haml 4.0.6 → 5.0.0

data/lib/haml/helpers/xss_mods.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Haml
   module Helpers
     # This module overrides Haml helpers to work properly
@@ -7,8 +8,8 @@ module Haml
     module XssMods
       def self.included(base)
         %w[html_escape find_and_preserve preserve list_of surround
-           precede succeed capture_haml haml_concat haml_indent
-           haml_tag escape_once].each do |name|
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
+           escape_once].each do |name|
           base.send(:alias_method, "#{name}_without_haml_xss", name)
           base.send(:alias_method, name, "#{name}_with_haml_xss")
         end
@@ -61,24 +62,29 @@ module Haml
         Haml::Util.html_safe(capture_haml_without_haml_xss(*args, &block))
       end
 
-      # Input is escaped
+      # Input will be escaped unless this is in a `with_raw_haml_concat`
+      # block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.
       def haml_concat_with_haml_xss(text = "")
-        raw = instance_variable_defined?('@_haml_concat_raw') ? @_haml_concat_raw : false
-        haml_concat_without_haml_xss(raw ? text : haml_xss_html_escape(text))
+        raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
+        if raw
+          haml_internal_concat_raw text
+        else
+          haml_internal_concat text
+        end
+        ErrorReturn.new("haml_concat")
       end
 
+      # Input is escaped
+      def haml_internal_concat_with_haml_xss(text="", newline=true, indent=true)
+        haml_internal_concat_without_haml_xss(haml_xss_html_escape(text), newline, indent)
+      end
+      private :haml_internal_concat_with_haml_xss
+
       # Output is always HTML safe
       def haml_indent_with_haml_xss
         Haml::Util.html_safe(haml_indent_without_haml_xss)
       end
 
-      # Input is escaped, haml_concat'ed output is always HTML safe
-      def haml_tag_with_haml_xss(name, *rest, &block)
-        name = haml_xss_html_escape(name.to_s)
-        rest.unshift(haml_xss_html_escape(rest.shift.to_s)) unless [Symbol, Hash, NilClass].any? {|t| rest.first.is_a? t}
-        with_raw_haml_concat {haml_tag_without_haml_xss(name, *rest, &block)}
-      end
-
       # Output is always HTML safe
       def escape_once_with_haml_xss(*args)
         Haml::Util.html_safe(escape_once_without_haml_xss(*args))

data/lib/haml/helpers.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: false
+require 'erb'
+
 module Haml
   # This module contains various helpful methods to make it easier to do various tasks.
   # {Haml::Helpers} is automatically included in the context
@@ -106,7 +109,11 @@ MESSAGE
     #   @yield The block within which to escape newlines
     def find_and_preserve(input = nil, tags = haml_buffer.options[:preserve], &block)
       return find_and_preserve(capture_haml(&block), input || tags) if block
-      re = /<(#{tags.map(&Regexp.method(:escape)).join('|')})([^>]*)>(.*?)(<\/\1>)/im
+      tags = tags.each_with_object('') do |t, s|
+        s << '|' unless s.empty?
+        s << Regexp.escape(t)
+      end
+      re = /<(#{tags})([^>]*)>(.*?)(<\/\1>)/im
       input.to_s.gsub(re) do |s|
         s =~ re # Can't rely on $1, etc. existing since Rails' SafeBuffer#gsub is incompatible
         "<#{$1}#{$2}>#{preserve($3)}</#{$1}>"
@@ -117,17 +124,20 @@ MESSAGE
     # HTML entities so they'll render correctly in
     # whitespace-sensitive tags without screwing up the indentation.
     #
-    # @overload perserve(input)
+    # @overload preserve(input)
     #   Escapes newlines within a string.
     #
     #   @param input [String] The string within which to escape all newlines
-    # @overload perserve
+    # @overload preserve
     #   Escapes newlines within a block of Haml code.
     #
     #   @yield The block within which to escape newlines
     def preserve(input = nil, &block)
       return preserve(capture_haml(&block)) if block
-      input.to_s.chomp("\n").gsub(/\n/, '&#x000A;').gsub(/\r/, '')
+      s = input.to_s.chomp("\n")
+      s.gsub!(/\n/, '&#x000A;')
+      s.delete!("\r")
+      s
     end
     alias_method :flatten, :preserve
 
