roda 2.19.0 → 2.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.rdoc +4 -1
- data/doc/release_notes/2.20.0.txt +5 -0
- data/lib/roda/plugins/render.rb +8 -5
- data/lib/roda/version.rb +1 -1
- data/spec/plugin/_erubis_escaping_spec.rb +7 -5
- data/spec/plugin/render_spec.rb +47 -0
- metadata +18 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eef2a8e61f61ef63c53b1086d69a56ebfe6d8634
|
|
4
|
+
data.tar.gz: 9803c11eb51c8588d8ba7c8b8c9026045ee769f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82c6579b2995baf018e9115ce50dc32bb672cf9ecf7b26c82b895062e5cf86537ac2c07cd978936d64a5421989e332dfb24f2fea7fd45d07a8a5953b8eba93e6
|
|
7
|
+
data.tar.gz: c41e5dcc24f4dc2c5528556fb4c583f486e64eb7c04f988a9851d72e53ec99ea760782637084e9d83369db27a7cc3e83a37a3622e4c248654a639472ffdbc76c
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
= 2.20.0 (2016-11-13)
|
|
2
|
+
|
|
3
|
+
* Support :escape=>:erubi option in the render plugin to use the erubi template engine (jeremyevans)
|
|
4
|
+
|
|
1
5
|
= 2.19.0 (2016-10-14)
|
|
2
6
|
|
|
3
7
|
* Don't add Content-Type/Content-Length headers for 1xx, 204, 205, 304 statuses (celsworth, jeremyevans) (#101, #102)
|
data/README.rdoc
CHANGED
|
@@ -693,7 +693,8 @@ You can override the default rendering options by passing a hash to the plugin:
|
|
|
693
693
|
|
|
694
694
|
class App < Roda
|
|
695
695
|
plugin :render,
|
|
696
|
-
:escape => true,
|
|
696
|
+
:escape => true, # Automatically escape output in erb templates using Erubis
|
|
697
|
+
# can use :erubi instead of true to use Erubi instead of Erubis
|
|
697
698
|
:views => 'admin_views', # Default views directory
|
|
698
699
|
:layout_opts => {:template=>'admin_layout',
|
|
699
700
|
:ext=>'html.erb'}, # Default layout template options
|
|
@@ -763,6 +764,8 @@ if you have helpers that already return escaped output using a
|
|
|
763
764
|
string subclass instance.
|
|
764
765
|
|
|
765
766
|
This support requires {Erubis}[http://www.kuwata-lab.com/erubis/].
|
|
767
|
+
You can use <tt>:escape=>:erubi</tt> to use {Erubi}[https://github.com/jeremyevans/erubi],
|
|
768
|
+
a simplified fork of Erubis.
