haml 3.1.4 → 3.1.5.beta.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of haml might be problematic. Click here for more details.

data/REVISION CHANGED
@@ -1 +1 @@
1
- (release)
1
+ 7c864da762750d6a6e0a3217f8f689543732b86a
data/Rakefile CHANGED
@@ -103,7 +103,7 @@ end
103
103
  # Ensures that the VERSION file has been updated for a new release.
104
104
  task :check_release do
105
105
  version = File.read(scope("VERSION")).strip
106
- #raise "There have been changes since current version (#{version})" if changed_since?(version)
106
+ raise "There have been changes since current version (#{version})" if changed_since?(version)
107
107
  raise "VERSION_NAME must not be 'Bleeding Edge'" if File.read(scope("VERSION_NAME")) == "Bleeding Edge"
108
108
  end
109
109
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.1.4
1
+ 3.1.5.beta.1
@@ -372,7 +372,7 @@ END
372
372
  if escape_attrs == :once
373
373
  Haml::Helpers.escape_once(value.to_s)
374
374
  elsif escape_attrs
375
- CGI.escapeHTML(value.to_s)
375
+ Haml::Helpers.html_escape(value.to_s)
376
376
  else
377
377
  value.to_s
378
378
  end
@@ -256,3 +256,5 @@ module ActionView
256
256
  end
257
257
  end
258
258
  end
259
+
260
+ require "haml/helpers/rails_323_textarea_fix" if Haml::Util.ap_geq?("3.2.3")
@@ -0,0 +1,49 @@
1
+ # Rails 3.2.3's form helpers add a newline after opening textareas, which can
2
+ # cause problems with newlines being considered content rather than markup.
3
+ # These changes fix the issue by making the helpers emit "<haml:newline/>"
4
+ # rather than the leading newline. The tag is then replaced by a newline after
5
+ # rendering.
6
+ #
7
+ # This should be considered nothing more than an emergency hotfix to ensure
8
+ # compatibility with the latest version of Rails, made at a moment when the Haml
9
+ # project is transitioning to a new maintainer.
10
+
11
+ module AbstractController
12
+ module Rendering
13
+ def render_to_body_with_haml(options = {})
14
+ if rendered = render_to_body_without_haml(options)
15
+ rendered.gsub('<haml:newline/>', "\n").html_safe
16
+ end
17
+ end
18
+ alias_method_chain :render_to_body, :haml
19
+ end
20
+ end
21
+
22
+ module ActionView
23
+
24
+ class Renderer
25
+ def render_template_with_haml(context, options)
26
+ if rendered = render_template_without_haml(context, options)
27
+ rendered.gsub('<haml:newline/>', "\n").html_safe
28
+ end
29
+ end
30
+ alias_method_chain :render_template, :haml
31
+ end
32
+
33
+ module Helpers
34
+ module TagHelper
35
+ private
36
+
37
+ def content_tag_string_with_haml(name, content, options, escape = true)
38
+ if name.to_sym == :textarea
39
+ tag_options = tag_options(options, escape) if options
