hamlit 2.11.1 → 2.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 315b433bd4a2af17f13b1a8ff54787c65b25beabcbdb1274dd86b29248e75f60
-  data.tar.gz: cd02934b413dd1cf6891f35f5cb1ee8731d68e0f82eb300bf92679b7574ec598
+  metadata.gz: d8a587e57cbdc02c90d18591926efb8bf4fd990d60c31969501418a1eed0d2d9
+  data.tar.gz: 7f97e39c33bad82a1cc5b4056b8ac0765a2939f2a9c0a6fecfd156daefa98fa3
 SHA512:
-  metadata.gz: 128daeb6d3f1d34fd33718b90b20b75117cda4147e8783d039b2daf0e019d836ac580d78fd3e01561f53f4348e442d3a04169761048cc2105ef1e3cae5c5c131
-  data.tar.gz: 0c11bc8dce803aa8d2adfdc78c7b91274678371adb7d30a8a36d997b60ada32320349712cd39c1feec7d965f5e1bbf6b6ab878a3769d4e20ee245afd1772bf79
+  metadata.gz: dba41938cf6697aeef29f404178de0ccf46cb438402510e989af63593e5ea853627f3f0594fd0359e4b10c68b3c53a7ae64b9c3e2d2f717707e5996006b49721
+  data.tar.gz: 61ce345a747e0fffee535ecab7caee9b0320858f0243b405643115b97cef012039ed9d72766f5bbd4f1b0cde8fa2ffca7b7cea74a8b9ce2a875106c680f5274d

data/CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. This
 project adheres to [Semantic Versioning](http://semver.org/). This change log is based upon
 [keep-a-changelog](https://github.com/olivierlacan/keep-a-changelog).
 
+## [2.12.0](https://github.com/k0kubun/hamlit/compare/v2.11.1...v2.12.0) - 2020-09-30
+
+### Changed
+
+- Class names are no longer ordered alphabetically
+  *Thanks to @aliismayilov*
+  - This is compatible with [Haml 5.2](https://github.com/haml/haml/blob/v5.2.0/CHANGELOG.md#52)
+
 ## [2.11.1](https://github.com/k0kubun/hamlit/compare/v2.11.0...v2.11.1) - 2020-08-25
 
 ### Fixed

data/Gemfile

@@ -8,10 +8,6 @@ end
 # Specify your gem's dependencies in hamlit.gemspec
 gemspec
 
-if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
-  gem 'rack', '< 2'
-end
-
 gem 'benchmark-ips', '2.3.0'
 gem 'maxitest'
 gem 'pry'

data/ext/hamlit/hamlit.c

@@ -152,7 +152,6 @@ hamlit_build_multi_class(VALUE escape_attrs, VALUE values)
     }
   }
 
-  rb_ary_sort_bang(buf);
   rb_funcall(buf, id_uniq_bang, 0);
 
   return escape_attribute(escape_attrs, rb_ary_join(buf, str_space()));

data/lib/hamlit/attribute_builder.rb

@@ -47,7 +47,7 @@ module Hamlit::AttributeBuilder
           when value.is_a?(String)
             # noop
           when value.is_a?(Array)
-            value = value.flatten.select { |v| v }.map(&:to_s).sort.uniq.join(' ')
+            value = value.flatten.select { |v| v }.map(&:to_s).uniq.join(' ')
           when value
             value = value.to_s
           else
@@ -67,7 +67,7 @@ module Hamlit::AttributeBuilder
             classes << value.to_s
           end
         end
-        escape_html(escape_attrs, classes.map(&:to_s).sort.uniq.join(' '))
+        escape_html(escape_attrs, classes.map(&:to_s).uniq.join(' '))
       end
 
       def build_data(escape_attrs, quote, *hashes)

data/lib/hamlit/attribute_compiler.rb

@@ -17,7 +17,7 @@ module Hamlit
       if node.value[:object_ref] != :nil || !Ripper.respond_to?(:lex) # No Ripper.lex in truffleruby
         return runtime_compile(node)
       end
-      node.value[:attributes_hashes].each do |attribute_str|
+      [node.value[:dynamic_attributes].new, node.value[:dynamic_attributes].old].compact.each do |attribute_str|
         hash = AttributeParser.parse(attribute_str)
         return runtime_compile(node) unless hash
         hashes << hash
@@ -28,11 +28,11 @@ module Hamlit
     private
 
