hamlit 2.9.4-java → 2.12.0-java

data/lib/hamlit/compiler/comment_compiler.rb

@@ -25,11 +25,13 @@ module Hamlit
           condition = $1
         end
 
-        if node.children.empty?
-          [:html, :condcomment, condition, [:static, " #{node.value[:text]} "]]
-        else
-          [:html, :condcomment, condition, yield(node)]
-        end
+        content =
+          if node.children.empty?
+            [:static, " #{node.value[:text]} "]
+          else
+            yield(node)
+          end
+        [:html, :condcomment, condition, content, node.value[:revealed]]
       end
     end
   end

data/lib/hamlit/compiler/tag_compiler.rb

@@ -55,10 +55,6 @@ module Hamlit
 
       # We should handle interpolation here to escape only interpolated values.
       def compile_interpolated_plain(node)
-        unless Ripper.respond_to?(:lex) # No Ripper.lex in truffleruby
-          return [:multi, [:escape, node.value[:escape_interpolation], [:dynamic, "%Q[#{node.value[:value]}]"]], [:newline]]
-        end
-
         temple = [:multi]
         StringSplitter.compile(node.value[:value]).each do |type, value|
           case type

data/lib/hamlit/dynamic_merger.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+module Hamlit
+  # Compile [:multi, [:static, 'foo'], [:dynamic, 'bar']] to [:dynamic, '"foo#{bar}"']
+  class DynamicMerger < Temple::Filter
+    def on_multi(*exps)
+      exps = exps.dup
+      result = [:multi]
+      buffer = []
+
+      until exps.empty?
+        type, arg = exps.first
+        if type == :dynamic && arg.count("\n") == 0
+          buffer << exps.shift
+        elsif type == :static && exps.size > (count = arg.count("\n")) &&
+              exps[1, count].all? { |e| e == [:newline] }
+          (1 + count).times { buffer << exps.shift }
+        elsif type == :newline && exps.size > (count = count_newline(exps)) &&
+              exps[count].first == :static && count == exps[count].last.count("\n")
+          (count + 1).times { buffer << exps.shift }
+        else
+          result.concat(merge_dynamic(buffer))
+          buffer = []
+          result << compile(exps.shift)
+        end
+      end
+      result.concat(merge_dynamic(buffer))
+
+      result.size == 2 ? result[1] : result
+    end
+
+    private
+
+    def merge_dynamic(exps)
+      # Merge exps only when they have both :static and :dynamic
+      unless exps.any? { |type,| type == :static } && exps.any? { |type,| type == :dynamic }
+        return exps
+      end
+
+      strlit_body = String.new
+      exps.each do |type, arg|
+        case type
+        when :static
+          strlit_body << arg.dump.sub!(/\A"/, '').sub!(/"\z/, '').gsub('\n', "\n")
+        when :dynamic
+          strlit_body << "\#{#{arg}}"
+        when :newline
+          # newline is added by `gsub('\n', "\n")`
+        else
+          raise "unexpected type #{type.inspect} is given to #merge_dynamic"
+        end
+      end
+      [[:dynamic, "%Q\0#{strlit_body}\0"]]
+    end
+
+    def count_newline(exps)
+      count = 0
+      exps.each do |exp|
+        if exp == [:newline]
+          count += 1
+        else
+          return count
+        end
+      end
+      return count
+    end
+  end
+end

data/lib/hamlit/engine.rb

@@ -2,10 +2,10 @@
 require 'temple'
 require 'hamlit/parser'
 require 'hamlit/compiler'
+require 'hamlit/html'
 require 'hamlit/escapable'
 require 'hamlit/force_escapable'
-require 'hamlit/html'
-require 'hamlit/string_splitter'
+require 'hamlit/dynamic_merger'
 
