haml 3.1.0.alpha.17 → 3.1.0.alpha.18
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of haml might be problematic. Click here for more details.
- data/EDGE_GEM_VERSION +1 -1
- data/VERSION +1 -1
- data/lib/haml/buffer.rb +2 -1
- data/lib/haml/engine.rb +2 -0
- data/lib/haml/helpers.rb +1 -0
- data/lib/haml/precompiler.rb +23 -10
- data/test/haml/engine_test.rb +22 -0
- metadata +2 -2
data/EDGE_GEM_VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.1.0.alpha.
|
1
|
+
3.1.0.alpha.18
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.1.0.alpha.
|
1
|
+
3.1.0.alpha.18
|
data/lib/haml/buffer.rb
CHANGED
@@ -209,7 +209,8 @@ RUBY
|
|
209
209
|
end) ? "" : "\n")
|
210
210
|
end
|
211
211
|
|
212
|
-
attributes = Precompiler.build_attributes(
|
212
|
+
attributes = Precompiler.build_attributes(
|
213
|
+
html?, @options[:attr_wrapper], @options[:escape_attrs], attributes)
|
213
214
|
@buffer << "#{nuke_outer_whitespace || @options[:ugly] ? '' : tabs(tabulation)}<#{name}#{attributes}#{str}"
|
214
215
|
|
215
216
|
if content
|
data/lib/haml/engine.rb
CHANGED
@@ -84,6 +84,7 @@ module Haml
|
|
84
84
|
:ugly => false,
|
85
85
|
:format => :xhtml,
|
86
86
|
:escape_html => false,
|
87
|
+
:escape_attrs => true,
|
87
88
|
}
|
88
89
|
|
89
90
|
|
@@ -294,6 +295,7 @@ module Haml
|
|
294
295
|
:format => @options[:format],
|
295
296
|
:encoding => @options[:encoding],
|
296
297
|
:escape_html => @options[:escape_html],
|
298
|
+
:escape_attrs => @options[:escape_attrs],
|
297
299
|
}
|
298
300
|
end
|
299
301
|
|
data/lib/haml/helpers.rb
CHANGED
@@ -447,6 +447,7 @@ MESSAGE
|
|
447
447
|
|
448
448
|
attributes = Haml::Precompiler.build_attributes(haml_buffer.html?,
|
449
449
|
haml_buffer.options[:attr_wrapper],
|
450
|
+
haml_buffer.options[:escape_attrs],
|
450
451
|
attrs)
|
451
452
|
|
452
453
|
if text.nil? && block.nil? && (haml_buffer.options[:autoclose].include?(name) || flags.include?(:/))
|
data/lib/haml/precompiler.rb
CHANGED
@@ -523,7 +523,7 @@ END
|
|
523
523
|
end
|
524
524
|
|
525
525
|
# This is a class method so it can be accessed from Buffer.
|
526
|
-
def self.build_attributes(is_html, attr_wrapper, attributes = {})
|
526
|
+
def self.build_attributes(is_html, attr_wrapper, escape_attrs, attributes = {})
|
527
527
|
quote_escape = attr_wrapper == '"' ? """ : "'"
|
528
528
|
other_quote_char = attr_wrapper == '"' ? "'" : '"'
|
529
529
|
|
@@ -546,16 +546,28 @@ END
|
|
546
546
|
next
|
547
547
|
end
|
548
548
|
|
549
|
-
|
550
|
-
|
551
|
-
|
552
|
-
|
553
|
-
|
554
|
-
if value.include? other_quote_char
|
555
|
-
value = value.gsub(attr_wrapper, quote_escape)
|
549
|
+
escaped =
|
550
|
+
if escape_attrs == :once
|
551
|
+
Haml::Helpers.escape_once(value.to_s)
|
552
|
+
elsif escape_attrs
|
553
|
+
CGI.escapeHTML(value.to_s)
|
556
554
|
else
|
557
|
-
|
555
|
+
value.to_s
|
558
556
|
end
|
557
|
+
value = Haml::Helpers.preserve(escaped)
|
558
|
+
if escape_attrs
|
559
|
+
# We want to decide whether or not to escape quotes
|
560
|
+
value.gsub!('"', '"')
|
561
|
+
this_attr_wrapper = attr_wrapper
|
562
|
+
if value.include? attr_wrapper
|
563
|
+
if value.include? other_quote_char
|
564
|
+
value = value.gsub(attr_wrapper, quote_escape)
|
565
|
+
else
|
566
|
+
this_attr_wrapper = other_quote_char
|
567
|
+
end
|
568
|
+
end
|
569
|
+
else
|
570
|
+
this_attr_wrapper = attr_wrapper
|
559
571
|
end
|
560
572
|
" #{attr}=#{this_attr_wrapper}#{value}#{this_attr_wrapper}"
|
561
573
|
end
|
@@ -570,7 +582,8 @@ END
|
|
570
582
|
end
|
571
583
|
|
572
584
|
def prerender_tag(name, self_close, attributes)
|
573
|
-
attributes_string = Precompiler.build_attributes(
|
585
|
+
attributes_string = Precompiler.build_attributes(
|
586
|
+
html?, @options[:attr_wrapper], @options[:escape_attrs], attributes)
|
574
587
|
"<#{name}#{attributes_string}#{self_close && xhtml? ? ' /' : ''}>"
|
575
588
|
end
|
576
589
|
|
data/test/haml/engine_test.rb
CHANGED
@@ -563,6 +563,28 @@ HTML
|
|
563
563
|
HAML
|
564
564
|
end
|
565
565
|
|
566
|
+
def test_escape_attrs_false
|
567
|
+
assert_equal(<<HTML, render(<<HAML, :escape_attrs => false))
|
568
|
+
<div class='<?php echo """ ?>' id='foo'>
|
569
|
+
bar
|
570
|
+
</div>
|
571
|
+
HTML
|
572
|
+
#foo{:class => '<?php echo """ ?>'}
|
573
|
+
bar
|
574
|
+
HAML
|
575
|
+
end
|
576
|
+
|
577
|
+
def test_escape_attrs_always
|
578
|
+
assert_equal(<<HTML, render(<<HAML, :escape_attrs => :always))
|
579
|
+
<div class='"&lt;&gt;&amp;"' id='foo'>
|
580
|
+
bar
|
581
|
+
</div>
|
582
|
+
HTML
|
583
|
+
#foo{:class => '"<>&"'}
|
584
|
+
bar
|
585
|
+
HAML
|
586
|
+
end
|
587
|
+
|
566
588
|
def test_escape_html
|
567
589
|
html = <<HTML
|
568
590
|
&
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: haml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.0.alpha.
|
4
|
+
version: 3.1.0.alpha.18
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Weizenbaum
|
@@ -10,7 +10,7 @@ autorequire:
|
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
12
|
|
13
|
-
date: 2010-10-
|
13
|
+
date: 2010-10-12 00:00:00 -04:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|