haml 5.1.1 → 5.2.2

data/lib/haml/attribute_parser.rb

@@ -16,7 +16,7 @@ module Haml
     TYPE = 1
     TEXT = 2
 
-    IGNORED_TYPES = %i[on_sp on_ignored_nl]
+    IGNORED_TYPES = %i[on_sp on_ignored_nl].freeze
 
     class << self
       # @return [Boolean] - return true if AttributeParser.parse can be used.

data/lib/haml/buffer.rb

@@ -130,18 +130,6 @@ module Haml
       @real_tabs += tab_change
     end
 
-    def attributes(class_id, obj_ref, *attributes_hashes)
-      attributes = class_id
-      attributes_hashes.each do |old|
-        result = {}
-        old.each { |k, v| result[k.to_s] = v }
-        AttributeBuilder.merge_attributes!(attributes, result)
-      end
-      AttributeBuilder.merge_attributes!(attributes, parse_object_ref(obj_ref)) if obj_ref
-      AttributeBuilder.build_attributes(
-        html?, @options[:attr_wrapper], @options[:escape_attrs], @options[:hyphenate_data_attrs], attributes)
-    end
-
     # Remove the whitespace from the right side of the buffer string.
     # Doesn't do anything if we're at the beginning of a capture_haml block.
     def rstrip!
@@ -190,49 +178,5 @@ module Haml
       tabs = [count + @tabulation, 0].max
       @@tab_cache[tabs] ||= '  ' * tabs
     end
-
-    # Takes an array of objects and uses the class and id of the first
-    # one to create an attributes hash.
-    # The second object, if present, is used as a prefix,
-    # just like you can do with `dom_id()` and `dom_class()` in Rails
-    def parse_object_ref(ref)
-      prefix = ref[1]
-      ref = ref[0]
-      # Let's make sure the value isn't nil. If it is, return the default Hash.
-      return {} if ref.nil?
-      class_name =
-        if ref.respond_to?(:haml_object_ref)
-          ref.haml_object_ref
-        else
-          underscore(ref.class)
-        end
-      ref_id =
-        if ref.respond_to?(:to_key)
-          key = ref.to_key
-          key.join('_') unless key.nil?
-        else
-          ref.id
-        end
-      id = "#{class_name}_#{ref_id || 'new'}"
-      if prefix
-        class_name = "#{ prefix }_#{ class_name}"
-        id = "#{ prefix }_#{ id }"
-      end
-
-      { 'id'.freeze => id, 'class'.freeze => class_name }
-    end
-
-    # Changes a word from camel case to underscores.
-    # Based on the method of the same name in Rails' Inflector,
-    # but copied here so it'll run properly without Rails.
-    def underscore(camel_cased_word)
-      word = camel_cased_word.to_s.dup
-      word.gsub!(/::/, '_')
-      word.gsub!(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
-      word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
-      word.tr!('-', '_')
-      word.downcase!
-      word
-    end
   end
 end

data/lib/haml/compiler.rb

@@ -188,30 +188,28 @@ module Haml
 
       if @options.html5?
         '<!DOCTYPE html>'
-      else
-        if @options.xhtml?
-          if @node.value[:version] == "1.1"
-            '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">'
-          elsif @node.value[:version] == "5"
-            '<!DOCTYPE html>'
-          else
-            case @node.value[:type]
-            when "strict";   '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
-            when "frameset"; '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">'
-            when "mobile";   '<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/xhtml-mobile12.dtd">'
-            when "rdfa";     '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">'
-            when "basic";    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic11.dtd">'
-            else             '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
-            end
-          end
-
-        elsif @options.html4?
+      elsif @options.xhtml?
+        if @node.value[:version] == "1.1"
+          '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">'
+        elsif @node.value[:version] == "5"
+          '<!DOCTYPE html>'
+        else
           case @node.value[:type]
-          when "strict";   '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">'
-          when "frameset"; '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">'
-          else             '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">'
+          when "strict";   '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
+          when "frameset"; '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">'
+          when "mobile";   '<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/xhtml-mobile12.dtd">'
+          when "rdfa";     '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">'
+          when "basic";    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic11.dtd">'
+          else             '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
           end
         end
+
+      elsif @options.html4?
+        case @node.value[:type]
+        when "strict";   '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">'
+        when "frameset"; '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">'
+        else             '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">'
+        end
       end
     end
 