     def runtime_compile(node)
-      attrs = node.value[:attributes_hashes]
+      attrs = []
       attrs.unshift(node.value[:attributes].inspect) if node.value[:attributes] != {}
 
       args = [@escape_attrs.inspect, "#{@quote.inspect}.freeze", @format.inspect].push(node.value[:object_ref]) + attrs
-      [:html, :attrs, [:dynamic, "::Hamlit::AttributeBuilder.build(#{args.join(', ')})"]]
+      [:html, :attrs, [:dynamic, "::Hamlit::AttributeBuilder.build(#{args.join(', ')}, #{node.value[:dynamic_attributes].to_literal})"]]
     end
 
     def static_compile(static_hash, dynamic_hashes)

data/lib/hamlit/compiler/children_compiler.rb

@@ -39,7 +39,7 @@ module Hamlit
         when :script, :silent_script
           @lineno += 1
         when :tag
-          node.value[:attributes_hashes].each do |attribute_hash|
+          [node.value[:dynamic_attributes].new, node.value[:dynamic_attributes].old].compact.each do |attribute_hash|
             @lineno += attribute_hash.count("\n")
           end
           @lineno += 1 if node.children.empty? && node.value[:parse]

data/lib/hamlit/parser/haml_attribute_builder.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+module Hamlit
+  module HamlAttributeBuilder
+    # https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+    INVALID_ATTRIBUTE_NAME_REGEX = /[ \0"'>\/=]/
+
+    class << self
+      def build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
+        # @TODO this is an absolutely ridiculous amount of arguments. At least
+        # some of this needs to be moved into an instance method.
+        join_char = hyphenate_data_attrs ? '-' : '_'
+
+        attributes.each do |key, value|
+          if value.is_a?(Hash)
+            data_attributes = attributes.delete(key)
+            data_attributes = flatten_data_attributes(data_attributes, '', join_char)
+            data_attributes = build_data_keys(data_attributes, hyphenate_data_attrs, key)
+            verify_attribute_names!(data_attributes.keys)
+            attributes = data_attributes.merge(attributes)
+          end
+        end
+
+        result = attributes.collect do |attr, value|
+          next if value.nil?
+
+          value = filter_and_join(value, ' ') if attr == 'class'
+          value = filter_and_join(value, '_') if attr == 'id'
+
+          if value == true
+            next " #{attr}" if is_html
+            next " #{attr}=#{attr_wrapper}#{attr}#{attr_wrapper}"
+          elsif value == false
+            next
+          end
+
+          value =
+            if escape_attrs == :once
+              Hamlit::HamlHelpers.escape_once_without_haml_xss(value.to_s)
+            elsif escape_attrs
+              Hamlit::HamlHelpers.html_escape_without_haml_xss(value.to_s)
+            else
+              value.to_s
+            end
+          " #{attr}=#{attr_wrapper}#{value}#{attr_wrapper}"
+        end
+        result.compact!
+        result.sort!
+        result.join
+      end
+
+      # @return [String, nil]
+      def filter_and_join(value, separator)
+        return '' if (value.respond_to?(:empty?) && value.empty?)
+
+        if value.is_a?(Array)
+          value = value.flatten
+          value.map! {|item| item ? item.to_s : nil}
+          value.compact!
+          value = value.join(separator)
+        else
+          value = value ? value.to_s : nil
+        end
+        !value.nil? && !value.empty? && value
+      end
+
+      # Merges two attribute hashes.
+      # This is the same as `to.merge!(from)`,
+      # except that it merges id, class, and data attributes.
+      #
+      # ids are concatenated with `"_"`,
+      # and classes are concatenated with `" "`.
+      # data hashes are simply merged.
+      #
+      # Destructively modifies `to`.
+      #
+      # @param to [{String => String,Hash}] The attribute hash to merge into
+      # @param from [{String => Object}] The attribute hash to merge from
+      # @return [{String => String,Hash}] `to`, after being merged
+      def merge_attributes!(to, from)
+        from.keys.each do |key|
+          to[key] = merge_value(key, to[key], from[key])
+        end
+        to
+      end
+
+      # Merge multiple values to one attribute value. No destructive operation.
+      #
+      # @param key [String]
+      # @param values [Array<Object>]
+      # @return [String,Hash]
+      def merge_values(key, *values)
+        values.inject(nil) do |to, from|
+          merge_value(key, to, from)
+        end
+      end
+
+      def verify_attribute_names!(attribute_names)
+        attribute_names.each do |attribute_name|
+          if attribute_name =~ INVALID_ATTRIBUTE_NAME_REGEX
+            raise InvalidAttributeNameError.new("Invalid attribute name '#{attribute_name}' was rendered")
+          end
+        end
+      end
+
+      private
+
+      # Merge a couple of values to one attribute value. No destructive operation.
+      #
+      # @param to [String,Hash,nil]
+      # @param from [Object]
+      # @return [String,Hash]
+      def merge_value(key, to, from)
+        if from.kind_of?(Hash) || to.kind_of?(Hash)
+          from = { nil => from } if !from.is_a?(Hash)
+          to   = { nil => to }   if !to.is_a?(Hash)
+          to.merge(from)
+        elsif key == 'id'
+          merged_id = filter_and_join(from, '_')
+          if to && merged_id
+            merged_id = "#{to}_#{merged_id}"
+          elsif to || merged_id
+            merged_id ||= to
+          end
+          merged_id
+        elsif key == 'class'
+          merged_class = filter_and_join(from, ' ')
+          if to && merged_class
+            merged_class = (to.split(' ') | merged_class.split(' ')).join(' ')
+          elsif to || merged_class
+            merged_class ||= to
+          end
+          merged_class
+        else
+          from
+        end
+      end
+
+      def build_data_keys(data_hash, hyphenate, attr_name="data")
+        Hash[data_hash.map do |name, value|
+          if name == nil
+            [attr_name, value]
+          elsif hyphenate
+            ["#{attr_name}-#{name.to_s.tr('_', '-')}", value]
+          else
+            ["#{attr_name}-#{name}", value]
+          end
+        end]
+      end
+
+      def flatten_data_attributes(data, key, join_char, seen = [])
+        return {key => data} unless data.is_a?(Hash)
+
+        return {key => nil} if seen.include? data.object_id
+        seen << data.object_id
+
+        data.sort {|x, y| x[0].to_s <=> y[0].to_s}.inject({}) do |hash, (k, v)|
+          joined = key == '' ? k : [key, k].join(join_char)
+          hash.merge! flatten_data_attributes(v, joined, join_char, seen)
+        end
+      end
+    end
+  end
+end

