haml 5.1.2 → 5.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2ab71634acdfecb8525662d862961b21f26d77f32adf34457443b96aa5118b8d
4
- data.tar.gz: 3eae0d107f253137df0583ead35dfee0d7840d3de616db50e0dbbd5734acbe27
3
+ metadata.gz: ccbf9b5c93745c83284467b77b73dd156f049dacf55861dd486bd14404d84e84
4
+ data.tar.gz: 4e2439c5e370db4bd765ca76ab4d76c027d9a9f9f6b68e5d38761e6858f3312f
5
5
  SHA512:
6
- metadata.gz: fb8005b129e6874259a4ff900579a13cbc42c3f64b13640856a219c9f69fbd2cfc77d8126231148c2ebc6b58883e8687a4f447603fd6cdfc41195bf08e1127c3
7
- data.tar.gz: 813db45e219554933892a41e023419e9a1a0e10602ebdf525f7efc1f14fe6f2afa4ff96ac691a0d8552989016453e7ce553864fc778447e1f55725de43b53406
6
+ metadata.gz: f0c7b716e9866070fc50281e4486eb519832c3f098cbd58bb62ca18f2659ca85bc44cd6a275121fe71f37f8d9e442ac9b75f254b28747b5fbff47a98b1e633c5
7
+ data.tar.gz: 3e870080f42d925cddc479a52318d2cb8e6a9dbfd5613e8027c0c4dfd80e4f7636fa9f50cd41d3eca6f72f12bcc1cc7e5a5b2b9120223e1e6218ad8d6dcf9ca8
data/.gitignore CHANGED
@@ -1,3 +1,4 @@
1
+ /.idea
1
2
  /.yardoc
2
3
  /coverage
3
4
  /doc
@@ -1,18 +1,14 @@
1
1
  sudo: false
2
2
  dist: trusty
3
3
  language: ruby
4
- cache: bundler
4
+ cache:
5
+ bundler: true
5
6
  rvm:
6
7
  - ruby-head
7
- - 2.6.3
8
- - 2.5.5
9
- - 2.4.6
10
- - 2.3.8
11
- - 2.2.10
12
- - 2.1.10
13
- - 2.0.0
14
- - jruby-9.2.7.0
15
- - rbx-3
8
+ - 2.7
9
+ - 2.6
10
+ - 2.5
11
+ - jruby-9.2
16
12
  gemfile:
17
13
  - test/gemfiles/Gemfile.rails-6.0.x
18
14
  - test/gemfiles/Gemfile.rails-5.2.x
@@ -24,49 +20,23 @@ gemfile:
24
20
  - test/gemfiles/Gemfile.rails-4.0.x
25
21
  matrix:
26
22
  exclude:
27
- - rvm: 2.0.0
28
- gemfile: test/gemfiles/Gemfile.rails-6.0.x
29
- - rvm: 2.1.10
30
- gemfile: test/gemfiles/Gemfile.rails-6.0.x
31
- - rvm: 2.2.10
32
- gemfile: test/gemfiles/Gemfile.rails-6.0.x
33
- - rvm: 2.3.8
34
- gemfile: test/gemfiles/Gemfile.rails-6.0.x
35
- - rvm: 2.4.6
36
- gemfile: test/gemfiles/Gemfile.rails-6.0.x
37
- - rvm: 2.0.0
38
- gemfile: test/gemfiles/Gemfile.rails-5.2.x
39
- - rvm: 2.1.10
40
- gemfile: test/gemfiles/Gemfile.rails-5.2.x
41
- - rvm: 2.0.0
42
- gemfile: test/gemfiles/Gemfile.rails-5.1.x
43
- - rvm: 2.1.10
44
- gemfile: test/gemfiles/Gemfile.rails-5.1.x
45
- - rvm: 2.0.0
46
- gemfile: test/gemfiles/Gemfile.rails-5.0.x
47
- - rvm: 2.0.0
48
- gemfile: test/gemfiles/Gemfile.rails-5.0.x.erubi
49
- - rvm: 2.1.10
50
- gemfile: test/gemfiles/Gemfile.rails-5.0.x
51
- - rvm: 2.1.10
52
- gemfile: test/gemfiles/Gemfile.rails-5.0.x.erubi
53
- - rvm: 2.4.6
23
+ - rvm: 2.5
54
24
  gemfile: test/gemfiles/Gemfile.rails-4.0.x
55
- - rvm: 2.4.6
25
+ - rvm: 2.5
56
