hamlit 0.4.3 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/hamlit/compilers/attributes.rb +14 -1
- data/lib/hamlit/version.rb +1 -1
- data/spec/hamlit/engine/new_attribute_spec.rb +26 -0
- data/spec/hamlit/engine/old_attributes_spec.rb +38 -9
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3c1078cb3f9e7ede4ba7c795b4e3efc2362741f
|
|
4
|
+
data.tar.gz: 698a072f9a818ce45c49840474b3a195ce1eddaf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 87200444daaae8c0d02f191bd001bfee731e357087220926f8fb4c8659c2e9028af2996d1d819b7002cf1ad7582b80bcd83962ea24bd4ece1c04e3fcaa8f2d6a
|
|
7
|
+
data.tar.gz: dce886340c509921c981afdcc7f83d1d9a5f8bd175c796dc285064a6f2f8e35e68e9929a8ce6158087919bde932f695e4db989d941f34b0384e4221d041d8b30
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'hamlit/compilers/new_attribute'
|
|
2
2
|
require 'hamlit/compilers/old_attribute'
|
|
3
|
+
require 'hamlit/concerns/escapable'
|
|
3
4
|
require 'hamlit/concerns/included'
|
|
4
5
|
|
|
5
6
|
module Hamlit
|
|
@@ -10,6 +11,8 @@ module Hamlit
|
|
|
10
11
|
include Compilers::OldAttribute
|
|
11
12
|
|
|
12
13
|
included do
|
|
14
|
+
include Concerns::Escapable
|
|
15
|
+
|
|
13
16
|
define_options :format, :attr_quote
|
|
14
17
|
end
|
|
15
18
|
|
|
@@ -18,11 +21,21 @@ module Hamlit
|
|
|
18
21
|
attrs = join_ids(attrs)
|
|
19
22
|
attrs = combine_classes(attrs)
|
|
20
23
|
attrs = pull_class_first(attrs)
|
|
21
|
-
[:html, :attrs, *attrs]
|
|
24
|
+
[:html, :attrs, *escape_attribute_values(attrs)]
|
|
22
25
|
end
|
|
23
26
|
|
|
24
27
|
private
|
|
25
28
|
|
|
29
|
+
def escape_attribute_values(attrs)
|
|
30
|
+
attrs.map do |attr|
|
|
31
|
+
_, _, name, value = attr
|
|
32
|
+
type, arg = value
|
|
33
|
+
next attr unless name && type && type && arg
|
|
34
|
+
|
|
35
|
+
[:html, :attr, name, escape_html(value, true)]
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
26
39
|
def compile_attributes(exps)
|
|
27
40
|
attrs = []
|
|
28
41
|
exps.each do |exp|
|
data/lib/hamlit/version.rb
CHANGED
|
@@ -15,5 +15,31 @@ describe Hamlit::Engine do
|
|
|
15
15
|
<p a='1' b='2'>bar</p>
|
|
16
16
|
HTML
|
|
17
17
|
end
|
|
18
|
+
|
|
19
|
+
describe 'html escape' do
|
|
20
|
+
it 'escapes attribute values on static attributes' do
|
|
21
|
+
assert_render(<<-'HAML', <<-HTML)
|
|
22
|
+
%a(title="'")
|
|
23
|
+
%a(title = "'\"")
|
|
24
|
+
%a(href='/search?foo=bar&hoge=<fuga>')
|
|
25
|
+
HAML
|
|
26
|
+
<a title='''></a>
|
|
27
|
+
<a title=''"'></a>
|
|
28
|
+
<a href='/search?foo=bar&hoge=<fuga>'></a>
|
|
29
|
+
HTML
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it 'escapes attribute values on dynamic attributes' do
|
|
33
|
+
assert_render(<<-'HAML', <<-HTML)
|
|
34
|
+
- title = "'\""
|
|
35
|
+
- href = '/search?foo=bar&hoge=<fuga>'
|
|
36
|
+
%a(title=title)
|
|
37
|
+
%a(href=href)
|
|
38
|
+
HAML
|
|
39
|
+
<a title=''"'></a>
|
|
40
|
+
<a href='/search?foo=bar&hoge=<fuga>'></a>
|
|
41
|
+
HTML
|
|
42
|
+
end
|
|
43
|
+
end
|
|
18
44
|
end
|
|
19
45
|
end
|
|
@@ -78,15 +78,6 @@ describe Hamlit::Engine do
|
|
|
78
78
|
HTML
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
it 'renders runtime hash attribute escaping only value' do
|
|
82
|
-
assert_render(<<-'HAML', <<-HTML)
|
|
83
|
-
- hash = { "'<foo>'" => '<bar>' }
|
|
84
|
-
%span{ hash }
|
|
85
|
-
HAML
|
|
86
|
-
<span '<foo>'='<bar>'></span>
|
|
87
|
-
HTML
|
|
88
|
-
end
|
|
89
|
-
|
|
90
81
|
it 'renders multi-byte chars as static attribute value' do
|
|
91
82
|
assert_render(<<-'HAML', <<-HTML)
|
|
92
83
|
%img{ alt: 'こんにちは' }
|
|
@@ -95,6 +86,44 @@ describe Hamlit::Engine do
|
|
|
95
86
|
HTML
|
|
96
87
|
end
|
|
97
88
|
|
|
89
|
+
describe 'html escape' do
|
|
90
|
+
it 'escapes attribute values on static attributes' do
|
|
91
|
+
assert_render(<<-'HAML', <<-HTML)
|
|
92
|
+
%a{title: "'"}
|
|
93
|
+
%a{title: "'\""}
|
|
94
|
+
%a{href: '/search?foo=bar&hoge=<fuga>'}
|
|
95
|
+
HAML
|
|
96
|
+
<a title='''></a>
|
|
97
|
+
<a title=''"'></a>
|
|
98
|
+
<a href='/search?foo=bar&hoge=<fuga>'></a>
|
|
99
|
+
HTML
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
it 'escapes attribute values on dynamic attributes' do
|
|
103
|
+
assert_render(<<-'HAML', <<-HTML)
|
|
104
|
+
- title = "'\""
|
|
105
|
+
- href = '/search?foo=bar&hoge=<fuga>'
|
|
106
|
+
%a{title: title}
|
|
107
|
+
%a{href: href}
|
|
108
|
+
HAML
|
|
109
|
+
<a title=''"'></a>
|
|
110
|
+
<a href='/search?foo=bar&hoge=<fuga>'></a>
|
|
111
|
+
HTML
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
it 'escapes attribute values on hash attributes' do
|
|
115
|
+
assert_render(<<-'HAML', <<-HTML)
|
|
116
|
+
- title = { title: "'\"" }
|
|
117
|
+
- href = { href: '/search?foo=bar&hoge=<fuga>' }
|
|
118
|
+
%a{ title }
|
|
119
|
+
%a{ href }
|
|
120
|
+
HAML
|
|
121
|
+
<a title=''"'></a>
|
|
122
|
+
<a href='/search?foo=bar&hoge=<fuga>'></a>
|
|
123
|
+
HTML
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
|
|
98
127
|
describe 'nested attributes' do
|
|
99
128
|
it 'renders true attributes' do
|
|
100
129
|
assert_render(<<-'HAML', <<-HTML)
|