 module Hamlit
   class Engine < Temple::Engine
@@ -25,15 +25,14 @@ module Hamlit
     use Parser
     use Compiler
     use HTML
-    if Ripper.respond_to?(:lex) # No Ripper.lex in truffleruby
-      use StringSplitter
-      filter :StaticAnalyzer
-    end
+    filter :StringSplitter
+    filter :StaticAnalyzer
     use Escapable
     use ForceEscapable
     filter :ControlFlow
     filter :MultiFlattener
     filter :StaticMerger
+    use DynamicMerger
     use :Generator, -> { options[:generator] }
   end
 end

data/lib/hamlit/filters/plain.rb

@@ -5,9 +5,6 @@ module Hamlit
   class Filters
     class Plain < Base
       def compile(node)
-        unless Ripper.respond_to?(:lex)
-          raise NotImplementedError.new('This platform does not have Ripper.lex required for :plain filter')
-        end
         text = node.value[:text]
         text = text.rstrip unless ::Hamlit::HamlUtil.contains_interpolation?(text) # for compatibility
         [:multi, *compile_plain(text)]

data/lib/hamlit/html.rb

@@ -10,5 +10,13 @@ module Hamlit
       end
       super(opts)
     end
+
+    # This dispatcher supports Haml's "revealed" conditional comment.
+    def on_html_condcomment(condition, content, revealed = false)
+      on_html_comment [:multi,
+                       [:static, "[#{condition}]>#{'<!-->' if revealed}"],
+                       content,
+                       [:static, "#{'<!--' if revealed}<![endif]"]]
+    end
   end
 end