data/lib/haml/error.rb

@@ -5,29 +5,29 @@ module Haml
   class Error < StandardError
 
     MESSAGES = {
-      :bad_script_indent            => '"%s" is indented at wrong level: expected %d, but was at %d.',
-      :cant_run_filter              => 'Can\'t run "%s" filter; you must require its dependencies first',
-      :cant_use_tabs_and_spaces     => "Indentation can't use both tabs and spaces.",
-      :deeper_indenting             => "The line was indented %d levels deeper than the previous line.",
-      :filter_not_defined           => 'Filter "%s" is not defined.',
-      :gem_install_filter_deps      => '"%s" filter\'s %s dependency missing: try installing it or adding it to your Gemfile',
-      :illegal_element              => "Illegal element: classes and ids must have values.",
-      :illegal_nesting_content      => "Illegal nesting: nesting within a tag that already has content is illegal.",
-      :illegal_nesting_header       => "Illegal nesting: nesting within a header command is illegal.",
-      :illegal_nesting_line         => "Illegal nesting: content can't be both given on the same line as %%%s and nested within it.",
-      :illegal_nesting_plain        => "Illegal nesting: nesting within plain text is illegal.",
-      :illegal_nesting_self_closing => "Illegal nesting: nesting within a self-closing tag is illegal.",
-      :inconsistent_indentation     => "Inconsistent indentation: %s used for indentation, but the rest of the document was indented using %s.",
-      :indenting_at_start           => "Indenting at the beginning of the document is illegal.",
-      :install_haml_contrib         => 'To use the "%s" filter, please install the haml-contrib gem.',
-      :invalid_attribute_list       => 'Invalid attribute list: %s.',
-      :invalid_filter_name          => 'Invalid filter name ":%s".',
-      :invalid_tag                  => 'Invalid tag: "%s".',
-      :missing_if                   => 'Got "%s" with no preceding "if"',
-      :no_ruby_code                 => "There's no Ruby code for %s to evaluate.",
-      :self_closing_content         => "Self-closing tags can't have content.",
-      :unbalanced_brackets          => 'Unbalanced brackets.',
-      :no_end                       => <<-END
+      bad_script_indent:            '"%s" is indented at wrong level: expected %d, but was at %d.',
+      cant_run_filter:              'Can\'t run "%s" filter; you must require its dependencies first',
+      cant_use_tabs_and_spaces:     "Indentation can't use both tabs and spaces.",
+      deeper_indenting:             "The line was indented %d levels deeper than the previous line.",
+      filter_not_defined:           'Filter "%s" is not defined.',
+      gem_install_filter_deps:      '"%s" filter\'s %s dependency missing: try installing it or adding it to your Gemfile',
+      illegal_element:              "Illegal element: classes and ids must have values.",
+      illegal_nesting_content:      "Illegal nesting: nesting within a tag that already has content is illegal.",
+      illegal_nesting_header:       "Illegal nesting: nesting within a header command is illegal.",
+      illegal_nesting_line:         "Illegal nesting: content can't be both given on the same line as %%%s and nested within it.",
+      illegal_nesting_plain:        "Illegal nesting: nesting within plain text is illegal.",
+      illegal_nesting_self_closing: "Illegal nesting: nesting within a self-closing tag is illegal.",
+      inconsistent_indentation:     "Inconsistent indentation: %s used for indentation, but the rest of the document was indented using %s.",
+      indenting_at_start:           "Indenting at the beginning of the document is illegal.",
+      install_haml_contrib:         'To use the "%s" filter, please install the haml-contrib gem.',
+      invalid_attribute_list:       'Invalid attribute list: %s.',
+      invalid_filter_name:          'Invalid filter name ":%s".',
+      invalid_tag:                  'Invalid tag: "%s".',
+      missing_if:                   'Got "%s" with no preceding "if"',
+      no_ruby_code:                 "There's no Ruby code for %s to evaluate.",
+      self_closing_content:         "Self-closing tags can't have content.",
+      unbalanced_brackets:          'Unbalanced brackets.',
+      no_end:                       <<-END
 You don't need to use "- end" in Haml. Un-indent to close a block:
 - if foo?
   %strong Foo!
@@ -35,7 +35,7 @@ You don't need to use "- end" in Haml. Un-indent to close a block:
   Not foo.
 %p This line is un-indented, so it isn't part of the "if" block
 END
-    }
+    }.freeze
 