40
+ content = ERB::Util.h(content) if escape
41
+ "<#{name}#{tag_options}><haml:newline/>#{content}</#{name}>".html_safe
42
+ else
43
+ content_tag_string_without_haml(name, content, options, escape)
44
+ end
45
+ end
46
+ alias_method_chain :content_tag_string, :haml
47
+ end
48
+ end
49
+ end
@@ -1,52 +1,50 @@
1
1
  GEM
2
2
  remote: http://rubygems.org/
3
3
  specs:
4
- actionmailer (3.1.0)
5
- actionpack (= 3.1.0)
4
+ actionmailer (3.1.4)
5
+ actionpack (= 3.1.4)
6
6
  mail (~> 2.3.0)
7
- actionpack (3.1.0)
8
- activemodel (= 3.1.0)
9
- activesupport (= 3.1.0)
7
+ actionpack (3.1.4)
8
+ activemodel (= 3.1.4)
9
+ activesupport (= 3.1.4)
10
10
  builder (~> 3.0.0)
11
11
  erubis (~> 2.7.0)
12
12
  i18n (~> 0.6)
13
- rack (~> 1.3.2)
14
- rack-cache (~> 1.0.3)
13
+ rack (~> 1.3.6)
14
+ rack-cache (~> 1.1)
15
15
  rack-mount (~> 0.8.2)
16
16
  rack-test (~> 0.6.1)
17
- sprockets (~> 2.0.0)
18
- activemodel (3.1.0)
19
- activesupport (= 3.1.0)
20
- bcrypt-ruby (~> 3.0.0)
17
+ sprockets (~> 2.0.3)
18
+ activemodel (3.1.4)
19
+ activesupport (= 3.1.4)
21
20
  builder (~> 3.0.0)
22
21
  i18n (~> 0.6)
23
- activerecord (3.1.0)
24
- activemodel (= 3.1.0)
25
- activesupport (= 3.1.0)
26
- arel (~> 2.2.1)
22
+ activerecord (3.1.4)
23
+ activemodel (= 3.1.4)
24
+ activesupport (= 3.1.4)
25
+ arel (~> 2.2.3)
27
26
  tzinfo (~> 0.3.29)
28
- activeresource (3.1.0)
29
- activemodel (= 3.1.0)
30
- activesupport (= 3.1.0)
31
- activesupport (3.1.0)
27
+ activeresource (3.1.4)
28
+ activemodel (= 3.1.4)
29
+ activesupport (= 3.1.4)
30
+ activesupport (3.1.4)
32
31
  multi_json (~> 1.0)
33
- arel (2.2.1)
34
- bcrypt-ruby (3.0.1)
32
+ arel (2.2.3)
35
33
  builder (3.0.0)
36
34
  erubis (2.7.0)
37
35
  hike (1.2.1)
38
- hpricot (0.8.4)
36
+ hpricot (0.8.6)
39
37
  i18n (0.6.0)
40
- json (1.6.1)
41
- mail (2.3.0)
38
+ json (1.6.6)
39
+ mail (2.3.3)
42
40
  i18n (>= 0.4.0)
43
41
  mime-types (~> 1.16)
44
42
  treetop (~> 1.4.8)
45
- mime-types (1.16)
46
- multi_json (1.0.3)
47
- polyglot (0.3.2)
48
- rack (1.3.3)
49
- rack-cache (1.0.3)
43
+ mime-types (1.18)
44
+ multi_json (1.2.0)
45
+ polyglot (0.3.3)
46
+ rack (1.3.6)
47
+ rack-cache (1.2)
50
48
  rack (>= 0.4)
51
49
  rack-mount (0.8.3)
52
50
  rack (>= 1.0.0)
@@ -54,37 +52,38 @@ GEM
54
52
  rack
55
53
  rack-test (0.6.1)
56
54
  rack (>= 1.0)
57
- rails (3.1.0)
58
- actionmailer (= 3.1.0)
59
- actionpack (= 3.1.0)
60
- activerecord (= 3.1.0)
61
- activeresource (= 3.1.0)
62
- activesupport (= 3.1.0)
55
+ rails (3.1.4)
56
+ actionmailer (= 3.1.4)
57
+ actionpack (= 3.1.4)
58
+ activerecord (= 3.1.4)
59
+ activeresource (= 3.1.4)
60
+ activesupport (= 3.1.4)
63
61
  bundler (~> 1.0)
64
- railties (= 3.1.0)
65
