
-
rendered = Haml::Helpers::find_and_preserve(filter.render_with_options(text, compiler.options), compiler.options[:preserve])
|
185
|
-
|
186
|
-
if options[:ugly]
|
187
|
-
push_text(rendered.rstrip)
|
188
|
-
else
|
189
|
-
push_text(rendered.rstrip.gsub("\n", "\n#{' ' * @output_tabs}"))
|
190
|
-
end
|
190
|
+
rendered = Haml::Helpers::find_and_preserve(filter.render_with_options(text.to_s, compiler.options), compiler.options[:preserve])
|
191
|
+
push_text("#{rendered.rstrip}\n")
|
191
192
|
end
|
192
193
|
end
|
193
194
|
end
|
@@ -216,13 +217,10 @@ RUBY
|
|
216
217
|
type = " type=#{options[:attr_wrapper]}text/javascript#{options[:attr_wrapper]}"
|
217
218
|
end
|
218
219
|
|
219
|
-
|
220
|
-
|
221
|
-
str << "#{indent}#{text.rstrip.gsub("\n", "\n#{indent}")}\n"
|
222
|
-
str << " //]]>\n" if options[:cdata]
|
223
|
-
str << "</script>"
|
220
|
+
text = text.rstrip
|
221
|
+
text.gsub!("\n", "\n#{indent}")
|
224
222
|
|
225
|
-
|
223
|
+
%!<script#{type}>\n#{" //<![CDATA[\n" if options[:cdata]}#{indent}#{text}\n#{" //]]>\n" if options[:cdata]}</script>!
|
226
224
|
end
|
227
225
|
end
|
228
226
|
|
@@ -240,13 +238,10 @@ RUBY
|
|
240
238
|
type = " type=#{options[:attr_wrapper]}text/css#{options[:attr_wrapper]}"
|
241
239
|
end
|
242
240
|
|
243
|
-
|
244
|
-
|
245
|
-
str << "#{indent}#{text.rstrip.gsub("\n", "\n#{indent}")}\n"
|
246
|
-
str << " /*]]>*/\n" if options[:cdata]
|
247
|
-
str << "</style>"
|
241
|
+
text = text.rstrip
|
242
|
+
text.gsub!("\n", "\n#{indent}")
|
248
243
|
|
249
|
-
|
244
|
+
%(<style#{type}>\n#{" /*<![CDATA[*/\n" if options[:cdata]}#{indent}#{text}\n#{" /*]]>*/\n" if options[:cdata]}</style>)
|
250
245
|
end
|
251
246
|
end
|
252
247
|
|
@@ -256,7 +251,7 @@ RUBY
|
|
256
251
|
|
257
252
|
# @see Base#render
|
258
253
|
def render(text)
|
259
|
-
"<![CDATA[#{
|
254
|
+
"<![CDATA[#{"\n#{text.rstrip}".gsub("\n", "\n ")}\n]]>"
|
260
255
|
end
|
261
256
|
end
|
262
257
|
|
@@ -288,7 +283,7 @@ RUBY
|
|
288
283
|
def compile(compiler, text)
|
289
284
|
return if compiler.options[:suppress_eval]
|
290
285
|
compiler.instance_eval do
|
291
|
-
push_silent <<-FIRST.
|
286
|
+
push_silent "#{<<-FIRST.tr("\n", ';')}#{text}#{<<-LAST.tr("\n", ';')}"
|
292
287
|
begin
|
293
288
|
haml_io = StringIO.new(_hamlout.buffer, 'a')
