brakeman 4.6.1 → 4.7.0

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_extensions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Haml
   module Helpers
     @@action_view_defined = true
@@ -32,7 +34,7 @@ module Haml
       #
       # @return [String] The class name for the current page
       def page_class
-        controller.controller_name + " " + controller.action_name
+        "#{controller.controller_name} #{controller.action_name}"
       end
       alias_method :generate_content_class_names, :page_class
 
@@ -45,7 +47,7 @@ module Haml
       # @yield A block in which all input to `#haml_concat` is treated as raw.
       # @see Haml::Util#rails_xss_safe?
       def with_raw_haml_concat
-        old = instance_variable_defined?('@_haml_concat_raw') ? @_haml_concat_raw : false
+        old = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
         @_haml_concat_raw = true
         yield
       ensure

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_mods.rb

@@ -1,40 +1,41 @@
-module ActionView
-  class Base
-    def render_with_haml(*args, &block)
-      options = args.first
-
-      # If render :layout is used with a block, it concats rather than returning
-      # a string so we need it to keep thinking it's Haml until it hits the
-      # sub-render.
-      if is_haml? && !(options.is_a?(Hash) && options[:layout] && block_given?)
-        return non_haml { render_without_haml(*args, &block) }
+# frozen_string_literal: true
+
+module Haml
+  module Helpers
+    module ActionViewMods
+      def render(*args, &block)
+        options = args.first
+
+        # If render :layout is used with a block, it concats rather than returning
+        # a string so we need it to keep thinking it's Haml until it hits the
+        # sub-render.
+        if is_haml? && !(options.is_a?(Hash) && options[:layout] && block_given?)
+          return non_haml { super }
+        end
+        super
       end
-      render_without_haml(*args, &block)
-    end
-    alias_method :render_without_haml, :render
-    alias_method :render, :render_with_haml
 
-    def output_buffer_with_haml
-      return haml_buffer.buffer if is_haml?
-      output_buffer_without_haml
-    end
-    alias_method :output_buffer_without_haml, :output_buffer
-    alias_method :output_buffer, :output_buffer_with_haml
+      def output_buffer
+        return haml_buffer.buffer if is_haml?
+        super
+      end
 
-    def set_output_buffer_with_haml(new_buffer)
-      if is_haml?
-        if Haml::Util.rails_xss_safe? && new_buffer.is_a?(ActiveSupport::SafeBuffer)
-          new_buffer = String.new(new_buffer)
+      def output_buffer=(new_buffer)
+        if is_haml?
+          if Haml::Util.rails_xss_safe? && new_buffer.is_a?(ActiveSupport::SafeBuffer)
+            new_buffer = String.new(new_buffer)
+          end
+          haml_buffer.buffer = new_buffer
+        else
+          super
         end
-        haml_buffer.buffer = new_buffer
-      else
-        set_output_buffer_without_haml new_buffer
       end
     end
-    alias_method :set_output_buffer_without_haml, :output_buffer=
-    alias_method :output_buffer=, :set_output_buffer_with_haml
+    ActionView::Base.send(:prepend, ActionViewMods)
   end
+end
 
+module ActionView
   module Helpers
     module CaptureHelper
       def capture_with_haml(*args, &block)
@@ -42,12 +43,7 @@ module ActionView
           #double assignment is to avoid warnings
           _hamlout = _hamlout = eval('_hamlout', block.binding) # Necessary since capture_haml checks _hamlout
 
-          str = capture_haml(*args, &block)
-
-          # NonCattingString is present in Rails less than 3.1.0. When support
-          # for 3.0 is dropped, this can be removed.
-          return ActionView::NonConcattingString.new(str) if str && defined?(ActionView::NonConcattingString)
-          return str
+          capture_haml(*args, &block)
         else
           capture_without_haml(*args, &block)
         end
@@ -57,17 +53,23 @@ module ActionView
     end
 
     module TagHelper
+      DEFAULT_PRESERVE_OPTIONS = %w(textarea pre code).freeze
+
       def content_tag_with_haml(name, *args, &block)
         return content_tag_without_haml(name, *args, &block) unless is_haml?
 
