roda 2.19.0 → 2.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.rdoc +4 -1
- data/doc/release_notes/2.20.0.txt +5 -0
- data/lib/roda/plugins/render.rb +8 -5
- data/lib/roda/version.rb +1 -1
- data/spec/plugin/_erubis_escaping_spec.rb +7 -5
- data/spec/plugin/render_spec.rb +47 -0
- metadata +18 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eef2a8e61f61ef63c53b1086d69a56ebfe6d8634
|
|
4
|
+
data.tar.gz: 9803c11eb51c8588d8ba7c8b8c9026045ee769f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82c6579b2995baf018e9115ce50dc32bb672cf9ecf7b26c82b895062e5cf86537ac2c07cd978936d64a5421989e332dfb24f2fea7fd45d07a8a5953b8eba93e6
|
|
7
|
+
data.tar.gz: c41e5dcc24f4dc2c5528556fb4c583f486e64eb7c04f988a9851d72e53ec99ea760782637084e9d83369db27a7cc3e83a37a3622e4c248654a639472ffdbc76c
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
= 2.20.0 (2016-11-13)
|
|
2
|
+
|
|
3
|
+
* Support :escape=>:erubi option in the render plugin to use the erubi template engine (jeremyevans)
|
|
4
|
+
|
|
1
5
|
= 2.19.0 (2016-10-14)
|
|
2
6
|
|
|
3
7
|
* Don't add Content-Type/Content-Length headers for 1xx, 204, 205, 304 statuses (celsworth, jeremyevans) (#101, #102)
|
data/README.rdoc
CHANGED
|
@@ -693,7 +693,8 @@ You can override the default rendering options by passing a hash to the plugin:
|
|
|
693
693
|
|
|
694
694
|
class App < Roda
|
|
695
695
|
plugin :render,
|
|
696
|
-
:escape => true,
|
|
696
|
+
:escape => true, # Automatically escape output in erb templates using Erubis
|
|
697
|
+
# can use :erubi instead of true to use Erubi instead of Erubis
|
|
697
698
|
:views => 'admin_views', # Default views directory
|
|
698
699
|
:layout_opts => {:template=>'admin_layout',
|
|
699
700
|
:ext=>'html.erb'}, # Default layout template options
|
|
@@ -763,6 +764,8 @@ if you have helpers that already return escaped output using a
|
|
|
763
764
|
string subclass instance.
|
|
764
765
|
|
|
765
766
|
This support requires {Erubis}[http://www.kuwata-lab.com/erubis/].
|
|
767
|
+
You can use <tt>:escape=>:erubi</tt> to use {Erubi}[https://github.com/jeremyevans/erubi],
|
|
768
|
+
a simplified fork of Erubis.