     def self.message(key, *args)
       string = MESSAGES[key] or raise "[HAML BUG] No error messages for #{key}"

data/lib/haml/escapable.rb

@@ -4,30 +4,31 @@ module Haml
   # Like Temple::Filters::Escapable, but with support for escaping by
   # Haml::Herlpers.html_escape and Haml::Herlpers.escape_once.
   class Escapable < Temple::Filter
+    # Special value of `flag` to ignore html_safe?
+    EscapeSafeBuffer = Struct.new(:value)
+
     def initialize(*)
       super
-      @escape_code = "::Haml::Helpers.html_escape((%s))"
-      @escaper = eval("proc {|v| #{@escape_code % 'v'} }")
-      @once_escape_code = "::Haml::Helpers.escape_once((%s))"
-      @once_escaper = eval("proc {|v| #{@once_escape_code % 'v'} }")
       @escape = false
+      @escape_safe_buffer = false
     end
 
     def on_escape(flag, exp)
-      old = @escape
-      @escape = flag
+      old_escape, old_escape_safe_buffer = @escape, @escape_safe_buffer
+      @escape_safe_buffer = flag.is_a?(EscapeSafeBuffer)
+      @escape = @escape_safe_buffer ? flag.value : flag
       compile(exp)
     ensure
-      @escape = old
+      @escape, @escape_safe_buffer = old_escape, old_escape_safe_buffer
     end
 
     # The same as Haml::AttributeBuilder.build_attributes
     def on_static(value)
       [:static,
        if @escape == :once
-         @once_escaper[value]
+         escape_once(value)
        elsif @escape
-         @escaper[value]
+         escape(value)
        else
          value
        end
@@ -38,13 +39,39 @@ module Haml
     def on_dynamic(value)
       [:dynamic,
        if @escape == :once
-         @once_escape_code % value
+         escape_once_code(value)
        elsif @escape
-         @escape_code % value
+         escape_code(value)
        else
          "(#{value}).to_s"
        end
       ]
     end
+
+    private
+
+    def escape_once(value)
+      if @escape_safe_buffer
+        ::Haml::Helpers.escape_once_without_haml_xss(value)
+      else
+        ::Haml::Helpers.escape_once(value)
+      end
+    end
+
+    def escape(value)
+      if @escape_safe_buffer
+        ::Haml::Helpers.html_escape_without_haml_xss(value)
+      else
+        ::Haml::Helpers.html_escape(value)
+      end
+    end
+
+    def escape_once_code(value)
+      "::Haml::Helpers.escape_once#{('_without_haml_xss' if @escape_safe_buffer)}((#{value}))"
+    end
+
+    def escape_code(value)
+      "::Haml::Helpers.html_escape#{('_without_haml_xss' if @escape_safe_buffer)}((#{value}))"
+    end
   end
 end

data/lib/haml/exec.rb

@@ -121,7 +121,7 @@ module Haml
         @options[:input], @options[:output] = input, output
       end
 
-      COLORS = { :red => 31, :green => 32, :yellow => 33 }
+      COLORS = {red: 31, green: 32, yellow: 33}.freeze
 
       # Prints a status message about performing the given action,
       # colored using the given color (via terminal escapes) if possible.

data/lib/haml/helpers.rb

@@ -593,7 +593,7 @@ MESSAGE
     end
 
     # Characters that need to be escaped to HTML entities from user input
-    HTML_ESCAPE = { '&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#39;' }
+    HTML_ESCAPE = {'&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#39;'}.freeze
 
     HTML_ESCAPE_REGEX = /['"><&]/
 
@@ -607,9 +607,12 @@ MESSAGE
     # @param text [String] The string to sanitize
     # @return [String] The sanitized string
     def html_escape(text)
-      ERB::Util.html_escape(text)
+      CGI.escapeHTML(text.to_s)
     end
 
+    # Always escape text regardless of html_safe?
+    alias_method :html_escape_without_haml_xss, :html_escape
+
     HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
     # Escapes HTML entities in `text`, but without escaping an ampersand
@@ -622,6 +625,9 @@ MESSAGE
       text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
     end
 