|
294
289
|
FIRST
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Haml
|
4
|
+
# Ruby code generator, which is a limited version of Temple::Generator.
|
5
|
+
# Limit methods since Haml doesn't need most of them.
|
6
|
+
class Generator
|
7
|
+
include Temple::Mixins::CompiledDispatcher
|
8
|
+
include Temple::Mixins::Options
|
9
|
+
|
10
|
+
define_options freeze_static: RUBY_VERSION >= '2.1'
|
11
|
+
|
12
|
+
def call(exp)
|
13
|
+
compile(exp)
|
14
|
+
end
|
15
|
+
|
16
|
+
def on_multi(*exp)
|
17
|
+
exp.map { |e| compile(e) }.join('; ')
|
18
|
+
end
|
19
|
+
|
20
|
+
def on_static(text)
|
21
|
+
concat(options[:freeze_static] ? "#{Util.inspect_obj(text)}.freeze" : Util.inspect_obj(text))
|
22
|
+
end
|
23
|
+
|
24
|
+
def on_dynamic(code)
|
25
|
+
concat(code)
|
26
|
+
end
|
27
|
+
|
28
|
+
def on_code(exp)
|
29
|
+
exp
|
30
|
+
end
|
31
|
+
|
32
|
+
def on_newline
|
33
|
+
"\n"
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
def concat(str)
|
39
|
+
"_hamlout.buffer << (#{str});"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -1,3 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'erb'
|
4
|
+
|
1
5
|
module Haml
|
2
6
|
# This module contains various helpful methods to make it easier to do various tasks.
|
3
7
|
# {Haml::Helpers} is automatically included in the context
|
@@ -106,7 +110,8 @@ MESSAGE
|
|
106
110
|
# @yield The block within which to escape newlines
|
107
111
|
def find_and_preserve(input = nil, tags = haml_buffer.options[:preserve], &block)
|
108
112
|
return find_and_preserve(capture_haml(&block), input || tags) if block
|
109
|
-
|
113
|
+
tags = tags.map { |tag| Regexp.escape(tag) }.join('|')
|
114
|
+
re = /<(#{tags})([^>]*)>(.*?)(<\/\1>)/im
|
110
115
|
input.to_s.gsub(re) do |s|
|
111
116
|
s =~ re # Can't rely on $1, etc. existing since Rails' SafeBuffer#gsub is incompatible
|
112
117
|
"<#{$1}#{$2}>#{preserve($3)}</#{$1}>"
|
@@ -117,17 +122,20 @@ MESSAGE
|
|
117
122
|
# HTML entities so they'll render correctly in
|
118
123
|
# whitespace-sensitive tags without screwing up the indentation.
|
119
124
|
#
|
120
|
-
# @overload
|
125
|
+
# @overload preserve(input)
|
121
126
|
# Escapes newlines within a string.
|
122
127
|
#
|
123
128
|
# @param input [String] The string within which to escape all newlines
|
124
|
-
# @overload
|
129
|
+
# @overload preserve
|
125
130
|
# Escapes newlines within a block of Haml code.
|
126
131
|
#
|
127
132
|
# @yield The block within which to escape newlines
|
128
133
|
def preserve(input = nil, &block)
|
129
134
|
return preserve(capture_haml(&block)) if block
|
130
|
-
input.to_s.chomp("\n")
|
135
|
+
s = input.to_s.chomp("\n")
|
136
|
+
s.gsub!(/\n/, '
')
|
137
|
+
s.delete!("\r")
|
138
|
+
s
|
131
139
|
end
|
132
140
|
alias_method :flatten, :preserve
|
133
141
|
|
@@ -190,20 +198,19 @@ MESSAGE
|
|
190
198
|
# @yield [item] A block which contains Haml code that goes within list items
|
191
199
|
# @yieldparam item An element of `enum`
|
192
200
|
def list_of(enum, opts={}, &block)
|
193
|
-
opts_attributes = opts.
|
194
|
-
|
201
|
+
opts_attributes = opts.map { |k, v| " #{k}='#{v}'" }.join
|
202
|
+
enum.map do |i|
|
195
203
|
result = capture_haml(i, &block)
|
196
204
|
|
197
205
|
if result.count("\n") > 1
|
198
|
-
result
|
206
|
+
result.gsub!("\n", "\n ")
|
199
207
|
result = "\n #{result.strip}\n"
|
200
208
|
else
|
201
|
-
result
|
209
|
+
result.strip!
|
202
210
|
end
|
203
211
|
|
204
212
|
%Q!<li#{opts_attributes}>#{result}</li>!