@@ -190,20 +200,20 @@ MESSAGE
     # @yield [item] A block which contains Haml code that goes within list items
     # @yieldparam item An element of `enum`
     def list_of(enum, opts={}, &block)
-      opts_attributes = opts.empty? ? "" : " ".<<(opts.map{|k,v| "#{k}='#{v}'" }.join(" "))
-      to_return = enum.collect do |i|
+      opts_attributes = opts.each_with_object('') {|(k, v), s| s << " #{k}='#{v}'"}
+      enum.each_with_object('') do |i, ret|
         result = capture_haml(i, &block)
 
         if result.count("\n") > 1
-          result = result.gsub("\n", "\n  ")
-          result = "\n  #{result.strip}\n"
+          result.gsub!("\n", "\n  ")
+          result = "\n  #{result.strip!}\n"
         else
-          result = result.strip
+          result.strip!
         end
 
-        %Q!<li#{opts_attributes}>#{result}</li>!
+        ret << "\n" unless ret.empty?
+        ret << %Q!<li#{opts_attributes}>#{result}</li>!
       end
-      to_return.join("\n")
     end
 
     # Returns a hash containing default assignments for the `xmlns`, `lang`, and `xml:lang`
@@ -219,7 +229,11 @@ MESSAGE
     # @param lang [String] The value of `xml:lang` and `lang`
     # @return [{#to_s => String}] The attribute hash
     def html_attrs(lang = 'en-US')
-      {:xmlns => "http://www.w3.org/1999/xhtml", 'xml:lang' => lang, :lang => lang}
+      if haml_buffer.options[:format] == :xhtml
+        {:xmlns => "http://www.w3.org/1999/xhtml", 'xml:lang' => lang, :lang => lang}
+      else
+        {:lang => lang}
+      end
     end
 
     # Increments the number of tabs the buffer automatically adds
@@ -370,12 +384,10 @@ MESSAGE
         captured = haml_buffer.buffer.slice!(position..-1)
 
         if captured == '' and value != haml_buffer.buffer
-             captured = (value.is_a?(String) ? value : nil)
+          captured = (value.is_a?(String) ? value : nil)
         end
 
-        return nil if captured.nil?
-        return (haml_buffer.options[:ugly] ? captured : prettify(captured))
-
+        captured
       end
     ensure
       haml_buffer.capture_position = nil
@@ -385,14 +397,34 @@ MESSAGE
     #
     # @param text [#to_s] The text to output
     def haml_concat(text = "")
-      unless haml_buffer.options[:ugly] || haml_indent == 0
-        haml_buffer.buffer << haml_indent <<
-          text.to_s.gsub("\n", "\n" + haml_indent) << "\n"
+      haml_internal_concat text
+      ErrorReturn.new("haml_concat")
+    end
+
+    # Internal method to write directly to the buffer with control of
+    # whether the first line should be indented, and if there should be a
+    # final newline.
+    #
+    # Lines added will have the proper indentation. This can be controlled
+    # for the first line.
+    #
+    # Used by #haml_concat and #haml_tag.
+    #
+    # @param text [#to_s] The text to output
+    # @param newline [Boolean] Whether to add a newline after the text
+    # @param indent [Boolean] Whether to add indentation to the first line
+    def haml_internal_concat(text = "", newline = true, indent = true)
+      if haml_buffer.tabulation == 0
+        haml_buffer.buffer << "#{text}#{"\n" if newline}"
       else
-        haml_buffer.buffer << text.to_s << "\n"
+        haml_buffer.buffer << %[#{haml_indent if indent}#{text.to_s.gsub("\n", "\n#{haml_indent}")}#{"\n" if newline}]
       end
-      ErrorReturn.new("haml_concat")
     end
+    private :haml_internal_concat
+
+    # Allows writing raw content. `haml_internal_concat_raw` isn't
+    # effected by XSS mods. Used by #haml_tag to write the actual tags.
+    alias :haml_internal_concat_raw :haml_internal_concat
 
     # @return [String] The indentation string for the current line
     def haml_indent
@@ -466,14 +498,14 @@ MESSAGE
       attrs.keys.each {|key| attrs[key.to_s] = attrs.delete(key)} unless attrs.empty?
       name, attrs = merge_name_and_attributes(name.to_s, attrs)
 