+    # Always escape text once regardless of html_safe?
+    alias_method :escape_once_without_haml_xss, :escape_once
+
     # Returns whether or not the current template is a Haml template.
     #
     # This function, unlike other {Haml::Helpers} functions,

data/lib/haml/helpers/xss_mods.rb

@@ -8,12 +8,15 @@ module Haml
     # to work with Rails' XSS protection methods.
     module XssMods
       def self.included(base)
-        %w[html_escape find_and_preserve preserve list_of surround
-           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
-           escape_once].each do |name|
+        %w[find_and_preserve preserve list_of surround
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
           base.send(:alias_method, "#{name}_without_haml_xss", name)
           base.send(:alias_method, name, "#{name}_with_haml_xss")
         end
+        # Those two always have _without_haml_xss
+        %w[html_escape escape_once].each do |name|
+          base.send(:alias_method, name, "#{name}_with_haml_xss")
+        end
       end
 
       # Don't escape text that's already safe,

data/lib/haml/options.rb

@@ -5,44 +5,40 @@ module Haml
   # understands. Please see the {file:REFERENCE.md#options Haml Reference} to
   # learn how to set the options.
   class Options
-
     @valid_formats = [:html4, :html5, :xhtml]
-
     @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :format,
       :encoding, :escape_html, :escape_filter_interpolations, :escape_attrs, :hyphenate_data_attrs, :cdata]
 
-    # The default option values.
-    # @return Hash
-    def self.defaults
-      @defaults ||= Haml::TempleEngine.options.to_hash.merge(encoding: 'UTF-8')
-    end
+    class << self
+      # The default option values.
+      # @return Hash
+      def defaults
+        @defaults ||= Haml::TempleEngine.options.to_hash.merge(encoding: 'UTF-8')
+      end
 
-    # An array of valid values for the `:format` option.
-    # @return Array
-    def self.valid_formats
-      @valid_formats
-    end
+      # An array of valid values for the `:format` option.
+      # @return Array
+      attr_reader :valid_formats
 
-    # An array of keys that will be used to provide a hash of options to
-    # {Haml::Buffer}.
-    # @return Hash
-    def self.buffer_option_keys
-      @buffer_option_keys
-    end
+      # An array of keys that will be used to provide a hash of options to
+      # {Haml::Buffer}.
+      # @return Hash
+      attr_reader :buffer_option_keys
 
-    # Returns a subset of defaults: those that {Haml::Buffer} cares about.
-    # @return [{Symbol => Object}] The options hash
-    def self.buffer_defaults
-      @buffer_defaults ||= buffer_option_keys.inject({}) do |hash, key|
-        hash.merge(key => defaults[key])
+      # Returns a subset of defaults: those that {Haml::Buffer} cares about.
+      # @return [{Symbol => Object}] The options hash
+      def buffer_defaults
+        @buffer_defaults ||= buffer_option_keys.inject({}) do |hash, key|
+          hash.merge(key => defaults[key])
+        end
       end
-    end
 
-    def self.wrap(options)
-      if options.is_a?(Options)
-        options
-      else
-        Options.new(options)
+      def wrap(options)
+        if options.is_a?(Options)
+          options
+        else
+          Options.new(options)
+        end
       end
     end
 
@@ -139,7 +135,7 @@ module Haml
     # formatting errors.
     #
     # Defaults to `false`.
-    attr_reader :remove_whitespace
+    attr_accessor :remove_whitespace
 
     # Whether or not attribute hashes and Ruby scripts designated by `=` or `~`
     # should be evaluated. If this is `true`, said scripts are rendered as empty
@@ -175,7 +171,7 @@ module Haml
     # Key is filter name in String and value is Class to use. Defaults to {}.
     attr_accessor :filters
 
-    def initialize(values = {}, &block)
+    def initialize(values = {})
       defaults.each {|k, v| instance_variable_set :"@#{k}", v}
       values.each {|k, v| send("#{k}=", v) if defaults.has_key?(k) && !v.nil?}
       yield if block_given?
@@ -245,10 +241,6 @@ module Haml
       xhtml? || @cdata
     end
 
-    def remove_whitespace=(value)
-      @remove_whitespace = value
-    end
-
     def encoding=(value)
       return unless value
       @encoding = value.is_a?(Encoding) ? value.name : value.to_s

data/lib/haml/parser.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'ripper'
 require 'strscan'
 
 module Haml
@@ -61,7 +62,7 @@ module Haml
       SILENT_SCRIPT,
       ESCAPE,
       FILTER
-    ]
+    ].freeze
 