data/lib/hamlit/parser/haml_attribute_builder.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+module Hamlit
+  module HamlAttributeBuilder
+    # https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+    INVALID_ATTRIBUTE_NAME_REGEX = /[ \0"'>\/=]/
+
+    class << self
+      def build_attributes(is_html, attr_wrapper, escape_attrs, hyphenate_data_attrs, attributes = {})
+        # @TODO this is an absolutely ridiculous amount of arguments. At least
+        # some of this needs to be moved into an instance method.
+        join_char = hyphenate_data_attrs ? '-' : '_'
+
+        attributes.each do |key, value|
+          if value.is_a?(Hash)
+            data_attributes = attributes.delete(key)
+            data_attributes = flatten_data_attributes(data_attributes, '', join_char)
+            data_attributes = build_data_keys(data_attributes, hyphenate_data_attrs, key)
+            verify_attribute_names!(data_attributes.keys)
+            attributes = data_attributes.merge(attributes)
+          end
+        end
+
+        result = attributes.collect do |attr, value|
+          next if value.nil?
+
+          value = filter_and_join(value, ' ') if attr == 'class'
+          value = filter_and_join(value, '_') if attr == 'id'
+
+          if value == true
+            next " #{attr}" if is_html
+            next " #{attr}=#{attr_wrapper}#{attr}#{attr_wrapper}"
+          elsif value == false
+            next
+          end
+
+          value =
+            if escape_attrs == :once
+              Hamlit::HamlHelpers.escape_once_without_haml_xss(value.to_s)
+            elsif escape_attrs
+              Hamlit::HamlHelpers.html_escape_without_haml_xss(value.to_s)
+            else
+              value.to_s
+            end
+          " #{attr}=#{attr_wrapper}#{value}#{attr_wrapper}"
+        end
+        result.compact!
+        result.sort!
+        result.join
+      end
+
+      # @return [String, nil]
+      def filter_and_join(value, separator)
+        return '' if (value.respond_to?(:empty?) && value.empty?)
+
+        if value.is_a?(Array)
+          value = value.flatten
+          value.map! {|item| item ? item.to_s : nil}
+          value.compact!
+          value = value.join(separator)
+        else
+          value = value ? value.to_s : nil
+        end
+        !value.nil? && !value.empty? && value
+      end
+
+      # Merges two attribute hashes.
+      # This is the same as `to.merge!(from)`,
+      # except that it merges id, class, and data attributes.
+      #
+      # ids are concatenated with `"_"`,
+      # and classes are concatenated with `" "`.
+      # data hashes are simply merged.
+      #
+      # Destructively modifies `to`.
+      #
+      # @param to [{String => String,Hash}] The attribute hash to merge into
+      # @param from [{String => Object}] The attribute hash to merge from
+      # @return [{String => String,Hash}] `to`, after being merged
+      def merge_attributes!(to, from)
+        from.keys.each do |key|
+          to[key] = merge_value(key, to[key], from[key])
+        end
+        to
+      end
+
+      # Merge multiple values to one attribute value. No destructive operation.
+      #
+      # @param key [String]
+      # @param values [Array<Object>]
+      # @return [String,Hash]
+      def merge_values(key, *values)
+        values.inject(nil) do |to, from|
+          merge_value(key, to, from)
+        end
+      end
+
+      def verify_attribute_names!(attribute_names)
+        attribute_names.each do |attribute_name|
+          if attribute_name =~ INVALID_ATTRIBUTE_NAME_REGEX
+            raise InvalidAttributeNameError.new("Invalid attribute name '#{attribute_name}' was rendered")
+          end
+        end
+      end
+
+      private
+
+      # Merge a couple of values to one attribute value. No destructive operation.
+      #
+      # @param to [String,Hash,nil]
+      # @param from [Object]
+      # @return [String,Hash]
+      def merge_value(key, to, from)
+        if from.kind_of?(Hash) || to.kind_of?(Hash)
+          from = { nil => from } if !from.is_a?(Hash)
+          to   = { nil => to }   if !to.is_a?(Hash)
+          to.merge(from)
+        elsif key == 'id'
+          merged_id = filter_and_join(from, '_')
+          if to && merged_id
+            merged_id = "#{to}_#{merged_id}"
+          elsif to || merged_id
+            merged_id ||= to
+          end
+          merged_id
+        elsif key == 'class'
+          merged_class = filter_and_join(from, ' ')
+          if to && merged_class
+            merged_class = (to.split(' ') | merged_class.split(' ')).join(' ')
+          elsif to || merged_class
+            merged_class ||= to
+          end
+          merged_class
+        else
+          from
+        end
+      end
+
+      def build_data_keys(data_hash, hyphenate, attr_name="data")
+        Hash[data_hash.map do |name, value|
+          if name == nil
+            [attr_name, value]
+          elsif hyphenate
+            ["#{attr_name}-#{name.to_s.tr('_', '-')}", value]
+          else
+            ["#{attr_name}-#{name}", value]
+          end
+        end]
+      end
+
+      def flatten_data_attributes(data, key, join_char, seen = [])
+        return {key => data} unless data.is_a?(Hash)
+
+        return {key => nil} if seen.include? data.object_id
+        seen << data.object_id
+
+        data.sort {|x, y| x[0].to_s <=> y[0].to_s}.inject({}) do |hash, (k, v)|
+          joined = key == '' ? k : [key, k].join(join_char)
+          hash.merge! flatten_data_attributes(v, joined, join_char, seen)
+        end
+      end
+    end
+  end
+end

data/lib/hamlit/parser/haml_helpers.rb

@@ -617,6 +617,9 @@ MESSAGE
       text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
     end
 
+    # Always escape text regardless of html_safe?
+    alias_method :html_escape_without_haml_xss, :html_escape
+
     HTML_ESCAPE_ONCE_REGEX = /[\"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
     # Escapes HTML entities in `text`, but without escaping an ampersand
@@ -629,6 +632,9 @@ MESSAGE
       text.gsub(HTML_ESCAPE_ONCE_REGEX, HTML_ESCAPE)
     end
 
