haml 3.1.4 → 3.1.5.beta.1

data/REVISION

@@ -1 +1 @@
-(release)
+7c864da762750d6a6e0a3217f8f689543732b86a

data/Rakefile

@@ -103,7 +103,7 @@ end
 # Ensures that the VERSION file has been updated for a new release.
 task :check_release do
   version = File.read(scope("VERSION")).strip
-  #raise "There have been changes since current version (#{version})" if changed_since?(version)
+  raise "There have been changes since current version (#{version})" if changed_since?(version)
   raise "VERSION_NAME must not be 'Bleeding Edge'" if File.read(scope("VERSION_NAME")) == "Bleeding Edge"
 end
 

data/VERSION

@@ -1 +1 @@
-3.1.4
+3.1.5.beta.1

data/lib/haml/compiler.rb

@@ -372,7 +372,7 @@ END
           if escape_attrs == :once
             Haml::Helpers.escape_once(value.to_s)
           elsif escape_attrs
-            CGI.escapeHTML(value.to_s)
+            Haml::Helpers.html_escape(value.to_s)
           else
             value.to_s
           end

data/lib/haml/helpers/action_view_mods.rb

@@ -256,3 +256,5 @@ module ActionView
     end
   end
 end
+
+require "haml/helpers/rails_323_textarea_fix" if Haml::Util.ap_geq?("3.2.3")

data/lib/haml/helpers/rails_323_textarea_fix.rb

@@ -0,0 +1,49 @@
+# Rails 3.2.3's form helpers add a newline after opening textareas, which can
+# cause problems with newlines being considered content rather than markup.
+# These changes fix the issue by making the helpers emit "<haml:newline/>"
+# rather than the leading newline. The tag is then replaced by a newline after
+# rendering.
+#
+# This should be considered nothing more than an emergency hotfix to ensure
+# compatibility with the latest version of Rails, made at a moment when the Haml
+# project is transitioning to a new maintainer.
+
+module AbstractController
+  module Rendering
+    def render_to_body_with_haml(options = {})
+      if rendered = render_to_body_without_haml(options)
+        rendered.gsub('<haml:newline/>', "\n").html_safe
+      end
+    end
+    alias_method_chain :render_to_body, :haml
+  end
+end
+
+module ActionView
+
+  class Renderer
+    def render_template_with_haml(context, options)
+      if rendered = render_template_without_haml(context, options)
+        rendered.gsub('<haml:newline/>', "\n").html_safe
+      end
+    end
+    alias_method_chain :render_template, :haml
+  end
+
+  module Helpers
+    module TagHelper
+      private
+
+      def content_tag_string_with_haml(name, content, options, escape = true)
+        if name.to_sym == :textarea
+          tag_options = tag_options(options, escape) if options
+          content = ERB::Util.h(content) if escape
+          "<#{name}#{tag_options}><haml:newline/>#{content}</#{name}>".html_safe
+        else
+          content_tag_string_without_haml(name, content, options, escape)
+        end
+      end
+      alias_method_chain :content_tag_string, :haml
+    end
+  end
+end