     # The value of the character that designates that a line is part
     # of a multiline string.
@@ -75,8 +76,8 @@ module Haml
     #
     BLOCK_WITH_SPACES = /do\s*\|\s*[^\|]*\s+\|\z/
 
-    MID_BLOCK_KEYWORDS = %w[else elsif rescue ensure end when]
-    START_BLOCK_KEYWORDS = %w[if begin case unless]
+    MID_BLOCK_KEYWORDS = %w[else elsif rescue ensure end when].freeze
+    START_BLOCK_KEYWORDS = %w[if begin case unless].freeze
     # Try to parse assignments to block starters as best as possible
     START_BLOCK_KEYWORD_REGEX = /(?:\w+(?:,\s*\w+)*\s*=\s*)?(#{START_BLOCK_KEYWORDS.join('|')})/
     BLOCK_KEYWORD_REGEX = /^-?\s*(?:(#{MID_BLOCK_KEYWORDS.join('|')})|#{START_BLOCK_KEYWORD_REGEX.source})\b/
@@ -90,6 +91,9 @@ module Haml
     ID_KEY    = 'id'.freeze
     CLASS_KEY = 'class'.freeze
 
+    # Used for scanning old attributes, substituting the first '{'
+    METHOD_CALL_PREFIX = 'a('
+
     def initialize(options)
       @options = Options.wrap(options)
       # Record the indent levels of "if" statements to validate the subsequent
@@ -202,7 +206,7 @@ module Haml
       end
 
       def inspect
-        %Q[(#{type} #{value.inspect}#{children.each_with_object('') {|c, s| s << "\n#{c.inspect.gsub!(/^/, '  ')}"}})]
+        %Q[(#{type} #{value.inspect}#{children.each_with_object(''.dup) {|c, s| s << "\n#{c.inspect.gsub!(/^/, '  ')}"}})].dup
       end
     end
 
@@ -307,7 +311,7 @@ module Haml
         return ParseNode.new(:plain, line.index + 1, :text => line.text)
       end
 
-      escape_html = @options.escape_html if escape_html.nil?
+      escape_html = @options.escape_html && @options.mime_type != 'text/plain' if escape_html.nil?
       line.text = unescape_interpolation(line.text, escape_html)
       script(line, false)
     end
@@ -651,13 +655,18 @@ module Haml
     # @return [String] rest
     # @return [Integer] last_line
     def parse_old_attributes(text)
-      text = text.dup
       last_line = @line.index + 1
 
       begin
-        attributes_hash, rest = balance(text, ?{, ?})
+        # Old attributes often look like a valid Hash literal, but it sometimes allow code like
+        # `{ hash, foo: bar }`, which is compiled to `_hamlout.attributes({}, nil, hash, foo: bar)`.
+        #
+        # To scan such code correctly, this scans `a( hash, foo: bar }` instead, stops when there is
+        # 1 more :on_embexpr_end (the last '}') than :on_embexpr_beg, and resurrects '{' afterwards.
+        balanced, rest = balance_tokens(text.sub(?{, METHOD_CALL_PREFIX), :on_embexpr_beg, :on_embexpr_end, count: 1)
+        attributes_hash = balanced.sub(METHOD_CALL_PREFIX, ?{)
       rescue SyntaxError => e
-        if text.strip[-1] == ?, && e.message == Error.message(:unbalanced_brackets)
+        if e.message == Error.message(:unbalanced_brackets) && !@template.empty?
           text << "\n#{@next_line.text}"
           last_line += 1
           next_line
@@ -811,6 +820,25 @@ module Haml
       Haml::Util.balance(*args) or raise(SyntaxError.new(Error.message(:unbalanced_brackets)))
     end
 
+    # Unlike #balance, this balances Ripper tokens to balance something like `{ a: "}" }` correctly.
+    def balance_tokens(buf, start, finish, count: 0)
+      text = ''.dup
+      Ripper.lex(buf).each do |_, token, str|
+        text << str
+        case token
+        when start
+          count += 1
+        when finish
+          count -= 1
+        end
+
+        if count == 0
+          return text, buf.sub(text, '')
+        end
+      end
+      raise SyntaxError.new(Error.message(:unbalanced_brackets))
+    end
+
     def block_opened?
       @next_line.tabs > @line.tabs
     end