26
  gemfile: test/gemfiles/Gemfile.rails-4.1.x
57
- - rvm: 2.4.6
27
+ - rvm: 2.5
58
28
  gemfile: test/gemfiles/Gemfile.rails-4.2.x
59
- - rvm: 2.5.5
29
+ - rvm: 2.6
60
30
  gemfile: test/gemfiles/Gemfile.rails-4.0.x
61
- - rvm: 2.5.5
31
+ - rvm: 2.6
62
32
  gemfile: test/gemfiles/Gemfile.rails-4.1.x
63
- - rvm: 2.5.5
33
+ - rvm: 2.6
64
34
  gemfile: test/gemfiles/Gemfile.rails-4.2.x
65
- - rvm: 2.6.3
35
+ - rvm: 2.7
66
36
  gemfile: test/gemfiles/Gemfile.rails-4.0.x
67
- - rvm: 2.6.3
37
+ - rvm: 2.7
68
38
  gemfile: test/gemfiles/Gemfile.rails-4.1.x
69
- - rvm: 2.6.3
39
+ - rvm: 2.7
70
40
  gemfile: test/gemfiles/Gemfile.rails-4.2.x
71
41
  - rvm: ruby-head
72
42
  gemfile: test/gemfiles/Gemfile.rails-4.0.x
@@ -75,23 +45,28 @@ matrix:
75
45
  - rvm: ruby-head
76
46
  gemfile: test/gemfiles/Gemfile.rails-4.2.x
77
47
  include:
78
- - rvm: 2.6.3
48
+ - rvm: 2.7
79
49
  gemfile: test/gemfiles/Gemfile.rails-edge
80
50
  allow_failures:
81
51
  - rvm: ruby-head
82
- - rvm: rbx-3
83
52
  - gemfile: test/gemfiles/Gemfile.rails-edge
84
- - rvm: jruby-9.2.7.0
53
+ - rvm: jruby-9.2
85
54
  gemfile: test/gemfiles/Gemfile.rails-4.2.x
86
- - rvm: jruby-9.2.7.0
55
+ - rvm: jruby-9.2
87
56
  gemfile: test/gemfiles/Gemfile.rails-4.1.x
88
- - rvm: jruby-9.2.7.0
57
+ - rvm: jruby-9.2
89
58
  gemfile: test/gemfiles/Gemfile.rails-4.0.x
90
- - rvm: jruby-9.2.7.0
59
+ - rvm: jruby-9.2
91
60
  gemfile: test/gemfiles/Gemfile.rails-5.0.x.erubi
92
61
  fast_finish: true
93
62
  before_install:
94
- - gem i rubygems-update -v '<3' && update_rubygems # https://github.com/travis-ci/travis-ci/issues/8974
95
- - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
96
- - gem i bundler -v '<2'
63
+ # install older versions of rubygems and bundler only on Ruby < 2.7
64
+ - if [ `echo "${TRAVIS_RUBY_VERSION:0:3} < 2.7" | bc` == 1 ]; then gem i rubygems-update -v '<3' && update_rubygems; fi; # https://github.com/travis-ci/travis-ci/issues/8974
65
+ - if [ `echo "${TRAVIS_RUBY_VERSION:0:3} < 2.7" | bc` == 1 ]; then gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true; fi;
66
+ - if [ `echo "${TRAVIS_RUBY_VERSION:0:3} < 2.7" | bc` == 1 ]; then gem i bundler -v '<2'; fi;
67
+ - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
68
+ - chmod +x ./cc-test-reporter
69
+ - ./cc-test-reporter before-build
97
70
  script: "bundle exec rake submodules test"
71
+ after_script:
72
+ - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
@@ -1,5 +1,14 @@
1
1
  # Haml Changelog
2
2
 
3
+ ## 5.2
4
+
5
+ Released on September 28, 2020
6
+ ([diff](https://github.com/haml/haml/compare/v5.1.2...v5.2)).
