RubyGems - hamlit - Versions diffs - 1.7.2 → 2.0.1 - Mend

hamlit 1.7.2 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (283) hide show

checksums.yaml +4 -4
data/.gitignore +4 -3
data/.gitmodules +3 -0
data/.travis.yml +25 -37
data/CHANGELOG.md +18 -0
data/Gemfile +16 -0
data/LICENSE.txt +23 -2
data/README.md +106 -48
data/REFERENCE.md +222 -0
data/Rakefile +77 -19
data/benchmark/boolean_attribute.haml +6 -0
data/benchmark/class_attribute.haml +5 -0
data/benchmark/common_attribute.haml +3 -0
data/benchmark/data_attribute.haml +4 -0
data/benchmark/dynamic_attributes/boolean_attribute.haml +4 -0
data/benchmark/dynamic_attributes/class_attribute.haml +4 -0
data/benchmark/dynamic_attributes/common_attribute.haml +2 -0
data/benchmark/dynamic_attributes/data_attribute.haml +2 -0
data/benchmark/dynamic_attributes/id_attribute.haml +2 -0
data/benchmark/etc/attribute_builder.haml +5 -0
data/benchmark/etc/real_sample.haml +888 -0
data/benchmark/etc/real_sample.rb +11 -0
data/benchmark/etc/static_analyzer.haml +1 -0
data/benchmark/etc/tags.haml +3 -0
data/benchmark/ext/build_data.rb +15 -0
data/benchmark/ext/build_id.rb +13 -0
data/benchmark/id_attribute.haml +3 -0
data/benchmark/plain.haml +4 -0
data/benchmark/script.haml +4 -0
data/benchmark/slim/LICENSE +21 -0
data/{benchmarks → benchmark/slim}/context.rb +2 -4
data/benchmark/slim/run-benchmarks.rb +94 -0
data/{benchmarks → benchmark/slim}/view.erb +3 -3
data/{benchmarks → benchmark/slim}/view.haml +0 -0
data/{benchmarks/view.escaped.slim → benchmark/slim/view.slim} +1 -1
data/benchmark/string_interpolation.haml +2 -0
data/benchmark/utils/benchmark_ips_extension.rb +43 -0
data/bin/bench +85 -0
data/bin/clone +14 -0
data/bin/console +11 -0
data/bin/lineprof +48 -0
data/bin/ruby +3 -0
data/bin/setup +7 -0
data/bin/stackprof +27 -0
data/{test → bin/test} +6 -10
data/{bin → exe}/hamlit +0 -0
data/ext/hamlit/extconf.rb +14 -0
data/ext/hamlit/hamlit.c +512 -0
data/ext/hamlit/houdini/.gitignore +3 -0
data/ext/hamlit/houdini/COPYING +7 -0
data/ext/hamlit/houdini/Makefile +79 -0
data/ext/hamlit/houdini/README.md +59 -0
data/ext/hamlit/houdini/buffer.c +249 -0
data/ext/hamlit/houdini/buffer.h +113 -0
data/ext/hamlit/houdini/houdini.h +46 -0
data/ext/hamlit/houdini/houdini_href_e.c +115 -0
data/ext/hamlit/houdini/houdini_html_e.c +90 -0
data/ext/hamlit/houdini/houdini_html_u.c +122 -0
data/ext/hamlit/houdini/houdini_js_e.c +90 -0
data/ext/hamlit/houdini/houdini_js_u.c +60 -0
data/ext/hamlit/houdini/houdini_uri_e.c +107 -0
data/ext/hamlit/houdini/houdini_uri_u.c +68 -0
data/ext/hamlit/houdini/houdini_xml_e.c +136 -0
data/ext/hamlit/houdini/html_unescape.gperf +258 -0
data/ext/hamlit/houdini/html_unescape.h +754 -0
data/ext/hamlit/houdini/tools/build_table.py +13 -0
data/ext/hamlit/houdini/tools/build_tables.c +51 -0
data/ext/hamlit/houdini/tools/wikipedia_table.txt +2025 -0
data/hamlit.gemspec +30 -31
data/lib/hamlit.rb +3 -1
data/lib/hamlit/attribute_builder.rb +12 -0
data/lib/hamlit/cli.rb +44 -43
data/lib/hamlit/compiler.rb +92 -16
data/lib/hamlit/compiler/attribute_compiler.rb +148 -0