-      attributes = Haml::Compiler.build_attributes(haml_buffer.html?,
+      attributes = Haml::AttributeBuilder.build_attributes(haml_buffer.html?,
         haml_buffer.options[:attr_wrapper],
         haml_buffer.options[:escape_attrs],
         haml_buffer.options[:hyphenate_data_attrs],
         attrs)
 
       if text.nil? && block.nil? && (haml_buffer.options[:autoclose].include?(name) || flags.include?(:/))
-        haml_concat "<#{name}#{attributes} />"
+        haml_internal_concat_raw "<#{name}#{attributes}#{' /' if haml_buffer.options[:format] == :xhtml}>"
         return ret
       end
 
@@ -483,17 +515,19 @@ MESSAGE
       end
 
       tag = "<#{name}#{attributes}>"
+      end_tag = "</#{name}>"
       if block.nil?
         text = text.to_s
         if text.include?("\n")
-          haml_concat tag
+          haml_internal_concat_raw tag
           tab_up
-          haml_concat text
+          haml_internal_concat text
           tab_down
-          haml_concat "</#{name}>"
+          haml_internal_concat_raw end_tag
         else
-          tag << text << "</#{name}>"
-          haml_concat tag
+          haml_internal_concat_raw tag, false
+          haml_internal_concat text, false, false
+          haml_internal_concat_raw end_tag, true, false
         end
         return ret
       end
@@ -503,67 +537,92 @@ MESSAGE
       end
 
       if flags.include?(:<)
-        tag << capture_haml(&block).strip << "</#{name}>"
-        haml_concat tag
+        haml_internal_concat_raw tag, false
+        haml_internal_concat "#{capture_haml(&block).strip}", false, false
+        haml_internal_concat_raw end_tag, true, false
         return ret
       end
 
-      haml_concat tag
+      haml_internal_concat_raw tag
       tab_up
       block.call
       tab_down
-      haml_concat "</#{name}>"
+      haml_internal_concat_raw end_tag
 
       ret
     end
 
-    # Characters that need to be escaped to HTML entities from user input
-    HTML_ESCAPE = { '&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;', '"'=>'&quot;', "'"=>'&#039;', }
+    # Conditionally wrap a block in an element. If `condition` is `true` then
+    # this method renders the tag described by the arguments in `tag` (using
+    # \{#haml_tag}) with the given block inside, otherwise it just renders the block.
+    #
+    # For example,
+    #
+    #     - haml_tag_if important, '.important' do
+    #       %p
+    #         A (possibly) important paragraph.
+    #
+    # will produce
+    #
+    #     <div class='important'>
+    #       <p>
+    #         A (possibly) important paragraph.
+    #       </p>
+    #     </div>
+    #
+    # if `important` is truthy, and just
+    #
+    #     <p>
+    #       A (possibly) important paragraph.
+    #     </p>
+    #
+    # otherwise.
+    #
+    # Like \{#haml_tag}, `haml_tag_if` outputs directly to the buffer and its
+    # return value should not be used. Use \{#capture_haml} if you need to use
+    # its results as a string.
+    #
+    # @param condition The condition to test to determine whether to render
+    #   the enclosing tag
+    # @param tag Definition of the enclosing tag. See \{#haml_tag} for details
+    #   (specifically the form that takes a block)
+    def haml_tag_if(condition, *tag)
+      if condition
+        haml_tag(*tag){ yield }
+      else
+        yield
+      end
+      ErrorReturn.new("haml_tag_if")
+    end
 
-    HTML_ESCAPE_REGEX = /[\"><&]/
+    # Characters that need to be escaped to HTML entities from user input
+    HTML_ESCAPE = { '&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#39;' }
 
-    if RUBY_VERSION >= '1.9'
-      # Include docs here so they are picked up by Yard
+    HTML_ESCAPE_REGEX = /['"><&]/
 