7
+
8
+ * Fix crash in the attribute optimizer when `#inspect` is overridden in TrueClass / FalseClass [#972](https://github.com/haml/haml/issues/972)
9
+ * Do not HTML-escape templates that are declared to be plaintext [#1014](https://github.com/haml/haml/issues/1014) (Thanks [@cesarizu](https://github.com/cesarizu))
10
+ * Class names are no longer ordered alphabetically, and now follow a new specification as laid out in REFERENCE [#306](https://github.com/haml/haml/issues/306)
11
+
3
12
  ## 5.1.2
4
13
 
5
14
  Released on August 6, 2019
data/Gemfile CHANGED
@@ -3,6 +3,7 @@ gemspec
3
3
 
4
4
  gem "m"
5
5
  gem "pry"
6
+ gem "simplecov"
6
7
 
7
8
  group :docs do
8
9
  gem "yard"
@@ -13,7 +14,3 @@ end
13
14
  platform :mri do
14
15
  gem "ruby-prof"
15
16
  end
16
-
17
- platform :mri_21 do
18
- gem "simplecov"
19
- end
data/README.md CHANGED
@@ -1,9 +1,8 @@
1
1
  # Haml
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/haml.svg)](http://rubygems.org/gems/haml)
4
- [![Build Status](https://travis-ci.org/haml/haml.svg?branch=master)](http://travis-ci.org/haml/haml)
4
+ [![Build Status](https://travis-ci.org/haml/haml.svg?branch=main)](http://travis-ci.org/haml/haml)
5
5
  [![Code Climate](https://codeclimate.com/github/haml/haml/badges/gpa.svg)](https://codeclimate.com/github/haml/haml)
6
- [![Coverage Status](http://img.shields.io/coveralls/haml/haml.svg)](https://coveralls.io/r/haml/haml)
7
6
  [![Inline docs](http://inch-ci.org/github/haml/haml.png)](http://inch-ci.org/github/haml/haml)
8
7
 
9
8
  Haml is a templating engine for HTML. It's designed to make it both easier and
@@ -32,7 +31,7 @@ to compile it to HTML. For more information on these commands, check out
32
31
  haml --help
33
32
  ~~~
34
33
 
35
- To use Haml programatically, check out the [YARD documentation](http://haml.info/docs/yardoc/).
34
+ To use Haml programmatically, check out the [YARD documentation](http://haml.info/docs/yardoc/).
36
35
 
37
36
  ## Using Haml with Rails
38
37
 
@@ -517,6 +517,24 @@ and is compiled to:
517
517
  </div>
518
518
  </div>
519
519
 
520
+ #### Class Name Merging and Ordering
521
+
522
+ Class names are ordered in the following way:
523
+
524
+ 1) Tag identifiers in order (aka, ".alert.me" => "alert me")
525
+ 2) Classes appearing in HTML-style attributes
526
+ 3) Classes appearing in Hash-style attributes
527
+
528
+ For instance, this is a complicated and unintuitive test case illustrating the ordering
529
+
530
+ .foo.moo{:class => ['bar', 'alpha']}(class='baz')
531
+
532
+ The resulting HTML would be as follows:
533
+
534
+ <div class='foo moo baz bar alpha'></div>
535
+
536
+ *Versions of Haml prior to 5.0 would alphabetically sort class names.*
537
+
520
538
  ### Empty (void) Tags: `/`
521
539
 
522
540
  The forward slash character, when placed at the end of a tag definition, causes
@@ -853,7 +871,7 @@ is compiled to:
853
871
 
854
872
  ## Ruby Evaluation
855
873
 
856
- ### Inserting Ruby: `=`
874
+ ### Inserting Ruby: `=` {#inserting_ruby}
857
875
 
858
876
  The equals character is followed by Ruby code. This code is evaluated and the
859
877
  output is inserted into the document. For example:
@@ -1323,7 +1341,7 @@ that just need a lot of template information.