|
|
766
769
|
|
|
767
770
|
=== Security Related HTTP Headers
|
|
768
771
|
|
data/lib/roda/plugins/render.rb
CHANGED
|
@@ -58,10 +58,10 @@ class Roda
|
|
|
58
58
|
# templates, defaults to 'erb'.
|
|
59
59
|
# :escape :: Use Roda's Erubis escaping support, which makes <tt><%= %></tt> escape output,
|
|
60
60
|
# <tt><%== %></tt> not escape output, and handles postfix conditions inside
|
|
61
|
-
# <tt><%= %></tt> tags.
|
|
61
|
+
# <tt><%= %></tt> tags. Can have a value of :erubi to use Erubi escaping support.
|
|
62
62
|
# :escape_safe_classes :: String subclasses that should not be HTML escaped when used in
|
|
63
|
-
# <tt><%= %></tt> tags, when :escape is used. Can be an array for multiple classes.
|
|
64
|
-
# :escaper :: Object used for escaping output of <tt><%= %></tt>, when :escape is used,
|
|
63
|
+
# <tt><%= %></tt> tags, when :escape=>true is used. Can be an array for multiple classes.
|
|
64
|
+
# :escaper :: Object used for escaping output of <tt><%= %></tt>, when :escape=>true is used,
|
|
65
65
|
# overriding the default. If given, object should respond to +escape_xml+ with
|
|
66
66
|
# a single argument and return an output string.
|
|
67
67
|
# :layout :: The base name of the layout file, defaults to 'layout'. This can be provided as a hash
|
|
@@ -146,7 +146,7 @@ class Roda
|
|
|
146
146
|
OPTS={}.freeze
|
|
147
147
|
|
|
148
148
|
def self.load_dependencies(app, opts=OPTS)
|
|
149
|
-
if opts[:escape]
|
|
149
|
+
if opts[:escape] && opts[:escape] != :erubi
|
|
150
150
|
app.plugin :_erubis_escaping
|
|
151
151
|
end
|
|
152
152
|
end
|
|
@@ -199,7 +199,10 @@ class Roda
|
|
|
199
199
|
if RUBY_VERSION >= "1.9" && !template_opts.has_key?(:default_encoding)
|
|
200
200
|
template_opts[:default_encoding] = Encoding.default_external
|
|
201
201
|
end
|
|
202
|
-
if opts[:escape]
|
|
202
|
+
if opts[:escape] == :erubi
|
|
203
|
+
require 'tilt/erubi'
|
|
204
|
+
template_opts[:escape] = true
|
|
205
|
+
elsif opts[:escape]
|
|
203
206
|
template_opts[:engine_class] = ErubisEscaping::Eruby
|
|
204
207
|
|
|
205
208
|
opts[:escaper] ||= if opts[:escape_safe_classes]
|
data/lib/roda/version.rb
CHANGED
|
@@ -9,15 +9,17 @@ begin
|
|
|
9
9
|
rescue LoadError
|
|
10
10
|
# Tilt 1 support
|
|
11
11
|
end
|
|
12
|
-
|
|
13
|
-
if defined?(Tilt::ErubisTemplate) && ::Tilt['erb'] != Tilt::ErubisTemplate
|
|
14
|
-
# Work around error where erubis isn't set as erb template handler
|
|
15
|
-
Tilt.register(Tilt::ErubisTemplate, 'erb')
|
|
16
|
-
end
|
|
17
12
|
rescue LoadError
|
|
18
13
|
warn "tilt or erubis not installed, skipping _erubis_escaping plugin test"
|
|
19
14
|
else
|
|
20
15
|
describe "_erubis_escaping plugin" do
|
|
16
|
+
before do
|
|
17
|
+
if defined?(Tilt::ErubisTemplate) && ::Tilt['erb'] != Tilt::ErubisTemplate
|
|
18
|
+
# Set erubis as default erb template handler
|
|
19
|
+
Tilt.register(Tilt::ErubisTemplate, 'erb')
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
21
23
|
it "should escape inside <%= %> and not inside <%== %>, and handle postfix conditionals" do
|
|
22
24
|
app(:bare) do
|
|
23
25
|
plugin :render, :escape=>true
|
data/spec/plugin/render_spec.rb
CHANGED
|
@@ -549,3 +549,50 @@ describe "render plugin" do
|
|
|
549
549
|
|
|
550
550
|
end
|
|
551
551
|
end
|
|
552
|
+
|
|
553
|
+
begin
|
|
554
|
+
require 'tilt'
|
|
555
|
+
require 'tilt/erubi'
|
|
556
|
+
rescue LoadError
|
|
557
|
+
warn "tilt 2 or erubi not installed, skipping render :escape=>:erubi test"
|
|
558
|
+
else
|
|
559
|
+
describe "_erubis_escaping plugin" do
|
|
560
|
+
before do
|
|
561
|
+
if defined?(Tilt::ErubiTemplate) && ::Tilt['erb'] != Tilt::ErubiTemplate
|
|
562
|
+
# Set erubi as default erb template handler
|
|
563
|
+
Tilt.register(Tilt::ErubiTemplate, 'erb')
|
|
564
|
+
end
|
|
565
|
+
end
|
|
566
|
+
|
|
567
|
+
it "should escape inside <%= %> and not inside <%== %>, and handle postfix conditionals" do
|
|
568
|
+
app(:bare) do
|
|
569
|
+
plugin :render, :escape=>:erubi
|
|
570
|
+
|
|
571
|
+
route do |r|
|
|
572
|
+
render(:inline=>'<%= "<>" %> <%== "<>" %><%= "<>" if false %>')
|
|
573
|
+
end
|
|
574
|
+
end
|
|
575
|
+
|
|
576
|
+
body.must_equal '<> <>'
|
|
577
|
+
end
|
|
578
|
+
|
|
579
|
+
it "should allow for per-branch escaping via set_view options" do
|
|
580
|
+
app(:bare) do
|
|
581
|
+
plugin :render, :escape=>:erubi
|
|
582
|
+
plugin :view_options
|
|
583
|
+
|
|
584
|
+
route do |r|
|
|
585
|
+
set_view_options :template_opts=>{:escape=>false}
|
|
586
|
+
r.is 'a' do
|
|
587
|
+
set_view_options :template_opts=>{:engine_class=>render_opts[:template_opts][:engine_class]}
|
|
588
|
+
render(:inline=>'<%= "<>" %>')
|
|
589
|
+
end
|
|
590
|
+
render(:inline=>'<%= "<>" %>')
|
|
591
|
+
end
|
|
592
|
+
end
|
|
593
|
+
|
|
594
|
+
body('/a').must_equal '<>'
|
|
595
|
+
body.must_equal '<>'
|
|
596
|
+
end
|
|
597
|
+
end
|
|
598
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: roda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: erubi
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: haml
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -185,6 +199,7 @@ extra_rdoc_files:
|
|
|
185
199
|
- doc/release_notes/2.17.0.txt
|
|
186
200
|
- doc/release_notes/2.18.0.txt
|
|
187
201
|
- doc/release_notes/2.19.0.txt
|
|
202
|
+
- doc/release_notes/2.20.0.txt
|
|
188
203
|
files:
|
|
189
204
|
- CHANGELOG
|
|
190
205
|
- MIT-LICENSE
|
|
@@ -208,6 +223,7 @@ files:
|
|
|
208
223
|
- doc/release_notes/2.18.0.txt
|
|
209
224
|
- doc/release_notes/2.19.0.txt
|
|
210
225
|
- doc/release_notes/2.2.0.txt
|
|
226
|
+
- doc/release_notes/2.20.0.txt
|
|
211
227
|
- doc/release_notes/2.3.0.txt
|
|
212
228
|
- doc/release_notes/2.4.0.txt
|
|
213
229
|
- doc/release_notes/2.5.0.txt
|