-      # Returns a copy of `text` with ampersands, angle brackets and quotes
-      # escaped into HTML entities.
-      #
-      # Note that if ActionView is loaded and XSS protection is enabled
-      # (as is the default for Rails 3.0+, and optional for version 2.3.5+),
-      # this won't escape text declared as "safe".
-      #
-      # @param text [String] The string to sanitize
-      # @return [String] The sanitized string
-      def html_escape(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
-      end
-    else
-      def html_escape(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_REGEX) {|s| HTML_ESCAPE[s]}
-      end
+    # Returns a copy of `text` with ampersands, angle brackets and quotes
+    # escaped into HTML entities.
+    #
+    # Note that if ActionView is loaded and XSS protection is enabled
+    # (as is the default for Rails 3.0+, and optional for version 2.3.5+),
+    # this won't escape text declared as "safe".
+    #
+    # @param text [String] The string to sanitize
+    # @return [String] The sanitized string
+    def html_escape(text)
+      ERB::Util.html_escape(text)
     end
 
-    HTML_ESCAPE_ONCE_REGEX = /[\"><]|&(?!(?:[a-zA-Z]+|(#\d+));)/
+    HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
-    if RUBY_VERSION >= '1.9'
-      # Include docs here so they are picked up by Yard
-
-      # Escapes HTML entities in `text`, but without escaping an ampersand
-      # that is already part of an escaped entity.
-      #
-      # @param text [String] The string to sanitize
-      # @return [String] The sanitized string
-      def escape_once(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
-      end
-    else
-      def escape_once(text)
-        text = text.to_s
-        text.gsub(HTML_ESCAPE_ONCE_REGEX){|s| HTML_ESCAPE[s]}
-      end
+    # Escapes HTML entities in `text`, but without escaping an ampersand
+    # that is already part of an escaped entity.
+    #
+    # @param text [String] The string to sanitize
+    # @return [String] The sanitized string
+    def escape_once(text)
+      text = text.to_s
+      text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
     end
 
     # Returns whether or not the current template is a Haml template.
@@ -593,7 +652,7 @@ MESSAGE
       # skip merging if no ids or classes found in name
       return name, attributes_hash unless name =~ /^(.+?)?([\.#].*)$/
 
-      return $1 || "div", Buffer.merge_attrs(
+      return $1 || "div", AttributeBuilder.merge_attributes!(
         Haml::Parser.parse_class_and_id($2), attributes_hash)
     end
 
@@ -630,22 +689,6 @@ MESSAGE
       _erbout = _erbout = _hamlout.buffer
       proc { |*args| proc.call(*args) }
     end
-
-    def prettify(text)
-      text = text.split(/^/)
-      text.delete('')
-
-      min_tabs = nil
-      text.each do |line|
-        tabs = line.index(/[^ ]/) || line.length
-        min_tabs ||= tabs
-        min_tabs = min_tabs > tabs ? tabs : min_tabs
-      end
-
-      text.map do |line|
-        line.slice(min_tabs, line.length)
-      end.join
-    end
   end
 end
 

data/lib/haml/options.rb

@@ -1,40 +1,19 @@
+# frozen_string_literal: true
 module Haml
   # This class encapsulates all of the configuration options that Haml
   # understands. Please see the {file:REFERENCE.md#options Haml Reference} to
   # learn how to set the options.
   class Options
 
-    @defaults = {
-      :attr_wrapper         => "'",
-      :autoclose            => %w(area base basefont br col command embed frame
-                                  hr img input isindex keygen link menuitem meta
-                                  param source track wbr),
-      :encoding             => "UTF-8",
-      :escape_attrs         => true,
-      :escape_html          => false,
-      :filename             => '(haml)',
-      :format               => :html5,
-      :hyphenate_data_attrs => true,
-      :line                 => 1,
-      :mime_type            => 'text/html',
-      :preserve             => %w(textarea pre code),
-      :remove_whitespace    => false,
-      :suppress_eval        => false,
-      :ugly                 => false,
-      :cdata                => false,
-      :parser_class         => ::Haml::Parser,
-      :compiler_class       => ::Haml::Compiler
-    }
-
     @valid_formats = [:html4, :html5, :xhtml]
 
-    @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :ugly, :format,
+    @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :format,
       :encoding, :escape_html, :escape_attrs, :hyphenate_data_attrs, :cdata]
 
     # The default option values.
     # @return Hash
     def self.defaults
-      @defaults
+      @defaults ||= Haml::TempleEngine.options.to_hash.merge(encoding: 'UTF-8')
     end
 