1323
1341
  So data structures and functions that require lots of arguments
1324
1342
  can be wrapped over multiple lines,
1325
1343
  as long as each line but the last ends in a comma
1326
- (see [Inserting Ruby](#inserting_ruby_)).
1344
+ (see [Inserting Ruby](#inserting_ruby)).
1327
1345
 
1328
1346
  ## Whitespace Preservation
1329
1347
 
data/Rakefile CHANGED
@@ -14,7 +14,7 @@ isolated_test = Rake::TestTask.new do |t|
14
14
  end
15
15
  Rake::TestTask.new do |t|
16
16
  t.libs << 'test'
17
- t.test_files = Dir['test/*_test.rb'] + Dir['test/haml-spec/*_test.rb'] - isolated_test.file_list
17
+ t.test_files = Dir['test/*_test.rb'] + Dir['test/haml-spec/*_test.rb'] + Dir['test/cases/*_test.rb'] - isolated_test.file_list
18
18
  t.warning = true
19
19
  t.verbose = true
20
20
  end
@@ -26,13 +26,6 @@ task :benchmark do
26
26
  sh "ruby benchmark.rb #{ENV['TIMES']}"
27
27
  end
28
28
 
29
- task :set_coverage_env do
30
- ENV["COVERAGE"] = "true"
31
- end
32
-
33
- desc "Run Simplecov"
34
- task :coverage => [:set_coverage_env, :test]
35
-
36
29
  task :submodules do
37
30
  if File.exist?(File.dirname(__FILE__) + "/.git")
38
31
  sh %{git submodule sync}
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
16
16
  spec.license = "MIT"
17
17
  spec.metadata = {
18
18
  "bug_tracker_uri" => "https://github.com/haml/haml/issues",
19
- "changelog_uri" => "https://github.com/haml/haml/blob/master/CHANGELOG.md",
19
+ "changelog_uri" => "https://github.com/haml/haml/blob/main/CHANGELOG.md",
20
20
  "documentation_uri" => "http://haml.info/docs.html",
21
21
  "homepage_uri" => "http://haml.info",
22
22
  "mailing_list_uri" => "https://groups.google.com/forum/?fromgroups#!forum/haml",
@@ -32,6 +32,7 @@ Gem::Specification.new do |spec|
32
32
  spec.add_development_dependency 'rbench'
33
33
  spec.add_development_dependency 'minitest', '>= 4.0'
34
34
  spec.add_development_dependency 'nokogiri'
35
+ spec.add_development_dependency 'simplecov', '0.17.1' # Locked to this version due to https://github.com/codeclimate/test-reporter/issues/418
35
36
 
36
37
  spec.description = <<-END
37
38
  Haml (HTML Abstraction Markup Language) is a layer on top of HTML or XML that's
@@ -36,9 +36,9 @@ module Haml
36
36
 
37
37
  value =
38
38
  if escape_attrs == :once
39
- Haml::Helpers.escape_once(value.to_s)
39
+ Haml::Helpers.escape_once_without_haml_xss(value.to_s)
40
40
  elsif escape_attrs
41
- Haml::Helpers.html_escape(value.to_s)
41
+ Haml::Helpers.html_escape_without_haml_xss(value.to_s)
42
42
  else
43
43
  value.to_s
44
44
  end
@@ -126,7 +126,7 @@ module Haml
126
126
  elsif key == 'class'
127
127
  merged_class = filter_and_join(from, ' ')
128
128
  if to && merged_class
129
- merged_class = (merged_class.split(' ') | to.split(' ')).sort.join(' ')
129
+ merged_class = (to.split(' ') | merged_class.split(' ')).join(' ')