-        preserve = haml_buffer.options[:preserve].include?(name.to_s)
+        preserve = haml_buffer.options.fetch(:preserve, DEFAULT_PRESERVE_OPTIONS).include?(name.to_s)
 
         if block_given? && block_is_haml?(block) && preserve
-          return content_tag_without_haml(name, *args) {preserve(&block)}
+          return content_tag_without_haml(name, *args) do
+            haml_buffer.fix_textareas!(Haml::Helpers.preserve(&block)).html_safe
+          end
         end
 
         content = content_tag_without_haml(name, *args, &block)
-        content = Haml::Helpers.preserve(content) if preserve && content
+        if preserve && content
+          content = haml_buffer.fix_textareas!(Haml::Helpers.preserve(content)).html_safe
+        end
         content
       end
 
@@ -87,11 +89,9 @@ module ActionView
       end
     end
 
-    if ActionPack::VERSION::MAJOR == 4
-      module Tags
-        class TextArea
-          include HamlSupport
-        end
+    module Tags
+      class TextArea
+        include HamlSupport
       end
     end
 
@@ -118,7 +118,7 @@ module ActionView
               with_tabs(1) {oldproc.call(*args)}
             end
           end
-          res = form_tag_without_haml(url_for_options, options, *parameters_for_url, &proc) + "\n"
+          res = form_tag_without_haml(url_for_options, options, *parameters_for_url, &proc) << "\n"
           res << "\n" if wrap_block
           res
         else
@@ -128,20 +128,5 @@ module ActionView
       alias_method :form_tag_without_haml, :form_tag
       alias_method :form_tag, :form_tag_with_haml
     end
-
-    module FormHelper
-      def form_for_with_haml(object_name, *args, &proc)
-        wrap_block = block_given? && is_haml? && block_is_haml?(proc)
-        if wrap_block
-          oldproc = proc
-          proc = proc {|*subargs| with_tabs(1) {oldproc.call(*subargs)}}
-        end
-        res = form_for_without_haml(object_name, *args, &proc)
-        res << "\n" if wrap_block
-        res
-      end
-      alias_method :form_for_without_haml, :form_for
-      alias_method :form_for, :form_for_with_haml
-    end
   end
-end
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/action_view_xss_mods.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionView
   module Helpers
     module CaptureHelper

data/bundle/ruby/2.6.0/gems/haml-5.1.2/lib/haml/helpers/safe_erubi_template.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'action_view'
+
+module Haml
+  class ErubiTemplateHandler < ActionView::Template::Handlers::ERB::Erubi
+
+    def initialize(*args, &blk)
+      @newline_pending = 0
+      super
+    end
+  end
+
+  class SafeErubiTemplate < Tilt::ErubiTemplate
+    def prepare
+      @options.merge! engine_class: Haml::ErubiTemplateHandler
+      super
+    end
+  end
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/safe_erubis_template.rb

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'action_view'
+
 module Haml
 
   class ErubisTemplateHandler < ActionView::Template::Handlers::Erubis
@@ -26,4 +30,4 @@ module Haml
       [super, '@output_buffer.to_s'].join("\n")
     end
   end
-end
+end

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/helpers/xss_mods.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Haml
   module Helpers
     # This module overrides Haml helpers to work properly
@@ -7,8 +9,8 @@ module Haml
     module XssMods
       def self.included(base)
         %w[html_escape find_and_preserve preserve list_of surround
-           precede succeed capture_haml haml_concat haml_indent
-           haml_tag escape_once].each do |name|
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
+           escape_once].each do |name|
           base.send(:alias_method, "#{name}_without_haml_xss", name)
           base.send(:alias_method, name, "#{name}_with_haml_xss")
         end
@@ -61,24 +63,29 @@ module Haml
         Haml::Util.html_safe(capture_haml_without_haml_xss(*args, &block))
       end
 
-      # Input is escaped
+      # Input will be escaped unless this is in a `with_raw_haml_concat`
+      # block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.
       def haml_concat_with_haml_xss(text = "")
-        raw = instance_variable_defined?('@_haml_concat_raw') ? @_haml_concat_raw : false
-        haml_concat_without_haml_xss(raw ? text : haml_xss_html_escape(text))
+        raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
+        if raw
+          haml_internal_concat_raw text
+        else
+          haml_internal_concat text
+        end
+        ErrorReturn.new("haml_concat")
+      end
+
+      # Input is escaped
+      def haml_internal_concat_with_haml_xss(text="", newline=true, indent=true)
+        haml_internal_concat_without_haml_xss(haml_xss_html_escape(text), newline, indent)
       end
+      private :haml_internal_concat_with_haml_xss
 