|
205
|
-
end
|
206
|
-
to_return.join("\n")
|
213
|
+
end.join("\n")
|
207
214
|
end
|
208
215
|
|
209
216
|
# Returns a hash containing default assignments for the `xmlns`, `lang`, and `xml:lang`
|
@@ -219,7 +226,11 @@ MESSAGE
|
|
219
226
|
# @param lang [String] The value of `xml:lang` and `lang`
|
220
227
|
# @return [{#to_s => String}] The attribute hash
|
221
228
|
def html_attrs(lang = 'en-US')
|
222
|
-
|
229
|
+
if haml_buffer.options[:format] == :xhtml
|
230
|
+
{:xmlns => "http://www.w3.org/1999/xhtml", 'xml:lang' => lang, :lang => lang}
|
231
|
+
else
|
232
|
+
{:lang => lang}
|
233
|
+
end
|
223
234
|
end
|
224
235
|
|
225
236
|
# Increments the number of tabs the buffer automatically adds
|
@@ -370,12 +381,10 @@ MESSAGE
|
|
370
381
|
captured = haml_buffer.buffer.slice!(position..-1)
|
371
382
|
|
372
383
|
if captured == '' and value != haml_buffer.buffer
|
373
|
-
|
384
|
+
captured = (value.is_a?(String) ? value : nil)
|
374
385
|
end
|
375
386
|
|
376
|
-
|
377
|
-
return (haml_buffer.options[:ugly] ? captured : prettify(captured))
|
378
|
-
|
387
|
+
captured
|
379
388
|
end
|
380
389
|
ensure
|
381
390
|
haml_buffer.capture_position = nil
|
@@ -385,14 +394,34 @@ MESSAGE
|
|
385
394
|
#
|
386
395
|
# @param text [#to_s] The text to output
|
387
396
|
def haml_concat(text = "")
|
388
|
-
|
389
|
-
|
390
|
-
|
397
|
+
haml_internal_concat text
|
398
|
+
ErrorReturn.new("haml_concat")
|
399
|
+
end
|
400
|
+
|
401
|
+
# Internal method to write directly to the buffer with control of
|
402
|
+
# whether the first line should be indented, and if there should be a
|
403
|
+
# final newline.
|
404
|
+
#
|
405
|
+
# Lines added will have the proper indentation. This can be controlled
|
406
|
+
# for the first line.
|
407
|
+
#
|
408
|
+
# Used by #haml_concat and #haml_tag.
|
409
|
+
#
|
410
|
+
# @param text [#to_s] The text to output
|
411
|
+
# @param newline [Boolean] Whether to add a newline after the text
|
412
|
+
# @param indent [Boolean] Whether to add indentation to the first line
|
413
|
+
def haml_internal_concat(text = "", newline = true, indent = true)
|
414
|
+
if haml_buffer.tabulation == 0
|
415
|
+
haml_buffer.buffer << "#{text}#{"\n" if newline}"
|
391
416
|
else
|
392
|
-
haml_buffer.buffer << text.to_s
|
417
|
+
haml_buffer.buffer << %[#{haml_indent if indent}#{text.to_s.gsub("\n", "\n#{haml_indent}")}#{"\n" if newline}]
|
393
418
|
end
|
394
|
-
ErrorReturn.new("haml_concat")
|
395
419
|
end
|
420
|
+
private :haml_internal_concat
|
421
|
+
|
422
|
+
# Allows writing raw content. `haml_internal_concat_raw` isn't
|
423
|
+
# effected by XSS mods. Used by #haml_tag to write the actual tags.
|
424
|
+
alias :haml_internal_concat_raw :haml_internal_concat
|
396
425
|
|
397
426
|
# @return [String] The indentation string for the current line
|
398
427
|
def haml_indent
|
@@ -466,14 +495,14 @@ MESSAGE
|
|
466
495
|
attrs.keys.each {|key| attrs[key.to_s] = attrs.delete(key)} unless attrs.empty?
|
467
496
|
name, attrs = merge_name_and_attributes(name.to_s, attrs)
|
468
497
|
|
469
|
-
attributes = Haml::
|
498
|
+
attributes = Haml::AttributeBuilder.build_attributes(haml_buffer.html?,
|
470
499
|
haml_buffer.options[:attr_wrapper],
|
471
500
|
haml_buffer.options[:escape_attrs],
|
472
501
|
haml_buffer.options[:hyphenate_data_attrs],
|
473
502
|
attrs)
|
474
503
|
|
475
504
|
if text.nil? && block.nil? && (haml_buffer.options[:autoclose].include?(name) || flags.include?(:/))
|
476
|
-
|
505
|
+
haml_internal_concat_raw "<#{name}#{attributes}#{' /' if haml_buffer.options[:format] == :xhtml}>"
|
477
506
|
return ret
|
478
507
|
end
|
479
508
|
|
@@ -483,17 +512,19 @@ MESSAGE
|
|
483
512
|
end
|
484
513
|
|
485
514
|
tag = "<#{name}#{attributes}>"
|
515
|
+
end_tag = "</#{name}>"
|
486
516
|
if block.nil?