130
130
  elsif to || merged_class
131
131
  merged_class ||= to
132
132
  end
@@ -7,27 +7,7 @@ module Haml
7
7
  # @param type [Symbol] :static or :dynamic
8
8
  # @param key [String]
9
9
  # @param value [String] Actual string value for :static type, value's Ruby literal for :dynamic type.
10
- AttributeValue = Struct.new(:type, :key, :value) do
11
- # @return [String] A Ruby literal of value.
12
- def to_literal
13
- case type
14
- when :static
15
- Haml::Util.inspect_obj(value)
16
- when :dynamic
17
- value
18
- end
19
- end
20
- end
21
-
22
- # Returns a script to render attributes on runtime.
23
- #
24
- # @param attributes [Hash]
25
- # @param object_ref [String,:nil]
26
- # @param dynamic_attributes [DynamicAttributes]
27
- # @return [String] Attributes rendering code
28
- def self.runtime_build(attributes, object_ref, dynamic_attributes)
29
- "_hamlout.attributes(#{Haml::Util.inspect_obj(attributes)}, #{object_ref},#{dynamic_attributes.to_literal})"
30
- end
10
+ AttributeValue = Struct.new(:type, :key, :value)
31
11
 
32
12
  # @param options [Haml::Options]
33
13
  def initialize(options)
@@ -41,16 +21,16 @@ module Haml
41
21
  #
42
22
  # @param attributes [Hash]
43
23
  # @param object_ref [String,:nil]
44
- # @param dynamic_attributes [DynamicAttributes]
24
+ # @param dynamic_attributes [Haml::Parser::DynamicAttributes]
45
25
  # @return [Array] Temple expression
46
26
  def compile(attributes, object_ref, dynamic_attributes)
47
27
  if object_ref != :nil || !AttributeParser.available?
48
- return [:dynamic, AttributeCompiler.runtime_build(attributes, object_ref, dynamic_attributes)]
28
+ return [:dynamic, compile_runtime_build(attributes, object_ref, dynamic_attributes)]
49
29
  end
50
30
 
51
31
  parsed_hashes = [dynamic_attributes.new, dynamic_attributes.old].compact.map do |attribute_hash|
52
32
  unless (hash = AttributeParser.parse(attribute_hash))
53
- return [:dynamic, AttributeCompiler.runtime_build(attributes, object_ref, dynamic_attributes)]
33
+ return [:dynamic, compile_runtime_build(attributes, object_ref, dynamic_attributes)]
54
34
  end
55
35
  hash
56
36
  end
@@ -64,6 +44,16 @@ module Haml
64
44
 
65
45
  private
66
46
 
47
+ # Returns a script to render attributes on runtime.
48
+ #
49
+ # @param attributes [Hash]
50
+ # @param object_ref [String,:nil]
51
+ # @param dynamic_attributes [Haml::Parser::DynamicAttributes]
52
+ # @return [String] Attributes rendering code
53
+ def compile_runtime_build(attributes, object_ref, dynamic_attributes)
54
+ "_hamlout.attributes(#{to_literal(attributes)}, #{object_ref}, #{dynamic_attributes.to_literal})"
55
+ end
56
+
67
57
  # Build array of grouped values whose sort order may go back and forth, which is also sorted with key name.
68
58
  # This method needs to group values with the same start because it can be changed in `Haml::AttributeBuidler#build_data_keys`.