data/lib/hamlit/compiler/children_compiler.rb +111 -0
data/lib/hamlit/compiler/comment_compiler.rb +36 -0
data/lib/hamlit/compiler/doctype_compiler.rb +45 -0
data/lib/hamlit/compiler/script_compiler.rb +97 -0
data/lib/hamlit/compiler/silent_script_compiler.rb +24 -0
data/lib/hamlit/compiler/tag_compiler.rb +69 -0
data/lib/hamlit/engine.rb +12 -7
data/lib/hamlit/error.rb +14 -0
data/lib/hamlit/escapable.rb +12 -0
data/lib/hamlit/filters.rb +65 -0
data/lib/hamlit/filters/base.rb +4 -62
data/lib/hamlit/filters/coffee.rb +9 -7
data/lib/hamlit/filters/css.rb +25 -8
data/lib/hamlit/filters/erb.rb +4 -6
data/lib/hamlit/filters/escaped.rb +11 -9
data/lib/hamlit/filters/javascript.rb +25 -8
data/lib/hamlit/filters/less.rb +9 -7
data/lib/hamlit/filters/markdown.rb +5 -6
data/lib/hamlit/filters/plain.rb +11 -15
data/lib/hamlit/filters/preserve.rb +15 -5
data/lib/hamlit/filters/ruby.rb +3 -5
data/lib/hamlit/filters/sass.rb +9 -7
data/lib/hamlit/filters/scss.rb +9 -7
data/lib/hamlit/filters/text_base.rb +24 -0
data/lib/hamlit/filters/tilt_base.rb +47 -0
data/lib/hamlit/hash_parser.rb +107 -0
data/lib/hamlit/html.rb +9 -6
data/lib/hamlit/identity.rb +12 -0
data/lib/hamlit/object_ref.rb +29 -0
data/lib/hamlit/parser.rb +25 -142
data/lib/hamlit/parser/MIT-LICENSE +20 -0
data/lib/hamlit/parser/README.md +28 -0
data/lib/hamlit/parser/haml_buffer.rb +348 -0
data/lib/hamlit/parser/haml_compiler.rb +553 -0
data/lib/hamlit/parser/haml_error.rb +61 -0
data/lib/hamlit/parser/haml_helpers.rb +727 -0
data/lib/hamlit/parser/haml_options.rb +286 -0
data/lib/hamlit/parser/haml_parser.rb +801 -0
data/lib/hamlit/parser/haml_util.rb +283 -0
data/lib/hamlit/parser/haml_xss_mods.rb +109 -0
data/lib/hamlit/{helpers.rb → rails_helpers.rb} +2 -7
data/lib/hamlit/rails_template.rb +30 -0
data/lib/hamlit/railtie.rb +1 -12
data/lib/hamlit/ruby_expression.rb +31 -0
data/lib/hamlit/static_analyzer.rb +49 -0
data/lib/hamlit/string_interpolation.rb +69 -0
data/lib/hamlit/template.rb +8 -0
data/lib/hamlit/utils.rb +9 -0
data/lib/hamlit/version.rb +1 -1
metadata +116 -324
data/.rspec +0 -2
data/benchmarks/benchmark.rb +0 -110
data/benchmarks/view.slim +0 -17
data/doc/README.md +0 -19
data/doc/engine/indent.md +0 -48
data/doc/engine/new_attribute.md +0 -77
data/doc/engine/old_attributes.md +0 -198
data/doc/engine/silent_script.md +0 -97
data/doc/engine/tag.md +0 -48
data/doc/engine/text.md +0 -64
data/doc/faml/README.md +0 -16
data/doc/faml/engine/indent.md +0 -48
data/doc/faml/engine/old_attributes.md +0 -111
data/doc/faml/engine/silent_script.md +0 -97
data/doc/faml/engine/text.md +0 -59
data/doc/faml/filters/erb.md +0 -24
data/doc/faml/filters/javascript.md +0 -27
data/doc/faml/filters/less.md +0 -57
data/doc/faml/filters/plain.md +0 -25
data/doc/filters/erb.md +0 -31
data/doc/filters/javascript.md +0 -83
data/doc/filters/less.md +0 -57
data/doc/filters/markdown.md +0 -31
data/doc/filters/plain.md +0 -25
data/doc/haml/README.md +0 -15
data/doc/haml/engine/new_attribute.md +0 -77
data/doc/haml/engine/old_attributes.md +0 -142
data/doc/haml/engine/tag.md +0 -48
data/doc/haml/engine/text.md +0 -29
data/doc/haml/filters/erb.md +0 -26