- railties (3.1.0)
66
- actionpack (= 3.1.0)
67
- activesupport (= 3.1.0)
62
+ railties (= 3.1.4)
63
+ railties (3.1.4)
64
+ actionpack (= 3.1.4)
65
+ activesupport (= 3.1.4)
68
66
  rack-ssl (~> 1.3.2)
69
67
  rake (>= 0.8.7)
70
68
  rdoc (~> 3.4)
71
69
  thor (~> 0.14.6)
72
- rake (0.9.2)
73
- rdoc (3.9.4)
74
- ruby_parser (2.3.0)
70
+ rake (0.9.2.2)
71
+ rdoc (3.12)
72
+ json (~> 1.4)
73
+ ruby_parser (2.3.1)
75
74
  sexp_processor (~> 3.0)
76
- sass (3.1.7)
77
- sexp_processor (3.0.6)
78
- sprockets (2.0.0)
75
+ sass (3.1.15)
76
+ sexp_processor (3.1.0)
77
+ sprockets (2.0.3)
79
78
  hike (~> 1.2)
80
79
  rack (~> 1.0)
81
- tilt (!= 1.3.0, ~> 1.1)
80
+ tilt (~> 1.1, != 1.3.0)
82
81
  thor (0.14.6)
83
82
  tilt (1.3.3)
84
83
  treetop (1.4.10)
85
84
  polyglot
86
85
  polyglot (>= 0.3.1)
87
- tzinfo (0.3.29)
86
+ tzinfo (0.3.33)
88
87
 
89
88
  PLATFORMS
90
89
  ruby
@@ -0,0 +1,8 @@
1
+ source :rubygems
2
+
3
+ gem 'json'
4
+ gem 'ruby_parser'
5
+ gem 'hpricot'
6
+ gem 'erubis'
7
+ gem 'sass'
8
+ gem 'rails', '>= 3.2.0', '< 3.3.0'
@@ -0,0 +1,95 @@
1
+ GEM
2
+ remote: http://rubygems.org/
3
+ specs:
4
+ actionmailer (3.2.3)
5
+ actionpack (= 3.2.3)
6
+ mail (~> 2.4.4)
7
+ actionpack (3.2.3)
8
+ activemodel (= 3.2.3)
9
+ activesupport (= 3.2.3)
10
+ builder (~> 3.0.0)
11
+ erubis (~> 2.7.0)
12
+ journey (~> 1.0.1)
13
+ rack (~> 1.4.0)
14
+ rack-cache (~> 1.2)
15
+ rack-test (~> 0.6.1)
16
+ sprockets (~> 2.1.2)
17
+ activemodel (3.2.3)
18
+ activesupport (= 3.2.3)
19
+ builder (~> 3.0.0)
20
+ activerecord (3.2.3)
21
+ activemodel (= 3.2.3)
22
+ activesupport (= 3.2.3)
23
+ arel (~> 3.0.2)
24
+ tzinfo (~> 0.3.29)
25
+ activeresource (3.2.3)
26
+ activemodel (= 3.2.3)
27
+ activesupport (= 3.2.3)
28
+ activesupport (3.2.3)
29
+ i18n (~> 0.6)
30
+ multi_json (~> 1.0)
31
+ arel (3.0.2)
32
+ builder (3.0.0)
33
+ erubis (2.7.0)
34
+ hike (1.2.1)
35
+ hpricot (0.8.6)
36
+ i18n (0.6.0)
37
+ journey (1.0.3)
38
+ json (1.6.6)
39
+ mail (2.4.4)
40
+ i18n (>= 0.4.0)
41
+ mime-types (~> 1.16)
42
+ treetop (~> 1.4.8)
43
+ mime-types (1.18)
44
+ multi_json (1.2.0)
45
+ polyglot (0.3.3)
46
+ rack (1.4.1)
47
+ rack-cache (1.2)
48
+ rack (>= 0.4)
49
+ rack-ssl (1.3.2)
50
+ rack
51
+ rack-test (0.6.1)
52
+ rack (>= 1.0)
53
+ rails (3.2.3)
54
+ actionmailer (= 3.2.3)
55
+ actionpack (= 3.2.3)
56
+ activerecord (= 3.2.3)
57
+ activeresource (= 3.2.3)
58
+ activesupport (= 3.2.3)
59
+ bundler (~> 1.0)
60
+ railties (= 3.2.3)
61
+ railties (3.2.3)
62
+ actionpack (= 3.2.3)
63
+ activesupport (= 3.2.3)
64
+ rack-ssl (~> 1.3.2)
65
+ rake (>= 0.8.7)
66
+ rdoc (~> 3.4)
67
+ thor (~> 0.14.6)
68
+ rake (0.9.2.2)
69
+ rdoc (3.12)
70
+ json (~> 1.4)
71
+ ruby_parser (2.3.1)
72
+ sexp_processor (~> 3.0)