69
59
  # @param values [Array<Haml::AttributeCompiler::AttributeValue>]
@@ -130,7 +120,7 @@ module Haml
130
120
 
131
121
  arguments = [@is_html, @attr_wrapper, @escape_attrs, @hyphenate_data_attrs]
132
122
  code = "::Haml::AttributeBuilder.build_attributes"\
133
- "(#{arguments.map { |a| Haml::Util.inspect_obj(a) }.join(', ')}, { #{hash_content} })"
123
+ "(#{arguments.map(&method(:to_literal)).join(', ')}, { #{hash_content} })"
134
124
  [:static, eval(code).to_s]
135
125
  end
136
126
 
@@ -139,16 +129,16 @@ module Haml
139
129
  # @return [String]
140
130
  def merged_value(key, values)
141
131
  if values.size == 1
142
- values.first.to_literal
132
+ attr_literal(values.first)
143
133
  else
144
- "::Haml::AttributeBuilder.merge_values(#{frozen_string(key)}, #{values.map(&:to_literal).join(', ')})"
134
+ "::Haml::AttributeBuilder.merge_values(#{frozen_string(key)}, #{values.map(&method(:attr_literal)).join(', ')})"
145
135
  end
146
136
  end
147
137
 
148
138
  # @param str [String]
149
139
  # @return [String]
150
140
  def frozen_string(str)
151
- "#{Haml::Util.inspect_obj(str)}.freeze"
141
+ "#{to_literal(str)}.freeze"
152
142
  end
153
143
 
154
144
  # Compiles attribute values for one key to Temple expression that generates ` key='value'`.
@@ -157,7 +147,7 @@ module Haml
157
147
  # @param values [Array<AttributeValue>]
158
148
  # @return [Array] Temple expression
159
149
  def compile_attribute(key, values)
160
- if values.all? { |v| Temple::StaticAnalyzer.static?(v.to_literal) }
150
+ if values.all? { |v| Temple::StaticAnalyzer.static?(attr_literal(v)) }
161
151
  return static_build(values)
162
152
  end
163
153
 
@@ -181,7 +171,7 @@ module Haml
181
171
  ['false, nil', [:multi]],
182
172
  [:else, [:multi,
183
173
  [:static, " #{id_or_class}=#{@attr_wrapper}"],
184
- [:escape, @escape_attrs, [:dynamic, var]],
174
+ [:escape, Escapable::EscapeSafeBuffer.new(@escape_attrs), [:dynamic, var]],
185
175
  [:static, @attr_wrapper]],
186
176
  ]
187
177
  ],
@@ -201,7 +191,7 @@ module Haml
201
191
  ['false, nil', [:multi]],
202
192
  [:else, [:multi,
203
193
  [:static, " #{key}=#{@attr_wrapper}"],
204
- [:escape, @escape_attrs, [:dynamic, var]],
194
+ [:escape, Escapable::EscapeSafeBuffer.new(@escape_attrs), [:dynamic, var]],
205
195
  [:static, @attr_wrapper]],
206
196
  ]
207
197
  ],
@@ -220,5 +210,26 @@ module Haml
220
210
  @unique_name ||= 0
221
211
  "_haml_attribute_compiler#{@unique_name += 1}"
222
212
  end
213
+
214
+ # @param [Haml::AttributeCompiler::AttributeValue] attr
215
+ def attr_literal(attr)
216
+ case attr.type
217
+ when :static
218
+ to_literal(attr.value)
219
+ when :dynamic
220
+ attr.value
221
+ end
222
+ end
223
+
224
+ # For haml/haml#972
225
+ # @param [Object] value
226
+ def to_literal(value)
227
+ case value
228
+ when true, false
229
+ value.to_s
230
+ else
231
+ Haml::Util.inspect_obj(value)
232
+ end
233
+ end
223
234
  end
224
235
  end
@@ -4,30 +4,31 @@ module Haml
4
4
  # Like Temple::Filters::Escapable, but with support for escaping by
5
5
  # Haml::Herlpers.html_escape and Haml::Herlpers.escape_once.
6
6
  class Escapable < Temple::Filter
7
+ # Special value of `flag` to ignore html_safe?