|
|
766
769
|
|
|
767
770
|
=== Security Related HTTP Headers
|
|
768
771
|
|
data/lib/roda/plugins/render.rb
CHANGED
|
@@ -58,10 +58,10 @@ class Roda
|
|
|
58
58
|
# templates, defaults to 'erb'.
|
|
59
59
|
# :escape :: Use Roda's Erubis escaping support, which makes <tt><%= %></tt> escape output,
|
|
60
60
|
# <tt><%== %></tt> not escape output, and handles postfix conditions inside
|
|
61
|
-
# <tt><%= %></tt> tags.
|
|
61
|
+
# <tt><%= %></tt> tags. Can have a value of :erubi to use Erubi escaping support.
|
|
62
62
|
# :escape_safe_classes :: String subclasses that should not be HTML escaped when used in
|
|
63
|
-
# <tt><%= %></tt> tags, when :escape is used. Can be an array for multiple classes.
|
|
64
|
-
# :escaper :: Object used for escaping output of <tt><%= %></tt>, when :escape is used,
|
|
63
|
+
# <tt><%= %></tt> tags, when :escape=>true is used. Can be an array for multiple classes.
|
|
64
|
+
# :escaper :: Object used for escaping output of <tt><%= %></tt>, when :escape=>true is used,
|
|
65
65
|
# overriding the default. If given, object should respond to +escape_xml+ with
|
|
66
66
|
# a single argument and return an output string.
|
|
67
67
|
# :layout :: The base name of the layout file, defaults to 'layout'. This can be provided as a hash
|
|
@@ -146,7 +146,7 @@ class Roda
|
|
|
146
146
|
OPTS={}.freeze
|
|
147
147
|
|
|
148
148
|
def self.load_dependencies(app, opts=OPTS)
|
|
149
|
-
if opts[:escape]
|
|
149
|
+
if opts[:escape] && opts[:escape] != :erubi
|
|
150
150
|
app.plugin :_erubis_escaping
|
|
151
151
|
end
|
|
152
152
|
end
|
|
@@ -199,7 +199,10 @@ class Roda
|
|
|
199
199
|
if RUBY_VERSION >= "1.9" && !template_opts.has_key?(:default_encoding)
|
|
200
200
|
template_opts[:default_encoding] = Encoding.default_external
|
|
201
201
|
end
|
|
202
|
-
if opts[:escape]
|
|
202
|
+
if opts[:escape] == :erubi
|
|
203
|
+
require 'tilt/erubi'
|
|
204
|
+
template_opts[:escape] = true
|
|
205
|
+
elsif opts[:escape]
|
|
203
206
|
template_opts[:engine_class] = ErubisEscaping::Eruby
|
|
204
207
|
|
|
205
208
|
opts[:escaper] ||= if opts[:escape_safe_classes]
|
data/lib/roda/version.rb
CHANGED
|
@@ -9,15 +9,17 @@ begin
|
|
|
9
9
|
rescue LoadError
|
|
10
10
|
# Tilt 1 support
|
|
11
11
|
end
|
|
12
|
-
|
|
13
|
-
if defined?(Tilt::ErubisTemplate) && ::Tilt['erb'] != Tilt::ErubisTemplate
|
|
14
|
-
# Work around error where erubis isn't set as erb template handler
|
|
15
|
-
Tilt.register(Tilt::ErubisTemplate, 'erb')
|
|
16
|
-
end
|
|
17
12
|
rescue LoadError
|
|
18
13
|
warn "tilt or erubis not installed, skipping _erubis_escaping plugin test"
|
|
19
14
|
else
|
|
20
15
|
describe "_erubis_escaping plugin" do
|
|
16
|
+
before do
|
|
17
|
+
if defined?(Tilt::ErubisTemplate) && ::Tilt['erb'] != Tilt::ErubisTemplate
|
|
18
|
+
# Set erubis as default erb template handler
|
|
19
|
+
Tilt.register(Tilt::ErubisTemplate, 'erb')
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
21
23
|
it "should escape inside <%= %> and not inside <%== %>, and handle postfix conditionals" do
|
|
22
24
|
app(:bare) do
|
|
23
25
|
plugin :render, :escape=>true
|
data/spec/plugin/render_spec.rb
CHANGED
|
@@ -549,3 +549,50 @@ describe "render plugin" do
|
|
|
549
549
|
|
|
550
550
|
end
|
|
551
551
|
end
|
|
552
|
+
|
|
553
|
+
begin
|
|
554
|
+
require 'tilt'
|
|
555
|
+
require 'tilt/erubi'
|
|
556
|
+
rescue LoadError
|
|
557
|
+
warn "tilt 2 or erubi not installed, skipping render :escape=>:erubi test"
|
|
558
|
+
else
|
|
559
|
+
describe "_erubis_escaping plugin" do
|
|
560
|
+
before do
|
|
561
|
+
if defined?(Tilt::ErubiTemplate) && ::Tilt['erb'] != Tilt::ErubiTemplate
|
|
562
|
+
# Set erubi as default erb template handler
|
|
563
|
+
Tilt.register(Tilt::ErubiTemplate, 'erb')
|
|
564
|
+
end
|
|
565
|
+
end
|
|
566
|
+
|
|
567
|
+
it "should escape inside <%= %> and not inside <%== %>, and handle postfix conditionals" do
|
|
568
|
+
app(:bare) do
|
|
569
|
+
plugin :render, :escape=>:erubi
|
|
570
|
+
|
|
571
|
+
route do |r|
|
|
572
|
+
render(:inline=>'<%= "<>" %> <%== "<>" %><%= "<>" if false %>')
|
|
573
|
+
end
|
|
574
|
+
end
|
|
575
|
+
|
|
576
|
+
body.must_equal '<> <>'
|
|
577
|
+
end
|
|
578
|
+
|
|
579
|
+
it "should allow for per-branch escaping via set_view options" do
|
|
580
|
+
app(:bare) do
|
|
581
|
+
plugin :render, :escape=>:erubi
|
|
582
|
+
plugin :view_options
|
|
583
|
+
|
|
584
|
+
route do |r|
|
|
585
|
+
set_view_options :template_opts=>{:escape=>false}
|
|
586
|
+
r.is 'a' do
|
|
587
|
+
set_view_options :template_opts=>{:engine_class=>render_opts[:template_opts][:engine_class]}
|
|
588
|
+
render(:inline=>'<%= "<>" %>')
|
|
589
|
+
end
|
|
590
|
+
render(:inline=>'<%= "<>" %>')
|
|
591
|
+
end
|
|
592
|
+
end
|
|
593
|
+
|
|
594
|
+
body('/a').must_equal '<>'
|
|
595
|
+
body.must_equal '<>'
|
|
596
|
+
end
|
|
597
|
+
end
|
|
598
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: roda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: erubi
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: haml
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -185,6 +199,7 @@ extra_rdoc_files:
|
|
|
185
199
|
- doc/release_notes/2.17.0.txt
|
|
186
200
|
- doc/release_notes/2.18.0.txt
|
|
187
201
|
- doc/release_notes/2.19.0.txt
|
|
202
|
+
- doc/release_notes/2.20.0.txt
|
|
188
203
|
files:
|
|
189
204
|
- CHANGELOG
|
|
190
205
|
- MIT-LICENSE
|
|
@@ -208,6 +223,7 @@ files:
|
|
|
208
223
|
- doc/release_notes/2.18.0.txt
|
|
209
224
|
- doc/release_notes/2.19.0.txt
|
|
210
225
|
- doc/release_notes/2.2.0.txt
|
|
226
|
+
- doc/release_notes/2.20.0.txt
|
|
211
227
|
- doc/release_notes/2.3.0.txt
|
|
212
228
|
- doc/release_notes/2.4.0.txt
|
|
213
229
|
- doc/release_notes/2.5.0.txt
|