+    # Always escape text once regardless of html_safe?
+    alias_method :escape_once_without_haml_xss, :escape_once
+
     # Returns whether or not the current template is a Haml template.
     #
     # This function, unlike other {Haml::Helpers} functions,

data/lib/hamlit/parser/haml_parser.rb

@@ -1,6 +1,7 @@
 require 'strscan'
 require 'hamlit/parser/haml_util'
 require 'hamlit/parser/haml_error'
+require 'hamlit/parser/haml_attribute_builder'
 
 module Hamlit
   class HamlParser
@@ -206,6 +207,31 @@ module Hamlit
       end
     end
 
+    # @param [String] new - Hash literal including dynamic values.
+    # @param [String] old - Hash literal including dynamic values or Ruby literal of multiple Hashes which MUST be interpreted as method's last arguments.
+    DynamicAttributes = Struct.new(:new, :old) do
+      undef :old=
+      def old=(value)
+        unless value =~ /\A{.*}\z/m
+          raise ArgumentError.new('Old attributes must start with "{" and end with "}"')
+        end
+        self[:old] = value
+      end
+
+      # This will be a literal for Haml::Buffer#attributes's last argument, `attributes_hashes`.
+      def to_literal
+        [new, stripped_old].compact.join(', ')
+      end
+
+      private
+
+      # For `%foo{ { foo: 1 }, bar: 2 }`, :old is "{ { foo: 1 }, bar: 2 }" and this method returns " { foo: 1 }, bar: 2 " for last argument.
+      def stripped_old
+        return nil if old.nil?
+        old.sub!(/\A{/, '').sub!(/}\z/m, '')
+      end
+    end
+
     # Processes and deals with lowering indentation.
     def process_indent(line)
       return unless line.tabs <= @template_tabs && @template_tabs > 0
@@ -403,22 +429,20 @@ module Hamlit
       end
 
       attributes = ::Hamlit::HamlParser.parse_class_and_id(attributes)
-      attributes_list = []
+      dynamic_attributes = DynamicAttributes.new
 
       if attributes_hashes[:new]
         static_attributes, attributes_hash = attributes_hashes[:new]
-        ::Hamlit::HamlBuffer.merge_attrs(attributes, static_attributes) if static_attributes
-        attributes_list << attributes_hash
+        HamlAttributeBuilder.merge_attributes!(attributes, static_attributes) if static_attributes
+        dynamic_attributes.new = attributes_hash
       end
 
       if attributes_hashes[:old]
         static_attributes = parse_static_hash(attributes_hashes[:old])
-        ::Hamlit::HamlBuffer.merge_attrs(attributes, static_attributes) if static_attributes
-        attributes_list << attributes_hashes[:old] unless static_attributes || @options.suppress_eval
+        HamlAttributeBuilder.merge_attributes!(attributes, static_attributes) if static_attributes
+        dynamic_attributes.old = attributes_hashes[:old] unless static_attributes || @options.suppress_eval
       end
 
-      attributes_list.compact!
-
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:illegal_nesting_self_closing), @next_line.index) if block_opened? && self_closing
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:no_ruby_code, action), last_line - 1) if parse && value.empty?
       raise ::Hamlit::HamlSyntaxError.new(::Hamlit::HamlError.message(:self_closing_content), last_line - 1) if self_closing && !value.empty?
@@ -433,7 +457,7 @@ module Hamlit
       line = handle_ruby_multiline(line) if parse
 
       ParseNode.new(:tag, line.index + 1, :name => tag_name, :attributes => attributes,
-        :attributes_hashes => attributes_list, :self_closing => self_closing,
+        :dynamic_attributes => dynamic_attributes, :self_closing => self_closing,
         :nuke_inner_whitespace => nuke_inner_whitespace,
         :nuke_outer_whitespace => nuke_outer_whitespace, :object_ref => object_ref,
         :escape_html => escape_html, :preserve_tag => preserve_tag,
@@ -641,7 +665,6 @@ module Hamlit
         raise e
       end
 