8
+ EscapeSafeBuffer = Struct.new(:value)
9
+
7
10
  def initialize(*)
8
11
  super
9
- @escape_code = "::Haml::Helpers.html_escape((%s))"
10
- @escaper = eval("proc {|v| #{@escape_code % 'v'} }")
11
- @once_escape_code = "::Haml::Helpers.escape_once((%s))"
12
- @once_escaper = eval("proc {|v| #{@once_escape_code % 'v'} }")
13
12
  @escape = false
13
+ @escape_safe_buffer = false
14
14
  end
15
15
 
16
16
  def on_escape(flag, exp)
17
- old = @escape
18
- @escape = flag
17
+ old_escape, old_escape_safe_buffer = @escape, @escape_safe_buffer
18
+ @escape_safe_buffer = flag.is_a?(EscapeSafeBuffer)
19
+ @escape = @escape_safe_buffer ? flag.value : flag
19
20
  compile(exp)
20
21
  ensure
21
- @escape = old
22
+ @escape, @escape_safe_buffer = old_escape, old_escape_safe_buffer
22
23
  end
23
24
 
24
25
  # The same as Haml::AttributeBuilder.build_attributes
25
26
  def on_static(value)
26
27
  [:static,
27
28
  if @escape == :once
28
- @once_escaper[value]
29
+ escape_once(value)
29
30
  elsif @escape
30
- @escaper[value]
31
+ escape(value)
31
32
  else
32
33
  value
33
34
  end
@@ -38,13 +39,39 @@ module Haml
38
39
  def on_dynamic(value)
39
40
  [:dynamic,
40
41
  if @escape == :once
41
- @once_escape_code % value
42
+ escape_once_code(value)
42
43
  elsif @escape
43
- @escape_code % value
44
+ escape_code(value)
44
45
  else
45
46
  "(#{value}).to_s"
46
47
  end
47
48
  ]
48
49
  end
50
+
51
+ private
52
+
53
+ def escape_once(value)
54
+ if @escape_safe_buffer
55
+ ::Haml::Helpers.escape_once_without_haml_xss(value)
56
+ else
57
+ ::Haml::Helpers.escape_once(value)
58
+ end
59
+ end
60
+
61
+ def escape(value)
62
+ if @escape_safe_buffer
63
+ ::Haml::Helpers.html_escape_without_haml_xss(value)
64
+ else
65
+ ::Haml::Helpers.html_escape(value)
66
+ end
67
+ end
68
+
69
+ def escape_once_code(value)
70
+ "::Haml::Helpers.escape_once#{('_without_haml_xss' if @escape_safe_buffer)}((#{value}))"
71
+ end
72
+
73
+ def escape_code(value)
74
+ "::Haml::Helpers.html_escape#{('_without_haml_xss' if @escape_safe_buffer)}((#{value}))"
75
+ end
49
76
  end
50
77
  end
@@ -607,9 +607,12 @@ MESSAGE
607
607
  # @param text [String] The string to sanitize
608
608
  # @return [String] The sanitized string
609
609
  def html_escape(text)
610
- ERB::Util.html_escape(text)
610
+ CGI.escapeHTML(text.to_s)
611
611
  end
612
612
 
613
+ # Always escape text regardless of html_safe?
614
+ alias_method :html_escape_without_haml_xss, :html_escape
615
+
613
616
  HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
614
617
 
615
618
  # Escapes HTML entities in `text`, but without escaping an ampersand
@@ -622,6 +625,9 @@ MESSAGE
622
625
  text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
623
626
  end
624
627
 
628
+ # Always escape text once regardless of html_safe?