data/doc/haml/filters/javascript.md +0 -76
data/doc/haml/filters/markdown.md +0 -31
data/lib/hamlit/attribute.rb +0 -78
data/lib/hamlit/compilers/attributes.rb +0 -108
data/lib/hamlit/compilers/comment.rb +0 -13
data/lib/hamlit/compilers/doctype.rb +0 -39
data/lib/hamlit/compilers/filter.rb +0 -53
data/lib/hamlit/compilers/new_attribute.rb +0 -115
data/lib/hamlit/compilers/old_attribute.rb +0 -241
data/lib/hamlit/compilers/runtime_attribute.rb +0 -58
data/lib/hamlit/compilers/script.rb +0 -31
data/lib/hamlit/compilers/strip.rb +0 -19
data/lib/hamlit/compilers/text.rb +0 -111
data/lib/hamlit/concerns/attribute_builder.rb +0 -22
data/lib/hamlit/concerns/balanceable.rb +0 -68
data/lib/hamlit/concerns/deprecation.rb +0 -20
data/lib/hamlit/concerns/error.rb +0 -31
data/lib/hamlit/concerns/escapable.rb +0 -17
data/lib/hamlit/concerns/included.rb +0 -28
data/lib/hamlit/concerns/indentable.rb +0 -117
data/lib/hamlit/concerns/lexable.rb +0 -32
data/lib/hamlit/concerns/line_reader.rb +0 -62
data/lib/hamlit/concerns/registerable.rb +0 -24
data/lib/hamlit/concerns/string_interpolation.rb +0 -48
data/lib/hamlit/concerns/whitespace.rb +0 -91
data/lib/hamlit/filters/tilt.rb +0 -41
data/lib/hamlit/parsers/attribute.rb +0 -71
data/lib/hamlit/parsers/comment.rb +0 -30
data/lib/hamlit/parsers/doctype.rb +0 -18
data/lib/hamlit/parsers/filter.rb +0 -18
data/lib/hamlit/parsers/multiline.rb +0 -58
data/lib/hamlit/parsers/script.rb +0 -126
data/lib/hamlit/parsers/tag.rb +0 -83
data/lib/hamlit/parsers/text.rb +0 -28
data/lib/hamlit/temple.rb +0 -9
data/release +0 -6
data/spec/Rakefile +0 -72
data/spec/hamlit/engine/comment_spec.rb +0 -56
data/spec/hamlit/engine/doctype_spec.rb +0 -19
data/spec/hamlit/engine/error_spec.rb +0 -135
data/spec/hamlit/engine/indent_spec.rb +0 -42
data/spec/hamlit/engine/multiline_spec.rb +0 -44
data/spec/hamlit/engine/new_attribute_spec.rb +0 -110
data/spec/hamlit/engine/old_attributes_spec.rb +0 -404
data/spec/hamlit/engine/script_spec.rb +0 -116
data/spec/hamlit/engine/silent_script_spec.rb +0 -213
data/spec/hamlit/engine/tag_spec.rb +0 -295
data/spec/hamlit/engine/text_spec.rb +0 -239
data/spec/hamlit/engine_spec.rb +0 -58
data/spec/hamlit/filters/coffee_spec.rb +0 -60
data/spec/hamlit/filters/css_spec.rb +0 -33
data/spec/hamlit/filters/erb_spec.rb +0 -16
data/spec/hamlit/filters/javascript_spec.rb +0 -82
data/spec/hamlit/filters/less_spec.rb +0 -37
data/spec/hamlit/filters/markdown_spec.rb +0 -30
data/spec/hamlit/filters/plain_spec.rb +0 -15
data/spec/hamlit/filters/ruby_spec.rb +0 -24
data/spec/hamlit/filters/sass_spec.rb +0 -33
data/spec/hamlit/filters/scss_spec.rb +0 -37
data/spec/hamlit/haml_spec.rb +0 -910
data/spec/rails/.gitignore +0 -18
data/spec/rails/.rspec +0 -2
data/spec/rails/Gemfile +0 -19
data/spec/rails/README.rdoc +0 -28
data/spec/rails/Rakefile +0 -6
data/spec/rails/app/assets/images/.keep +0 -0
data/spec/rails/app/assets/javascripts/application.js +0 -15
data/spec/rails/app/assets/stylesheets/application.css +0 -15
data/spec/rails/app/controllers/application_controller.rb +0 -8
data/spec/rails/app/controllers/concerns/.keep +0 -0