data/test/gemfiles/Gemfile.rails-3.1.x.lock

@@ -1,52 +1,50 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.1.0)
-      actionpack (= 3.1.0)
+    actionmailer (3.1.4)
+      actionpack (= 3.1.4)
       mail (~> 2.3.0)
-    actionpack (3.1.0)
-      activemodel (= 3.1.0)
-      activesupport (= 3.1.0)
+    actionpack (3.1.4)
+      activemodel (= 3.1.4)
+      activesupport (= 3.1.4)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       i18n (~> 0.6)
-      rack (~> 1.3.2)
-      rack-cache (~> 1.0.3)
+      rack (~> 1.3.6)
+      rack-cache (~> 1.1)
       rack-mount (~> 0.8.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.0.0)
-    activemodel (3.1.0)
-      activesupport (= 3.1.0)
-      bcrypt-ruby (~> 3.0.0)
+      sprockets (~> 2.0.3)
+    activemodel (3.1.4)
+      activesupport (= 3.1.4)
       builder (~> 3.0.0)
       i18n (~> 0.6)
-    activerecord (3.1.0)
-      activemodel (= 3.1.0)
-      activesupport (= 3.1.0)
-      arel (~> 2.2.1)
+    activerecord (3.1.4)
+      activemodel (= 3.1.4)
+      activesupport (= 3.1.4)
+      arel (~> 2.2.3)
       tzinfo (~> 0.3.29)
-    activeresource (3.1.0)
-      activemodel (= 3.1.0)
-      activesupport (= 3.1.0)
-    activesupport (3.1.0)
+    activeresource (3.1.4)
+      activemodel (= 3.1.4)
+      activesupport (= 3.1.4)
+    activesupport (3.1.4)
       multi_json (~> 1.0)
-    arel (2.2.1)
-    bcrypt-ruby (3.0.1)
+    arel (2.2.3)
     builder (3.0.0)
     erubis (2.7.0)
     hike (1.2.1)
-    hpricot (0.8.4)
+    hpricot (0.8.6)
     i18n (0.6.0)
-    json (1.6.1)
-    mail (2.3.0)
+    json (1.6.6)
+    mail (2.3.3)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    mime-types (1.16)
-    multi_json (1.0.3)
-    polyglot (0.3.2)
-    rack (1.3.3)
-    rack-cache (1.0.3)
+    mime-types (1.18)
+    multi_json (1.2.0)
+    polyglot (0.3.3)
+    rack (1.3.6)
+    rack-cache (1.2)
       rack (>= 0.4)
     rack-mount (0.8.3)
       rack (>= 1.0.0)
@@ -54,37 +52,38 @@ GEM
       rack
     rack-test (0.6.1)
       rack (>= 1.0)
-    rails (3.1.0)
-      actionmailer (= 3.1.0)
-      actionpack (= 3.1.0)
-      activerecord (= 3.1.0)
-      activeresource (= 3.1.0)
-      activesupport (= 3.1.0)
+    rails (3.1.4)
+      actionmailer (= 3.1.4)
+      actionpack (= 3.1.4)
+      activerecord (= 3.1.4)
+      activeresource (= 3.1.4)
+      activesupport (= 3.1.4)
       bundler (~> 1.0)
-      railties (= 3.1.0)
-    railties (3.1.0)
-      actionpack (= 3.1.0)
-      activesupport (= 3.1.0)
+      railties (= 3.1.4)
+    railties (3.1.4)
+      actionpack (= 3.1.4)
+      activesupport (= 3.1.4)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (~> 0.14.6)
-    rake (0.9.2)
-    rdoc (3.9.4)
-    ruby_parser (2.3.0)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    ruby_parser (2.3.1)
       sexp_processor (~> 3.0)
-    sass (3.1.7)
-    sexp_processor (3.0.6)
-    sprockets (2.0.0)
+    sass (3.1.15)
+    sexp_processor (3.1.0)
+    sprockets (2.0.3)
       hike (~> 1.2)
       rack (~> 1.0)
-      tilt (!= 1.3.0, ~> 1.1)
+      tilt (~> 1.1, != 1.3.0)
     thor (0.14.6)
     tilt (1.3.3)
     treetop (1.4.10)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.29)
+    tzinfo (0.3.33)
 
 PLATFORMS
   ruby

data/test/gemfiles/Gemfile.rails-3.2.x

@@ -0,0 +1,8 @@
+source :rubygems
+
+gem 'json'
+gem 'ruby_parser'
+gem 'hpricot'
+gem 'erubis'
+gem 'sass'
+gem 'rails', '>= 3.2.0', '< 3.3.0'

data/test/gemfiles/Gemfile.rails-3.2.x.lock

@@ -0,0 +1,95 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.3)
+      actionpack (= 3.2.3)
+      mail (~> 2.4.4)
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activerecord (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.0)
+    erubis (2.7.0)
+    hike (1.2.1)
+    hpricot (0.8.6)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.6.6)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    multi_json (1.2.0)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.3)
+      actionmailer (= 3.2.3)
+      actionpack (= 3.2.3)
+      activerecord (= 3.2.3)
+      activeresource (= 3.2.3)
+      activesupport (= 3.2.3)
+      bundler (~> 1.0)
+      railties (= 3.2.3)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    ruby_parser (2.3.1)
+      sexp_processor (~> 3.0)
+    sass (3.1.15)
+    sexp_processor (3.1.0)
+    sprockets (2.1.2)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  erubis
+  hpricot
+  json
+  rails (>= 3.2.0, < 3.3.0)
+  ruby_parser
+  sass

data/test/haml/helper_test.rb

@@ -133,17 +133,30 @@ HTML
 HAML
   end
 
-  def test_text_area
-    assert_equal(%(<textarea id="body" name="body">Foo&#x000A;Bar&#x000A; Baz&#x000A;   Boom</textarea>\n),
-                 render('= text_area_tag "body", "Foo\nBar\n Baz\n   Boom"', :action_view))
+  if Haml::Util.ap_geq?("3.2.3")
+    def test_text_area
+      assert_equal(%(<textarea id="body" name="body">\nFoo&#x000A;Bar&#x000A; Baz&#x000A;   Boom</textarea>\n),
+                   render('= text_area_tag "body", "Foo\nBar\n Baz\n   Boom"', :action_view))
 