629
+ alias_method :escape_once_without_haml_xss, :escape_once
630
+
625
631
  # Returns whether or not the current template is a Haml template.
626
632
  #
627
633
  # This function, unlike other {Haml::Helpers} functions,
@@ -8,12 +8,15 @@ module Haml
8
8
  # to work with Rails' XSS protection methods.
9
9
  module XssMods
10
10
  def self.included(base)
11
- %w[html_escape find_and_preserve preserve list_of surround
12
- precede succeed capture_haml haml_concat haml_internal_concat haml_indent
13
- escape_once].each do |name|
11
+ %w[find_and_preserve preserve list_of surround
12
+ precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
14
13
  base.send(:alias_method, "#{name}_without_haml_xss", name)
15
14
  base.send(:alias_method, name, "#{name}_with_haml_xss")
16
15
  end
16
+ # Those two always have _without_haml_xss
17
+ %w[html_escape escape_once].each do |name|
18
+ base.send(:alias_method, name, "#{name}_with_haml_xss")
19
+ end
17
20
  end
18
21
 
19
22
  # Don't escape text that's already safe,
@@ -307,7 +307,7 @@ module Haml
307
307
  return ParseNode.new(:plain, line.index + 1, :text => line.text)
308
308
  end
309
309
 
310
- escape_html = @options.escape_html if escape_html.nil?
310
+ escape_html = @options.escape_html && @options.mime_type != 'text/plain' if escape_html.nil?
311
311
  line.text = unescape_interpolation(line.text, escape_html)
312
312
  script(line, false)
313
313
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Haml
4
- VERSION = "5.1.2"
4
+ VERSION = "5.2.0"
5
5
  end
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: haml
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.2
4
+ version: 5.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Natalie Weizenbaum
8
8
  - Hampton Catlin
9
9
  - Norman Clarke
10
10
  - Akira Matsuda
11
- autorequire:
11
+ autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2019-08-06 00:00:00.000000000 Z
14
+ date: 2020-09-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: temple
@@ -97,6 +97,20 @@ dependencies:
97
97
  - - ">="
98
98
  - !ruby/object:Gem::Version
99
99
  version: '0'
100
+ - !ruby/object:Gem::Dependency
101
+ name: simplecov
102
+ requirement: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - '='
105
+ - !ruby/object:Gem::Version
106
+ version: 0.17.1
107
+ type: :development
108
+ prerelease: false
109
+ version_requirements: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - '='
112
+ - !ruby/object:Gem::Version
113
+ version: 0.17.1
100
114
  description: |
101
115
  Haml (HTML Abstraction Markup Language) is a layer on top of HTML or XML that's
102
116
  designed to express the structure of documents in a non-repetitive, elegant, and
@@ -165,12 +179,12 @@ licenses:
165
179
  - MIT
166
180
  metadata:
167
181
  bug_tracker_uri: https://github.com/haml/haml/issues
168
- changelog_uri: https://github.com/haml/haml/blob/master/CHANGELOG.md
182
+ changelog_uri: https://github.com/haml/haml/blob/main/CHANGELOG.md
169
183
  documentation_uri: http://haml.info/docs.html
170
184
  homepage_uri: http://haml.info
171
185
  mailing_list_uri: https://groups.google.com/forum/?fromgroups#!forum/haml
172
186
  source_code_uri: https://github.com/haml/haml
173
- post_install_message:
187
+ post_install_message:
174
188
  rdoc_options: []
175
189
  require_paths:
176
190
  - lib
@@ -185,8 +199,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
185
199
  - !ruby/object:Gem::Version
186
200
  version: '0'
187
201
  requirements: []
188
- rubygems_version: 3.0.3
189
- signing_key:
202
+ rubygems_version: 3.1.4
203
+ signing_key:
190
204
  specification_version: 4
191
205
  summary: An elegant, structured (X)HTML/XML templating engine.
192
206
  test_files: []