data/spec/rails/app/controllers/users_controller.rb +0 -23
data/spec/rails/app/helpers/application_helper.rb +0 -2
data/spec/rails/app/mailers/.keep +0 -0
data/spec/rails/app/models/.keep +0 -0
data/spec/rails/app/models/concerns/.keep +0 -0
data/spec/rails/app/views/application/index.html.haml +0 -18
data/spec/rails/app/views/layouts/application.html.haml +0 -12
data/spec/rails/app/views/users/capture.html.haml +0 -5
data/spec/rails/app/views/users/capture_haml.html.haml +0 -5
data/spec/rails/app/views/users/form.html.haml +0 -2
data/spec/rails/app/views/users/helpers.html.haml +0 -10
data/spec/rails/app/views/users/index.html.haml +0 -9
data/spec/rails/app/views/users/inline.html.haml +0 -6
data/spec/rails/app/views/users/old_attributes.html.haml +0 -5
data/spec/rails/app/views/users/safe_buffer.html.haml +0 -4
data/spec/rails/app/views/users/whitespace.html.haml +0 -4
data/spec/rails/bin/bundle +0 -3
data/spec/rails/bin/rails +0 -8
data/spec/rails/bin/rake +0 -8
data/spec/rails/bin/setup +0 -29
data/spec/rails/bin/spring +0 -15
data/spec/rails/config.ru +0 -4
data/spec/rails/config/application.rb +0 -34
data/spec/rails/config/boot.rb +0 -3
data/spec/rails/config/database.yml +0 -25
data/spec/rails/config/environment.rb +0 -5
data/spec/rails/config/environments/development.rb +0 -41
data/spec/rails/config/environments/production.rb +0 -79
data/spec/rails/config/environments/test.rb +0 -42
data/spec/rails/config/initializers/assets.rb +0 -11
data/spec/rails/config/initializers/backtrace_silencers.rb +0 -7
data/spec/rails/config/initializers/cookies_serializer.rb +0 -3
data/spec/rails/config/initializers/filter_parameter_logging.rb +0 -4
data/spec/rails/config/initializers/inflections.rb +0 -16
data/spec/rails/config/initializers/mime_types.rb +0 -4
data/spec/rails/config/initializers/session_store.rb +0 -3
data/spec/rails/config/initializers/wrap_parameters.rb +0 -14
data/spec/rails/config/locales/en.yml +0 -24
data/spec/rails/config/routes.rb +0 -16
data/spec/rails/config/secrets.yml +0 -22
data/spec/rails/db/schema.rb +0 -16
data/spec/rails/db/seeds.rb +0 -7
data/spec/rails/lib/assets/.keep +0 -0
data/spec/rails/lib/tasks/.keep +0 -0
data/spec/rails/log/.keep +0 -0
data/spec/rails/public/404.html +0 -67
data/spec/rails/public/422.html +0 -67
data/spec/rails/public/500.html +0 -66
data/spec/rails/public/favicon.ico +0 -0
data/spec/rails/public/robots.txt +0 -5
data/spec/rails/spec/hamlit_spec.rb +0 -123
data/spec/rails/spec/rails_helper.rb +0 -56
data/spec/rails/spec/spec_helper.rb +0 -91
data/spec/rails/vendor/assets/javascripts/.keep +0 -0
data/spec/rails/vendor/assets/stylesheets/.keep +0 -0
data/spec/spec_helper.rb +0 -36
data/spec/spec_helper/document_generator.rb +0 -93
data/spec/spec_helper/render_helper.rb +0 -120
data/spec/spec_helper/test_case.rb +0 -55

data/lib/hamlit/parser/haml_util.rb ADDED Viewed

@@ -0,0 +1,283 @@
+# encoding: utf-8
+begin
+  require 'erubis/tiny'
+rescue LoadError
+  require 'erb'
+end
+require 'set'
+require 'stringio'
+require 'strscan'
+module Hamlit
+  # A module containing various useful functions.