       # Output is always HTML safe
       def haml_indent_with_haml_xss
         Haml::Util.html_safe(haml_indent_without_haml_xss)
       end
 
-      # Input is escaped, haml_concat'ed output is always HTML safe
-      def haml_tag_with_haml_xss(name, *rest, &block)
-        name = haml_xss_html_escape(name.to_s)
-        rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
-        with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
-      end
-
       # Output is always HTML safe
       def escape_once_with_haml_xss(*args)
         Haml::Util.html_safe(escape_once_without_haml_xss(*args))

data/bundle/ruby/2.6.0/gems/{haml-4.0.7 → haml-5.1.2}/lib/haml/options.rb

@@ -1,53 +1,45 @@
+# frozen_string_literal: true
+
 module Haml
   # This class encapsulates all of the configuration options that Haml
   # understands. Please see the {file:REFERENCE.md#options Haml Reference} to
   # learn how to set the options.
   class Options
-
-    @defaults = {
-      :attr_wrapper         => "'",
-      :autoclose            => %w(area base basefont br col command embed frame
-                                  hr img input isindex keygen link menuitem meta
-                                  param source track wbr),
-      :encoding             => "UTF-8",
-      :escape_attrs         => true,
-      :escape_html          => false,
-      :filename             => '(haml)',
-      :format               => :html5,
-      :hyphenate_data_attrs => true,
-      :line                 => 1,
-      :mime_type            => 'text/html',
-      :preserve             => %w(textarea pre code),
-      :remove_whitespace    => false,
-      :suppress_eval        => false,
-      :ugly                 => false,
-      :cdata                => false,
-      :parser_class         => ::Haml::Parser,
-      :compiler_class       => ::Haml::Compiler
-    }
-
     @valid_formats = [:html4, :html5, :xhtml]
+    @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :format,
+      :encoding, :escape_html, :escape_filter_interpolations, :escape_attrs, :hyphenate_data_attrs, :cdata]
+
+    class << self
+      # The default option values.
+      # @return Hash
+      def defaults
+        @defaults ||= Haml::TempleEngine.options.to_hash.merge(encoding: 'UTF-8')
+      end
 
-    @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :ugly, :format,
-      :encoding, :escape_html, :escape_attrs, :hyphenate_data_attrs, :cdata]
+      # An array of valid values for the `:format` option.
+      # @return Array
+      attr_reader :valid_formats
 
-    # The default option values.
-    # @return Hash
-    def self.defaults
-      @defaults
-    end
+      # An array of keys that will be used to provide a hash of options to
+      # {Haml::Buffer}.
+      # @return Hash
+      attr_reader :buffer_option_keys
 
-    # An array of valid values for the `:format` option.
-    # @return Array
-    def self.valid_formats
-      @valid_formats
-    end
+      # Returns a subset of defaults: those that {Haml::Buffer} cares about.
+      # @return [{Symbol => Object}] The options hash
+      def buffer_defaults
+        @buffer_defaults ||= buffer_option_keys.inject({}) do |hash, key|
+          hash.merge(key => defaults[key])
+        end
+      end
 
-    # An array of keys that will be used to provide a hash of options to
-    # {Haml::Buffer}.
-    # @return Hash
-    def self.buffer_option_keys
-      @buffer_option_keys
+      def wrap(options)
+        if options.is_a?(Options)
+          options
+        else
+          Options.new(options)
+        end
+      end
     end
 
     # The character that should wrap element attributes. This defaults to `'`
@@ -63,7 +55,6 @@ module Haml
     attr_accessor :autoclose
 
     # The encoding to use for the HTML output.
-    # Only available on Ruby 1.9 or higher.
     # This can be a string or an `Encoding` Object. Note that Haml **does not**
     # automatically re-encode Ruby values; any strings coming from outside the
     # application should be converted before being passed into the Haml
@@ -91,6 +82,13 @@ module Haml
     # Defaults to false.
     attr_accessor :escape_html
 