-    assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">Foo bar&#x000A;baz</textarea>\n),
-                 render('= text_area :post, :body', :action_view))    
+      assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">\nFoo bar&#x000A;baz</textarea>\n),
+                   render('= text_area :post, :body', :action_view))
 
-    assert_equal(%(<pre>Foo bar&#x000A;   baz</pre>\n),
-                 render('= content_tag "pre", "Foo bar\n   baz"', :action_view))    
+      assert_equal(%(<pre>Foo bar&#x000A;   baz</pre>\n),
+                   render('= content_tag "pre", "Foo bar\n   baz"', :action_view))
+    end
+  else
+    def test_text_area
+      assert_equal(%(<textarea id="body" name="body">Foo&#x000A;Bar&#x000A; Baz&#x000A;   Boom</textarea>\n),
+                   render('= text_area_tag "body", "Foo\nBar\n Baz\n   Boom"', :action_view))
+
+      assert_equal(%(<textarea cols="40" id="post_body" name="post[body]" rows="20">Foo bar&#x000A;baz</textarea>\n),
+                   render('= text_area :post, :body', :action_view))
+
+      assert_equal(%(<pre>Foo bar&#x000A;   baz</pre>\n),
+                   render('= content_tag "pre", "Foo bar\n   baz"', :action_view))
+    end
   end
-  
+
   def test_capture_haml
     assert_equal(<<HTML, render(<<HAML))
 "<p>13</p>\\n"

data/test/haml/template_test.rb

@@ -339,6 +339,14 @@ HAML
       assert_equal("Foo & Bar\n", render('Foo #{"&"} Bar', :action_view))
     end
 
+    def test_xss_protection_in_attributes
+      assert_equal("<div data-html='&lt;foo&gt;bar&lt;/foo&gt;'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>" }', :action_view))
+    end
+
+    def test_xss_protection_in_attributes_with_safe_strings
+      assert_equal("<div data-html='<foo>bar</foo>'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>".html_safe }', :action_view))
+    end
+
     def test_xss_protection_with_bang_in_interpolation
       assert_equal("Foo & Bar\n", render('! Foo #{"&"} Bar', :action_view))
     end

metadata

@@ -1,22 +1,25 @@
 --- !ruby/object:Gem::Specification 
 name: haml
 version: !ruby/object:Gem::Version 
-  hash: 11
-  prerelease: false
+  hash: 62196473
+  prerelease: true
   segments: 
   - 3
   - 1
-  - 4
-  version: 3.1.4
+  - 5
+  - beta
+  - 1
+  version: 3.1.5.beta.1
 platform: ruby
 authors: 
 - Nathan Weizenbaum
 - Hampton Catlin
+- Norman Clarke
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-11-28 00:00:00 -08:00
+date: 2012-04-27 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -52,7 +55,9 @@ dependencies:
   type: :development
   version_requirements: *id002
 description: "      Haml (HTML Abstraction Markup Language) is a layer on top of XHTML or XML\n      that's designed to express the structure of XHTML or XML documents\n      in a non-repetitive, elegant, easy way,\n      using indentation rather than closing tags\n      and allowing Ruby to be embedded with ease.\n      It was originally envisioned as a plugin for Ruby on Rails,\n      but it can function as a stand-alone templating engine.\n"
-email: haml@googlegroups.com
+email: 
+- haml@googlegroups.com
+- norman@njclarke.com
 executables: 
 - haml
 - html2haml
@@ -67,6 +72,7 @@ files:
 - lib/haml/helpers/action_view_mods.rb
 - lib/haml/helpers/action_view_extensions.rb
 - lib/haml/helpers/xss_mods.rb
+- lib/haml/helpers/rails_323_textarea_fix.rb
 - lib/haml/parser.rb
 - lib/haml/version.rb
 - lib/haml/compiler.rb
@@ -99,6 +105,8 @@ files:
 - test/gemfiles/Gemfile.rails-2.3.x.lock
 - test/gemfiles/Gemfile.rails-2.3.x
 - test/gemfiles/Gemfile.rails-3.0.x.lock
+- test/gemfiles/Gemfile.rails-3.2.x.lock
+- test/gemfiles/Gemfile.rails-3.2.x
 - test/gemfiles/Gemfile.rails-2.1.x
 - test/gemfiles/Gemfile.rails-2.2.x.lock
 - test/gemfiles/Gemfile.rails-3.1.x.lock
@@ -463,12 +471,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: haml