73
+ sass (3.1.15)
74
+ sexp_processor (3.1.0)
75
+ sprockets (2.1.2)
76
+ hike (~> 1.2)
77
+ rack (~> 1.0)
78
+ tilt (~> 1.1, != 1.3.0)
79
+ thor (0.14.6)
80
+ tilt (1.3.3)
81
+ treetop (1.4.10)
82
+ polyglot
83
+ polyglot (>= 0.3.1)
84
+ tzinfo (0.3.33)
85
+
86
+ PLATFORMS
87
+ ruby
88
+
89
+ DEPENDENCIES
90
+ erubis
91
+ hpricot
92
+ json
93
+ rails (>= 3.2.0, < 3.3.0)
94
+ ruby_parser
95
+ sass
@@ -133,17 +133,30 @@ HTML
133
133
  HAML
134
134
  end
135
135
 
136
- def test_text_area
137
- assert_equal(%(<textarea id="body" name="body">Foo&#x000A;Bar&#x000A; Baz&#x000A; Boom</textarea>\n),
138
- render('= text_area_tag "body", "Foo\nBar\n Baz\n Boom"', :action_view))
136
+ if Haml::Util.ap_geq?("3.2.3")
137
+ def test_text_area
138
+ assert_equal(%(<textarea id="body" name="body">\nFoo&#x000A;Bar&#x000A; Baz&#x000A; Boom</textarea>\n),
139
+ render('= text_area_tag "body", "Foo\nBar\n Baz\n Boom"', :action_view))
139
140
 
140
- assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">Foo bar&#x000A;baz</textarea>\n),
141
- render('= text_area :post, :body', :action_view))
141
+ assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">\nFoo bar&#x000A;baz</textarea>\n),
142
+ render('= text_area :post, :body', :action_view))
142
143
 
143
- assert_equal(%(<pre>Foo bar&#x000A; baz</pre>\n),
144
- render('= content_tag "pre", "Foo bar\n baz"', :action_view))
144
+ assert_equal(%(<pre>Foo bar&#x000A; baz</pre>\n),
145
+ render('= content_tag "pre", "Foo bar\n baz"', :action_view))
146
+ end
147
+ else
148
+ def test_text_area
149
+ assert_equal(%(<textarea id="body" name="body">Foo&#x000A;Bar&#x000A; Baz&#x000A; Boom</textarea>\n),
150
+ render('= text_area_tag "body", "Foo\nBar\n Baz\n Boom"', :action_view))
151
+
152
+ assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">Foo bar&#x000A;baz</textarea>\n),
153
+ render('= text_area :post, :body', :action_view))
154
+
155
+ assert_equal(%(<pre>Foo bar&#x000A; baz</pre>\n),
156
+ render('= content_tag "pre", "Foo bar\n baz"', :action_view))
157
+ end
145
158
  end
146
-
159
+
147
160
  def test_capture_haml
148
161
  assert_equal(<<HTML, render(<<HAML))
149
162
  "<p>13</p>\\n"
@@ -339,6 +339,14 @@ HAML
339
339
  assert_equal("Foo &amp; Bar\n", render('Foo #{"&"} Bar', :action_view))
340
340
  end
341
341
 
342
+ def test_xss_protection_in_attributes
343
+ assert_equal("<div data-html='&lt;foo&gt;bar&lt;/foo&gt;'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>" }', :action_view))
344
+ end
345
+
346
+ def test_xss_protection_in_attributes_with_safe_strings
347
+ assert_equal("<div data-html='<foo>bar</foo>'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>".html_safe }', :action_view))