|
487
517
|
text = text.to_s
|
488
518
|
if text.include?("\n")
|
489
|
-
|
519
|
+
haml_internal_concat_raw tag
|
490
520
|
tab_up
|
491
|
-
|
521
|
+
haml_internal_concat text
|
492
522
|
tab_down
|
493
|
-
|
523
|
+
haml_internal_concat_raw end_tag
|
494
524
|
else
|
495
|
-
tag
|
496
|
-
|
525
|
+
haml_internal_concat_raw tag, false
|
526
|
+
haml_internal_concat text, false, false
|
527
|
+
haml_internal_concat_raw end_tag, true, false
|
497
528
|
end
|
498
529
|
return ret
|
499
530
|
end
|
@@ -503,67 +534,92 @@ MESSAGE
|
|
503
534
|
end
|
504
535
|
|
505
536
|
if flags.include?(:<)
|
506
|
-
tag
|
507
|
-
|
537
|
+
haml_internal_concat_raw tag, false
|
538
|
+
haml_internal_concat "#{capture_haml(&block).strip}", false, false
|
539
|
+
haml_internal_concat_raw end_tag, true, false
|
508
540
|
return ret
|
509
541
|
end
|
510
542
|
|
511
|
-
|
543
|
+
haml_internal_concat_raw tag
|
512
544
|
tab_up
|
513
545
|
block.call
|
514
546
|
tab_down
|
515
|
-
|
547
|
+
haml_internal_concat_raw end_tag
|
516
548
|
|
517
549
|
ret
|
518
550
|
end
|
519
551
|
|
520
|
-
#
|
521
|
-
|
552
|
+
# Conditionally wrap a block in an element. If `condition` is `true` then
|
553
|
+
# this method renders the tag described by the arguments in `tag` (using
|
554
|
+
# \{#haml_tag}) with the given block inside, otherwise it just renders the block.
|
555
|
+
#
|
556
|
+
# For example,
|
557
|
+
#
|
558
|
+
# - haml_tag_if important, '.important' do
|
559
|
+
# %p
|
560
|
+
# A (possibly) important paragraph.
|
561
|
+
#
|
562
|
+
# will produce
|
563
|
+
#
|
564
|
+
# <div class='important'>
|
565
|
+
# <p>
|
566
|
+
# A (possibly) important paragraph.
|
567
|
+
# </p>
|
568
|
+
# </div>
|
569
|
+
#
|
570
|
+
# if `important` is truthy, and just
|
571
|
+
#
|
572
|
+
# <p>
|
573
|
+
# A (possibly) important paragraph.
|
574
|
+
# </p>
|
575
|
+
#
|
576
|
+
# otherwise.
|
577
|
+
#
|
578
|
+
# Like \{#haml_tag}, `haml_tag_if` outputs directly to the buffer and its
|
579
|
+
# return value should not be used. Use \{#capture_haml} if you need to use
|
580
|
+
# its results as a string.
|
581
|
+
#
|
582
|
+
# @param condition The condition to test to determine whether to render
|
583
|
+
# the enclosing tag
|
584
|
+
# @param tag Definition of the enclosing tag. See \{#haml_tag} for details
|
585
|
+
# (specifically the form that takes a block)
|
586
|
+
def haml_tag_if(condition, *tag)
|
587
|
+
if condition
|
588
|
+
haml_tag(*tag){ yield }
|
589
|
+
else
|
590
|
+
yield
|
591
|
+
end
|
592
|
+
ErrorReturn.new("haml_tag_if")
|
593
|
+
end
|
522
594
|
|
523
|
-
|
595
|
+
# Characters that need to be escaped to HTML entities from user input
|
596
|
+
HTML_ESCAPE = {'&' => '&', '<' => '<', '>' => '>', '"' => '"', "'" => '''}.freeze
|
524
597
|
|
525
|
-
|
526
|
-
# Include docs here so they are picked up by Yard
|
598
|
+
HTML_ESCAPE_REGEX = /['"><&]/
|
527
599
|
|
528
|