+    # Sets whether or not to escape HTML-sensitive characters in interpolated strings.
+    # See also {file:REFERENCE.md#escaping_html Escaping HTML} and
+    # {file:REFERENCE.md#unescaping_html Unescaping HTML}.
+    #
+    # Defaults to the current value of `escape_html`.
+    attr_accessor :escape_filter_interpolations
+
     # The name of the Haml file being parsed.
     # This is only used as information when exceptions are raised. This is
     # automatically assigned when working through ActionView, so it's really
@@ -137,7 +135,7 @@ module Haml
     # formatting errors.
     #
     # Defaults to `false`.
-    attr_reader :remove_whitespace
+    attr_accessor :remove_whitespace
 
     # Whether or not attribute hashes and Ruby scripts designated by `=` or `~`
     # should be evaluated. If this is `true`, said scripts are rendered as empty
@@ -146,13 +144,6 @@ module Haml
     # Defaults to `false`.
     attr_accessor :suppress_eval
 
-    # If set to `true`, Haml makes no attempt to properly indent or format the
-    # HTML output. This significantly improves rendering performance but makes
-    # viewing the source unpleasant.
-    #
-    # Defaults to `true` in Rails production  mode, and `false` everywhere else.
-    attr_accessor :ugly
-
     # Whether to include CDATA sections around javascript and css blocks when
     # using the `:javascript` or `:css` filters.
     #
@@ -169,9 +160,20 @@ module Haml
     # The compiler class to use. Defaults to Haml::Compiler.
     attr_accessor :compiler_class
 
-    def initialize(values = {}, &block)
+    # Enable template tracing. If true, it will add a 'data-trace' attribute to
+    # each tag generated by Haml. The value of the attribute will be the
+    # source template name and the line number from which the tag was generated,
+    # separated by a colon. On Rails applications, the path given will be a
+    # relative path as from the views directory. On non-Rails applications,
+    # the path will be the full path.
+    attr_accessor :trace
+
+    # Key is filter name in String and value is Class to use. Defaults to {}.
+    attr_accessor :filters
+
+    def initialize(values = {})
       defaults.each {|k, v| instance_variable_set :"@#{k}", v}
-      values.reject {|k, v| !defaults.has_key?(k) || v.nil?}.each {|k, v| send("#{k}=", v)}
+      values.each {|k, v| send("#{k}=", v) if defaults.has_key?(k) && !v.nil?}
       yield if block_given?
     end
 
@@ -188,8 +190,7 @@ module Haml
       send "#{key}=", value
     end
 
-    [:escape_attrs, :hyphenate_data_attrs, :remove_whitespace, :suppress_eval,
-      :ugly].each do |method|
+    [:escape_attrs, :hyphenate_data_attrs, :remove_whitespace, :suppress_eval].each do |method|
       class_eval(<<-END)
         def #{method}?
           !! @#{method}
@@ -240,22 +241,13 @@ module Haml
       xhtml? || @cdata
     end
 
-    def remove_whitespace=(value)
-      @ugly = true if value
-      @remove_whitespace = value
+    def encoding=(value)
+      return unless value
+      @encoding = value.is_a?(Encoding) ? value.name : value.to_s
+      @encoding = "UTF-8" if @encoding.upcase == "US-ASCII"
     end
 
-    if RUBY_VERSION < "1.9"
-      attr_writer :encoding
-    else
-      def encoding=(value)
-        return unless value
-        @encoding = value.is_a?(Encoding) ? value.name : value.to_s
-        @encoding = "UTF-8" if @encoding.upcase == "US-ASCII"
-      end
-    end
-
-    # Returns a subset of options: those that {Haml::Buffer} cares about.
+    # Returns a non-default subset of options: those that {Haml::Buffer} cares about.
     # All of the values here are such that when `#inspect` is called on the hash,
     # it can be `Kernel#eval`ed to get the same result back.
     #
@@ -264,7 +256,10 @@ module Haml
     # @return [{Symbol => Object}] The options hash
     def for_buffer
       self.class.buffer_option_keys.inject({}) do |hash, key|
-        hash[key] = send(key)
+        value = public_send(key)
+        if self.class.buffer_defaults[key] != value
+          hash[key] = value
+        end
         hash
       end
     end
@@ -274,6 +269,5 @@ module Haml
     def defaults
       self.class.defaults
     end
-
   end
 end