+  module HamlUtil
+    extend self
+    # Silence all output to STDERR within a block.
+    #
+    # @yield A block in which no output will be printed to STDERR
+    def silence_warnings
+      the_real_stderr, $stderr = $stderr, StringIO.new
+      yield
+    ensure
+      $stderr = the_real_stderr
+    end
+    ## Rails XSS Safety
+    # Whether or not ActionView's XSS protection is available and enabled,
+    # as is the default for Rails 3.0+, and optional for version 2.3.5+.
+    # Overridden in haml/template.rb if this is the case.
+    #
+    # @return [Boolean]
+    def rails_xss_safe?
+      false
+    end
+    # Returns the given text, marked as being HTML-safe.
+    # With older versions of the Rails XSS-safety mechanism,
+    # this destructively modifies the HTML-safety of `text`.
+    #
+    # It only works if you are using ActiveSupport or the parameter `text`
+    # implements the #html_safe method.
+    #
+    # @param text [String, nil]
+    # @return [String, nil] `text`, marked as HTML-safe
+    def html_safe(text)
+      return unless text
+      text.html_safe
+    end
+    # Checks that the encoding of a string is valid
+    # and cleans up potential encoding gotchas like the UTF-8 BOM.
+    # If it's not, yields an error string describing the invalid character
+    # and the line on which it occurs.
+    #
+    # @param str [String] The string of which to check the encoding
+    # @yield [msg] A block in which an encoding error can be raised.
+    #   Only yields if there is an encoding error
+    # @yieldparam msg [String] The error message to be raised
+    # @return [String] `str`, potentially with encoding gotchas like BOMs removed
+    def check_encoding(str)
+      if str.valid_encoding?
+        # Get rid of the Unicode BOM if possible
+        # Shortcut for UTF-8 which might be the majority case
+        if str.encoding == Encoding::UTF_8
+          return str.gsub(/\A\uFEFF/, '')
+        elsif str.encoding.name =~ /^UTF-(16|32)(BE|LE)?$/
+          return str.gsub(Regexp.new("\\A\uFEFF".encode(str.encoding)), '')
+        else
+          return str
+        end
+      end
+      encoding = str.encoding
+      newlines = Regexp.new("\r\n|\r|\n".encode(encoding).force_encoding(Encoding::ASCII_8BIT))
+      str.force_encoding(Encoding::ASCII_8BIT).split(newlines).each_with_index do |line, i|
+        begin
+          line.encode(encoding)
+        rescue Encoding::UndefinedConversionError => e
+          yield <<MSG.rstrip, i + 1
+Invalid #{encoding.name} character #{e.error_char.dump}
+MSG
+        end
+      end
+      return str
+    end
+    # Like {\#check\_encoding}, but also checks for a Ruby-style `-# coding:` comment
+    # at the beginning of the template and uses that encoding if it exists.
+    #
+    # The Haml encoding rules are simple.
+    # If a `-# coding:` comment exists,
+    # we assume that that's the original encoding of the document.
+    # Otherwise, we use whatever encoding Ruby has.
+    #
+    # Haml uses the same rules for parsing coding comments as Ruby.
+    # This means that it can understand Emacs-style comments
+    # (e.g. `-*- encoding: "utf-8" -*-`),
+    # and also that it cannot understand non-ASCII-compatible encodings
+    # such as `UTF-16` and `UTF-32`.
+    #
+    # @param str [String] The Haml template of which to check the encoding
+    # @yield [msg] A block in which an encoding error can be raised.
+    #   Only yields if there is an encoding error
+    # @yieldparam msg [String] The error message to be raised
+    # @return [String] The original string encoded properly
+    # @raise [ArgumentError] if the document declares an unknown encoding
+    def check_haml_encoding(str, &block)
+      str = str.dup if str.frozen?
+      bom, encoding = parse_haml_magic_comment(str)
+      if encoding; str.force_encoding(encoding)
+      elsif bom; str.force_encoding(Encoding::UTF_8)
+      end
+      return check_encoding(str, &block)
+    end
+    # Like `Object#inspect`, but preserves non-ASCII characters rather than escaping them.
+    # This is necessary so that the precompiled Haml template can be `#encode`d into `@options[:encoding]`
+    # before being evaluated.