-      attributes_hash = attributes_hash[1...-1] if attributes_hash
       return attributes_hash, rest, last_line
     end
 

data/lib/hamlit/parser/haml_xss_mods.rb

@@ -6,12 +6,15 @@ module Hamlit
     # to work with Rails' XSS protection methods.
     module XssMods
       def self.included(base)
-        %w[html_escape find_and_preserve preserve list_of surround
-           precede succeed capture_haml haml_concat haml_internal_concat haml_indent
-           escape_once].each do |name|
+        %w[find_and_preserve preserve list_of surround
+           precede succeed capture_haml haml_concat haml_internal_concat haml_indent].each do |name|
           base.send(:alias_method, "#{name}_without_haml_xss", name)
           base.send(:alias_method, name, "#{name}_with_haml_xss")
         end
+        # Those two always have _without_haml_xss
+        %w[html_escape escape_once].each do |name|
+          base.send(:alias_method, name, "#{name}_with_haml_xss")
+        end
       end
 
       # Don't escape text that's already safe,

data/lib/hamlit/string_splitter.rb

@@ -2,87 +2,18 @@ require 'ripper'
 require 'hamlit/ruby_expression'
 
 module Hamlit
-  class StringSplitter < Temple::Filter
-    class << self
-      # `code` param must be valid string literal
-      def compile(code)
-        [].tap do |exps|
-          tokens = Ripper.lex(code.strip)
-          tokens.pop while tokens.last && %i[on_comment on_sp].include?(tokens.last[1])
-
-          if tokens.size < 2
-            raise Hamlit::InternalError.new("Expected token size >= 2 but got: #{tokens.size}")
-          end
-          compile_tokens!(exps, tokens)
-        end
-      end
-
-      private
-
-      def strip_quotes!(tokens)
-        _, type, beg_str = tokens.shift
-        if type != :on_tstring_beg
-          raise Hamlit::InternalError.new("Expected :on_tstring_beg but got: #{type}")
-        end
-
-        _, type, end_str = tokens.pop
-        if type != :on_tstring_end
-          raise Hamlit::InternalError.new("Expected :on_tstring_end but got: #{type}")
-        end
-
-        [beg_str, end_str]
-      end
-
-      def compile_tokens!(exps, tokens)
-        beg_str, end_str = strip_quotes!(tokens)
-
-        until tokens.empty?
-          _, type, str = tokens.shift
-
-          case type
-          when :on_tstring_content
-            exps << [:static, eval("#{beg_str}#{str}#{end_str}")]
-          when :on_embexpr_beg
-            embedded = shift_balanced_embexpr(tokens)
-            exps << [:dynamic, embedded] unless embedded.empty?
-          end
-        end
-      end
-
-      def shift_balanced_embexpr(tokens)
-        String.new.tap do |embedded|
-          embexpr_open = 1
-
-          until tokens.empty?
-            _, type, str = tokens.shift
-            case type
-            when :on_embexpr_beg
-              embexpr_open += 1
-            when :on_embexpr_end
-              embexpr_open -= 1
-              break if embexpr_open == 0
-            end
-
-            embedded << str
-          end
-        end
+  module StringSplitter
+    # `code` param must be valid string literal
+    def self.compile(code)
+      unless Ripper.respond_to?(:lex) # truffleruby doesn't have Ripper.lex
+        return [[:dynamic, code]]
       end
-    end
-
-    def on_dynamic(code)
-      return [:dynamic, code] unless RubyExpression.string_literal?(code)
-      return [:dynamic, code] if code.include?("\n")
 
-      temple = [:multi]
-      StringSplitter.compile(code).each do |type, content|
-        case type
-        when :static
-          temple << [:static, content]
-        when :dynamic
-          temple << on_dynamic(content)
-        end
+      begin
+        Temple::Filters::StringSplitter.compile(code)
+      rescue Temple::FilterError => e
+        raise Hamlit::InternalError.new(e.message)
       end
-      temple
     end
   end
 end