data/lib/hamlit/parser/haml_helpers.rb

@@ -617,6 +617,9 @@ MESSAGE
       text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
     end
 
+    # Always escape text regardless of html_safe?
+    alias_method :html_escape_without_haml_xss, :html_escape
+
     HTML_ESCAPE_ONCE_REGEX = /[\"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
     # Escapes HTML entities in `text`, but without escaping an ampersand
@@ -629,6 +632,9 @@ MESSAGE
       text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
     end
 
+    # Always escape text once regardless of html_safe?
+    alias_method :escape_once_without_haml_xss, :escape_once
+
     # Returns whether or not the current template is a Haml template.
     #
     # This function, unlike other {Haml::Helpers} functions,

data/lib/hamlit/parser/haml_parser.rb

@@ -1,6 +1,7 @@
 require 'strscan'
 require 'hamlit/parser/haml_util'
 require 'hamlit/parser/haml_error'
+require 'hamlit/parser/haml_attribute_builder'
 
 module Hamlit
   class HamlParser
@@ -206,6 +207,31 @@ module Hamlit
       end
     end
 
+    # @param [String] new - Hash literal including dynamic values.
+    # @param [String] old - Hash literal including dynamic values or Ruby literal of multiple Hashes which MUST be interpreted as method's last arguments.
+    DynamicAttributes = Struct.new(:new, :old) do
+      undef :old=
+      def old=(value)
+        unless value =~ /\A{.*}\z/m
+          raise ArgumentError.new('Old attributes must start with "{" and end with "}"')
+        end
+        self[:old] = value
+      end
+
+      # This will be a literal for Haml::Buffer#attributes's last argument, `attributes_hashes`.
+      def to_literal
+        [new, stripped_old].compact.join(', ')
+      end
+
+      private
+
+      # For `%foo{ { foo: 1 }, bar: 2 }`, :old is "{ { foo: 1 }, bar: 2 }" and this method returns " { foo: 1 }, bar: 2 " for last argument.
+      def stripped_old
+        return nil if old.nil?
+        old.sub!(/\A{/, '').sub!(/}\z/m, '')
+      end
+    end
+
     # Processes and deals with lowering indentation.
     def process_indent(line)
       return unless line.tabs <= @template_tabs && @template_tabs > 0
@@ -403,22 +429,20 @@ module Hamlit
       end
 