348
+ end
349
+
342
350
  def test_xss_protection_with_bang_in_interpolation
343
351
  assert_equal("Foo & Bar\n", render('! Foo #{"&"} Bar', :action_view))
344
352
  end
metadata CHANGED
@@ -1,22 +1,25 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: haml
3
3
  version: !ruby/object:Gem::Version
4
- hash: 11
5
- prerelease: false
4
+ hash: 62196473
5
+ prerelease: true
6
6
  segments:
7
7
  - 3
8
8
  - 1
9
- - 4
10
- version: 3.1.4
9
+ - 5
10
+ - beta
11
+ - 1
12
+ version: 3.1.5.beta.1
11
13
  platform: ruby
12
14
  authors:
13
15
  - Nathan Weizenbaum
14
16
  - Hampton Catlin
17
+ - Norman Clarke
15
18
  autorequire:
16
19
  bindir: bin
17
20
  cert_chain: []
18
21
 
19
- date: 2011-11-28 00:00:00 -08:00
22
+ date: 2012-04-27 00:00:00 -07:00
20
23
  default_executable:
21
24
  dependencies:
22
25
  - !ruby/object:Gem::Dependency
@@ -52,7 +55,9 @@ dependencies:
52
55
  type: :development
53
56
  version_requirements: *id002
54
57
  description: " Haml (HTML Abstraction Markup Language) is a layer on top of XHTML or XML\n that's designed to express the structure of XHTML or XML documents\n in a non-repetitive, elegant, easy way,\n using indentation rather than closing tags\n and allowing Ruby to be embedded with ease.\n It was originally envisioned as a plugin for Ruby on Rails,\n but it can function as a stand-alone templating engine.\n"
55
- email: haml@googlegroups.com
58
+ email:
59
+ - haml@googlegroups.com
60
+ - norman@njclarke.com
56
61
  executables:
57
62
  - haml
58
63
  - html2haml
@@ -67,6 +72,7 @@ files:
67
72
  - lib/haml/helpers/action_view_mods.rb
68
73
  - lib/haml/helpers/action_view_extensions.rb
69
74
  - lib/haml/helpers/xss_mods.rb
75
+ - lib/haml/helpers/rails_323_textarea_fix.rb
70
76
  - lib/haml/parser.rb
71
77
  - lib/haml/version.rb
72
78
  - lib/haml/compiler.rb
@@ -99,6 +105,8 @@ files:
99
105
  - test/gemfiles/Gemfile.rails-2.3.x.lock
100
106
  - test/gemfiles/Gemfile.rails-2.3.x
101
107
  - test/gemfiles/Gemfile.rails-3.0.x.lock
108
+ - test/gemfiles/Gemfile.rails-3.2.x.lock
109
+ - test/gemfiles/Gemfile.rails-3.2.x
102
110
  - test/gemfiles/Gemfile.rails-2.1.x
103
111
  - test/gemfiles/Gemfile.rails-2.2.x.lock
104
112
  - test/gemfiles/Gemfile.rails-3.1.x.lock
@@ -463,12 +471,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
463
471
  required_rubygems_version: !ruby/object:Gem::Requirement
464
472
  none: false
465
473
  requirements:
466
- - - ">="
474
+ - - ">"
467
475
  - !ruby/object:Gem::Version
468
- hash: 3
476
+ hash: 25
469
477
  segments:
470
- - 0
471
- version: "0"
478
+ - 1
479
+ - 3
480
+ - 1
481
+ version: 1.3.1
472
482
  requirements: []
473
483
 
474
484
  rubyforge_project: haml