     # An array of valid values for the `:format` option.
@@ -50,6 +29,22 @@ module Haml
       @buffer_option_keys
     end
 
+    # Returns a subset of defaults: those that {Haml::Buffer} cares about.
+    # @return [{Symbol => Object}] The options hash
+    def self.buffer_defaults
+      @buffer_defaults ||= buffer_option_keys.inject({}) do |hash, key|
+        hash.merge(key => defaults[key])
+      end
+    end
+
+    def self.wrap(options)
+      if options.is_a?(Options)
+        options
+      else
+        Options.new(options)
+      end
+    end
+
     # The character that should wrap element attributes. This defaults to `'`
     # (an apostrophe). Characters of this type within the attributes will be
     # escaped (e.g. by replacing them with `'`) if the character is an
@@ -63,7 +58,6 @@ module Haml
     attr_accessor :autoclose
 
     # The encoding to use for the HTML output.
-    # Only available on Ruby 1.9 or higher.
     # This can be a string or an `Encoding` Object. Note that Haml **does not**
     # automatically re-encode Ruby values; any strings coming from outside the
     # application should be converted before being passed into the Haml
@@ -146,13 +140,6 @@ module Haml
     # Defaults to `false`.
     attr_accessor :suppress_eval
 
-    # If set to `true`, Haml makes no attempt to properly indent or format the
-    # HTML output. This significantly improves rendering performance but makes
-    # viewing the source unpleasant.
-    #
-    # Defaults to `true` in Rails production  mode, and `false` everywhere else.
-    attr_accessor :ugly
-
     # Whether to include CDATA sections around javascript and css blocks when
     # using the `:javascript` or `:css` filters.
     #
@@ -169,9 +156,17 @@ module Haml
     # The compiler class to use. Defaults to Haml::Compiler.
     attr_accessor :compiler_class
 
+    # Enable template tracing. If true, it will add a 'data-trace' attribute to
+    # each tag generated by Haml. The value of the attribute will be the
+    # source template name and the line number from which the tag was generated,
+    # separated by a colon. On Rails applications, the path given will be a
+    # relative path as from the views directory. On non-Rails applications,
+    # the path will be the full path.
+    attr_accessor :trace
+
     def initialize(values = {}, &block)
       defaults.each {|k, v| instance_variable_set :"@#{k}", v}
-      values.reject {|k, v| !defaults.has_key?(k) || v.nil?}.each {|k, v| send("#{k}=", v)}
+      values.each {|k, v| send("#{k}=", v) if defaults.has_key?(k) && !v.nil?}
       yield if block_given?
     end
 
@@ -188,8 +183,7 @@ module Haml
       send "#{key}=", value
     end
 
-    [:escape_attrs, :hyphenate_data_attrs, :remove_whitespace, :suppress_eval,
-      :ugly].each do |method|
+    [:escape_attrs, :hyphenate_data_attrs, :remove_whitespace, :suppress_eval].each do |method|
       class_eval(<<-END)
         def #{method}?
           !! @#{method}
@@ -241,21 +235,16 @@ module Haml
     end
 
     def remove_whitespace=(value)
-      @ugly = true if value
       @remove_whitespace = value
     end
 
-    if RUBY_VERSION < "1.9"
-      attr_writer :encoding
-    else
-      def encoding=(value)
-        return unless value
-        @encoding = value.is_a?(Encoding) ? value.name : value.to_s
-        @encoding = "UTF-8" if @encoding.upcase == "US-ASCII"
-      end
+    def encoding=(value)
+      return unless value
+      @encoding = value.is_a?(Encoding) ? value.name : value.to_s
+      @encoding = "UTF-8" if @encoding.upcase == "US-ASCII"
     end
 
-    # Returns a subset of options: those that {Haml::Buffer} cares about.
+    # Returns a non-default subset of options: those that {Haml::Buffer} cares about.
     # All of the values here are such that when `#inspect` is called on the hash,
     # it can be `Kernel#eval`ed to get the same result back.
     #
@@ -264,7 +253,10 @@ module Haml
     # @return [{Symbol => Object}] The options hash
     def for_buffer
       self.class.buffer_option_keys.inject({}) do |hash, key|
-        hash[key] = send(key)
+        value = public_send(key)
+        if self.class.buffer_defaults[key] != value
+          hash[key] = value
+        end
         hash
       end
     end
@@ -274,6 +266,5 @@ module Haml
     def defaults
       self.class.defaults
     end
-
   end
 end