+    #
+    # @param obj {Object}
+    # @return {String}
+    def inspect_obj(obj)
+      case obj
+      when String
+        %Q!"#{obj.gsub(/[\x00-\x7F]+/) {|s| s.inspect[1...-1]}}"!
+      when Symbol
+        ":#{inspect_obj(obj.to_s)}"
+      else
+        obj.inspect
+      end
+    end
+    # Scans through a string looking for the interoplation-opening `#{`
+    # and, when it's found, yields the scanner to the calling code
+    # so it can handle it properly.
+    #
+    # The scanner will have any backslashes immediately in front of the `#{`
+    # as the second capture group (`scan[2]`),
+    # and the text prior to that as the first (`scan[1]`).
+    #
+    # @yieldparam scan [StringScanner] The scanner scanning through the string
+    # @return [String] The text remaining in the scanner after all `#{`s have been processed
+    def handle_interpolation(str)
+      scan = StringScanner.new(str)
+      yield scan while scan.scan(/(.*?)(\\*)#([\{@$])/)
+      scan.rest
+    end
+    # Moves a scanner through a balanced pair of characters.
+    # For example:
+    #
+    #     Foo (Bar (Baz bang) bop) (Bang (bop bip))
+    #     ^                       ^
+    #     from                    to
+    #
+    # @param scanner [StringScanner] The string scanner to move
+    # @param start [String] The character opening the balanced pair.
+    # @param finish [String] The character closing the balanced pair.
+    # @param count [Fixnum] The number of opening characters matched
+    #   before calling this method
+    # @return [(String, String)] The string matched within the balanced pair
+    #   and the rest of the string.
+    #   `["Foo (Bar (Baz bang) bop)", " (Bang (bop bip))"]` in the example above.
+    def balance(scanner, start, finish, count = 0)
+      str = ''
+      scanner = StringScanner.new(scanner) unless scanner.is_a? StringScanner
+      regexp = Regexp.new("(.*?)[\\#{start.chr}\\#{finish.chr}]", Regexp::MULTILINE)
+      while scanner.scan(regexp)
+        str << scanner.matched
+        count += 1 if scanner.matched[-1] == start
+        count -= 1 if scanner.matched[-1] == finish
+        return [str.strip, scanner.rest] if count == 0
+      end
+    end
+    # Formats a string for use in error messages about indentation.
+    #
+    # @param indentation [String] The string used for indentation
+    # @return [String] The name of the indentation (e.g. `"12 spaces"`, `"1 tab"`)
+    def human_indentation(indentation)
+      if !indentation.include?(?\t)
+        noun = 'space'
+      elsif !indentation.include?(?\s)
+        noun = 'tab'
+      else
+        return indentation.inspect
+      end
+      singular = indentation.length == 1
+      "#{indentation.length} #{noun}#{'s' unless singular}"
+    end
+    def contains_interpolation?(str)
+      /#[\{$@]/ === str
+    end
+    # Original Haml::Util.unescape_interpolation
+    def slow_unescape_interpolation(str, escape_html = nil)
+      res = ''
+      rest = ::Hamlit::HamlUtil.handle_interpolation str.dump do |scan|
+        escapes = (scan[2].size - 1) / 2
+        char = scan[3] # '{', '@' or '$'
+        res << scan.matched[0...-3 - escapes]
+        if escapes % 2 == 1
+          res << "\##{char}"
+        else
+          interpolated = if char == '{'
+            balance(scan, ?{, ?}, 1)[0][0...-1]
+          else
+            scan.scan(/\w+/)
+          end
+          content = eval('"' + interpolated + '"')
+          content.prepend(char) if char == '@' || char == '$'
+          content = "::Hamlit::HamlHelpers.html_escape((#{content}))" if escape_html
+          res << "\#{#{content}}"
+        end
+      end
+      res + rest
+    end
+    # Customized Haml::Util.unescape_interpolation to handle escape by Hamlit
+    def unescape_interpolation(str)
+      res = ''
+      rest = ::Hamlit::HamlUtil.handle_interpolation str.dump do |scan|
+        escapes = (scan[2].size - 1) / 2
+        char = scan[3] # '{', '@' or '$'
+        res << scan.matched[0...-3 - escapes]
+        if escapes % 2 == 1
+          res << "\##{char}"
+        else
+          interpolated = if char == '{'
+            balance(scan, ?{, ?}, 1)[0][0...-1]
+          else
+            scan.scan(/\w+/)
+          end
+          content = eval('"' + interpolated + '"')
+          content.prepend(char) if char == '@' || char == '$'
+          res << "\#{#{content}}"
+        end
+      end
+      res + rest
+    end
+    private
+    # Parses a magic comment at the beginning of a Haml file.