-
|
529
|
-
|
530
|
-
|
531
|
-
|
532
|
-
|
533
|
-
|
534
|
-
|
535
|
-
|
536
|
-
|
537
|
-
|
538
|
-
|
539
|
-
text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
|
540
|
-
end
|
541
|
-
else
|
542
|
-
def html_escape(text)
|
543
|
-
text = text.to_s
|
544
|
-
text.gsub(HTML_ESCAPE_REGEX) {|s| HTML_ESCAPE[s]}
|
545
|
-
end
|
600
|
+
# Returns a copy of `text` with ampersands, angle brackets and quotes
|
601
|
+
# escaped into HTML entities.
|
602
|
+
#
|
603
|
+
# Note that if ActionView is loaded and XSS protection is enabled
|
604
|
+
# (as is the default for Rails 3.0+, and optional for version 2.3.5+),
|
605
|
+
# this won't escape text declared as "safe".
|
606
|
+
#
|
607
|
+
# @param text [String] The string to sanitize
|
608
|
+
# @return [String] The sanitized string
|
609
|
+
def html_escape(text)
|
610
|
+
ERB::Util.html_escape(text)
|
546
611
|
end
|
547
612
|
|
548
|
-
HTML_ESCAPE_ONCE_REGEX = /[
|
549
|
-
|
550
|
-
if RUBY_VERSION >= '1.9'
|
551
|
-
# Include docs here so they are picked up by Yard
|
613
|
+
HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
|
552
614
|
|
553
|
-
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
end
|
562
|
-
else
|
563
|
-
def escape_once(text)
|
564
|
-
text = text.to_s
|
565
|
-
text.gsub(HTML_ESCAPE_ONCE_REGEX){|s| HTML_ESCAPE[s]}
|
566
|
-
end
|
615
|
+
# Escapes HTML entities in `text`, but without escaping an ampersand
|
616
|
+
# that is already part of an escaped entity.
|
617
|
+
#
|
618
|
+
# @param text [String] The string to sanitize
|
619
|
+
# @return [String] The sanitized string
|
620
|
+
def escape_once(text)
|
621
|
+
text = text.to_s
|
622
|
+
text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
|
567
623
|
end
|
568
624
|
|
569
625
|
# Returns whether or not the current template is a Haml template.
|
@@ -593,7 +649,7 @@ MESSAGE
|
|
593
649
|
# skip merging if no ids or classes found in name
|
594
650
|
return name, attributes_hash unless name =~ /^(.+?)?([\.#].*)$/
|
595
651
|
|
596
|
-
return $1 || "div",
|
652
|
+
return $1 || "div", AttributeBuilder.merge_attributes!(
|
597
653
|
Haml::Parser.parse_class_and_id($2), attributes_hash)
|
598
654
|
end
|
599
655
|
|
@@ -630,22 +686,6 @@ MESSAGE
|
|
630
686
|
_erbout = _erbout = _hamlout.buffer
|
631
687
|
proc { |*args| proc.call(*args) }
|
632
688
|
end
|
633
|
-
|
634
|
-
def prettify(text)
|
635
|
-
text = text.split(/^/)
|
636
|
-
text.delete('')
|
637
|
-
|
638
|
-
min_tabs = nil
|
639
|
-
text.each do |line|
|
640
|
-
tabs = line.index(/[^ ]/) || line.length
|
641
|
-
min_tabs ||= tabs
|
642
|
-
min_tabs = min_tabs > tabs ? tabs : min_tabs
|
643
|
-
end
|
644
|
-
|
645
|
-
text.map do |line|
|
646
|
-
line.slice(min_tabs, line.length)
|
647
|
-
end.join
|
648
|
-
end
|
649
689
|
end
|
650
690
|
end
|
651
691
|
|
@@ -661,4 +701,3 @@ class Object
|
|
661
701
|
false
|
662
702
|
end
|
663
703
|
end
|
664
|
-
|