       attributes = ::Hamlit::HamlParser.parse_class_and_id(attributes)
-      attributes_list = []
+      dynamic_attributes = DynamicAttributes.new
 
       if attributes_hashes[:new]
         static_attributes, attributes_hash = attributes_hashes[:new]
-        ::Hamlit::HamlBuffer.merge_attrs(attributes, static_attributes) if static_attributes
-        attributes_list << attributes_hash
+        HamlAttributeBuilder.merge_attributes!(attributes, static_attributes) if static_attributes
+        dynamic_attributes.new = attributes_hash
       end
 
       if attributes_hashes[:old]
         static_attributes = parse_static_hash(attributes_hashes[:old])
-        ::Hamlit::HamlBuffer.merge_attrs(attributes, static_attributes) if static_attributes
-        attributes_list << attributes_hashes[:old] unless static_attributes || @options.suppress_eval
+        HamlAttributeBuilder.merge_attributes!(attributes, static_attributes) if static_attributes
+        dynamic_attributes.old = attributes_hashes[:old] unless static_attributes || @options.suppress_eval
       end
 
-      attributes_list.compact!
-
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:illegal_nesting_self_closing), @next_line.index) if block_opened? && self_closing
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:no_ruby_code, action), last_line - 1) if parse && value.empty?
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:self_closing_content), last_line - 1) if self_closing && !value.empty?
@@ -433,7 +457,7 @@ module Hamlit
       line = handle_ruby_multiline(line) if parse
 
       ParseNode.new(:tag, line.index + 1, :name => tag_name, :attributes => attributes,
-        :attributes_hashes => attributes_list, :self_closing => self_closing,
+        :dynamic_attributes => dynamic_attributes, :self_closing => self_closing,
         :nuke_inner_whitespace => nuke_inner_whitespace,
         :nuke_outer_whitespace => nuke_outer_whitespace, :object_ref => object_ref,
         :escape_html => escape_html, :preserve_tag => preserve_tag,
@@ -641,7 +665,6 @@ module Hamlit
         raise e
       end
 
-      attributes_hash = attributes_hash[1...-1] if attributes_hash
       return attributes_hash, rest, last_line
     end
 

data/lib/hamlit/parser/haml_xss_mods.rb

@@ -6,12 +6,15 @@ module Hamlit
     # to work with Rails' XSS protection methods.
     module XssMods
       def self.included(base)
-        %w[html_escape find_and_preserve preserve list_of surround
-           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
-           escape_once].each do |name|
+        %w[find_and_preserve preserve list_of surround
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
           base.send(:alias_method, "#{name}_without_haml_xss", name)
           base.send(:alias_method, name, "#{name}_with_haml_xss")
         end
+        # Those two always have _without_haml_xss
+        %w[html_escape escape_once].each do |name|
+          base.send(:alias_method, name, "#{name}_with_haml_xss")
+        end
       end
 
       # Don't escape text that's already safe,

data/lib/hamlit/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Hamlit
-  VERSION = '2.11.1'
+  VERSION = '2.12.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hamlit
 version: !ruby/object:Gem::Version
-  version: 2.11.1
+  version: 2.12.0
 platform: ruby
 authors:
 - Takashi Kokubun
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-26 00:00:00.000000000 Z
+date: 2020-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: temple
@@ -350,6 +350,7 @@ files:
 - lib/hamlit/parser.rb
 - lib/hamlit/parser/MIT-LICENSE
 - lib/hamlit/parser/README.md
+- lib/hamlit/parser/haml_attribute_builder.rb
 - lib/hamlit/parser/haml_buffer.rb
 - lib/hamlit/parser/haml_compiler.rb
 - lib/hamlit/parser/haml_error.rb