+    # The parsing rules are basically the same as Ruby's.
+    #
+    # @return [(Boolean, String or nil)]
+    #   Whether the document begins with a UTF-8 BOM,
+    #   and the declared encoding of the document (or nil if none is declared)
+    def parse_haml_magic_comment(str)
+      scanner = StringScanner.new(str.dup.force_encoding(Encoding::ASCII_8BIT))
+      bom = scanner.scan(/\xEF\xBB\xBF/n)
+      return bom unless scanner.scan(/-\s*#\s*/n)
+      if coding = try_parse_haml_emacs_magic_comment(scanner)
+        return bom, coding
+      end
+      return bom unless scanner.scan(/.*?coding[=:]\s*([\w-]+)/in)
+      return bom, scanner[1]
+    end
+    def try_parse_haml_emacs_magic_comment(scanner)
+      pos = scanner.pos
+      return unless scanner.scan(/.*?-\*-\s*/n)
+      # From Ruby's parse.y
+      return unless scanner.scan(/([^\s'":;]+)\s*:\s*("(?:\\.|[^"])*"|[^"\s;]+?)[\s;]*-\*-/n)
+      name, val = scanner[1], scanner[2]
+      return unless name =~ /(en)?coding/in
+      val = $1 if val =~ /^"(.*)"$/n
+      return val
+    ensure
+      scanner.pos = pos
+    end
+  end
+end

data/lib/hamlit/parser/haml_xss_mods.rb ADDED Viewed

@@ -0,0 +1,109 @@
+module Hamlit
+  module HamlHelpers
+    # This module overrides Haml helpers to work properly
+    # in the context of ActionView.
+    # Currently it's only used for modifying the helpers
+    # to work with Rails' XSS protection methods.
+    module XssMods
+      def self.included(base)
+        %w[html_escape find_and_preserve preserve list_of surround
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
+           escape_once].each do |name|
+          base.send(:alias_method, "#{name}_without_haml_xss", name)
+          base.send(:alias_method, name, "#{name}_with_haml_xss")
+        end
+      end
+      # Don't escape text that's already safe,
+      # output is always HTML safe
+      def html_escape_with_haml_xss(text)
+        str = text.to_s
+        return text if str.html_safe?
+        ::Hamlit::HamlUtil.html_safe(html_escape_without_haml_xss(str))
+      end
+      # Output is always HTML safe
+      def find_and_preserve_with_haml_xss(*args, &block)
+        ::Hamlit::HamlUtil.html_safe(find_and_preserve_without_haml_xss(*args, &block))
+      end
+      # Output is always HTML safe
+      def preserve_with_haml_xss(*args, &block)
+        ::Hamlit::HamlUtil.html_safe(preserve_without_haml_xss(*args, &block))
+      end
+      # Output is always HTML safe
+      def list_of_with_haml_xss(*args, &block)
+        ::Hamlit::HamlUtil.html_safe(list_of_without_haml_xss(*args, &block))
+      end
+      # Input is escaped, output is always HTML safe
+      def surround_with_haml_xss(front, back = front, &block)
+        ::Hamlit::HamlUtil.html_safe(
+          surround_without_haml_xss(
+            haml_xss_html_escape(front),
+            haml_xss_html_escape(back),
+            &block))
+      end
+      # Input is escaped, output is always HTML safe
+      def precede_with_haml_xss(str, &block)
+        ::Hamlit::HamlUtil.html_safe(precede_without_haml_xss(haml_xss_html_escape(str), &block))
+      end
+      # Input is escaped, output is always HTML safe
+      def succeed_with_haml_xss(str, &block)
+        ::Hamlit::HamlUtil.html_safe(succeed_without_haml_xss(haml_xss_html_escape(str), &block))
+      end
+      # Output is always HTML safe
+      def capture_haml_with_haml_xss(*args, &block)
+        ::Hamlit::HamlUtil.html_safe(capture_haml_without_haml_xss(*args, &block))
+      end
+      # Input will be escaped unless this is in a `with_raw_haml_concat`
+      # block. See #Haml::Helpers::ActionViewExtensions#with_raw_haml_concat.
+      def haml_concat_with_haml_xss(text = "")
+        raw = instance_variable_defined?(:@_haml_concat_raw) ? @_haml_concat_raw : false
+        if raw
+          haml_internal_concat_raw text
+        else
+          haml_internal_concat text
+        end
+        ErrorReturn.new("haml_concat")
+      end
+      # Input is escaped
+      def haml_internal_concat_with_haml_xss(text="", newline=true, indent=true)
+        haml_internal_concat_without_haml_xss(haml_xss_html_escape(text), newline, indent)
+      end
+      private :haml_internal_concat_with_haml_xss
+      # Output is always HTML safe
+      def haml_indent_with_haml_xss
+        ::Hamlit::HamlUtil.html_safe(haml_indent_without_haml_xss)
+      end
+      # Output is always HTML safe
+      def escape_once_with_haml_xss(*args)
+        ::Hamlit::HamlUtil.html_safe(escape_once_without_haml_xss(*args))
+      end
+      private
+      # Escapes the HTML in the text if and only if
+      # Rails XSS protection is enabled *and* the `:escape_html` option is set.
+      def haml_xss_html_escape(text)
+        return text unless ::Hamlit::HamlUtil.rails_xss_safe? && haml_buffer.options[:escape_html]
+        html_escape(text)
+      end
+    end
+    class ErrorReturn
+      # Any attempt to treat ErrorReturn as a string should cause it to blow up.
+      alias_method :html_safe, :to_s
+      alias_method :html_safe?, :to_s
+      alias_method :html_safe!, :to_s
+    end
+  end
+end

data/lib/hamlit/{helpers.rb → rails_helpers.rb} RENAMED Viewed

@@ -1,12 +1,7 @@
-# This is a module compatible with Haml::Helpers.
-# It is included by ActionView in initializer.
-#
-# NOTE: currently Hamlit::Helpers is enabled by default
-# on only Rails environment.
-# And currently this Hamlit::Helpers depends on
+# Currently this Hamlit::Helpers depends on
 # ActionView internal implementation. (not desired)
 module Hamlit
-  module Helpers
+  module RailsHelpers
     extend self
     DEFAULT_PRESERVE_TAGS = %w[textarea pre code].freeze

data/lib/hamlit/rails_template.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require 'temple'
+require 'hamlit/engine'
+require 'hamlit/rails_helpers'
+require 'hamlit/parser/haml_helpers'
+require 'hamlit/parser/haml_util'
+module Hamlit
+  RailsTemplate = Temple::Templates::Rails.create(
+    Hamlit::Engine,
+    generator:     Temple::Generators::RailsOutputBuffer,
+    register_as:   :haml,
+    use_html_safe: true,
+    streaming:     true,
+  )
+  # https://github.com/haml/haml/blob/4.0.7/lib/haml/template.rb
+  module HamlHelpers
+    require 'hamlit/parser/haml_xss_mods'
+    include Hamlit::HamlHelpers::XssMods
+  end
+  module HamlUtil
+    undef :rails_xss_safe? if defined? rails_xss_safe?
+    def rails_xss_safe?; true; end
+  end
+end
+# Haml extends Haml::Helpers in ActionView each time.
+# It costs much, so Hamlit includes a compatible module at first.
+ActionView::Base.send :include, Hamlit::RailsHelpers

data/lib/hamlit/railtie.rb CHANGED Viewed

@@ -1,20 +1,9 @@
 require 'rails'
-require 'temple'
 module Hamlit
   class Railtie < ::Rails::Railtie
     initializer :hamlit do |app|
-      Hamlit::RailsTemplate = Temple::Templates::Rails.create(
-        Hamlit::Engine,
-        generator:   Temple::Generators::RailsOutputBuffer,
-        register_as: :haml,
-        escape_html: true,
-        streaming:   true,
-      )
-      # Haml extends Haml::Helpers in ActionView each time.
-      # It costs much, so Hamlit includes a compatible module at first.
-      ActionView::Base.send :include, Hamlit::Helpers
+      require 'hamlit/rails_template'
     end
   end
 end