slim 1.3.6 → 1.3.8

data/lib/slim/engine.rb

@@ -5,27 +5,42 @@ module Slim
     # This overwrites some Temple default options or sets default options for Slim specific filters.
     # It is recommended to set the default settings only once in the code and avoid duplication. Only use
     # `define_options` when you have to override some default settings.
-    define_options :pretty => false,
+    define_options :attr_quote,
+                   :merge_attrs,
+                   :pretty => false,
                    :sort_attrs => true,
-                   :attr_wrapper => '"',
-                   :attr_delimiter => {'class' => ' '},
                    :generator => Temple::Generators::ArrayBuffer,
-                   :default_tag => 'div'
+                   :default_tag => 'div',
+                   :attr_quote => '"',
+                   :merge_attrs => {'class' => ' '},
+                   :escape_quoted_attrs => false
 
-    # TODO: Remove these options in 1.4.0
-    define_deprecated_options :remove_empty_attrs, :chain
+    # Removed in 2.0
+    define_deprecated_options :remove_empty_attrs,
+                              :chain,
+                              :escape_quoted_attrs,
+                              :attr_wrapper,
+                              :attr_delimiter
+
+    def initialize(opts = {})
+      super
+      deprecated = {}
+      deprecated[:merge_attrs] = options[:attr_delimiter] if options.include? :attr_delimiter
+      deprecated[:attr_quote] = options[:attr_wrapper] if options.include? :attr_wrapper
+      @options = Temple::ImmutableHash.new(deprecated, @options) unless deprecated.empty?
+    end
 
     use Slim::Parser, :file, :tabsize, :encoding, :shortcut, :default_tag, :escape_quoted_attrs
-    use Slim::EmbeddedEngine, :enable_engines, :disable_engines, :pretty
+    use Slim::Embedded, :enable_engines, :disable_engines, :pretty
     use Slim::Interpolation
     use Slim::EndInserter
-    use Slim::ControlStructures, :disable_capture
-    use Slim::SplatAttributes, :attr_delimiter, :attr_wrapper, :sort_attrs, :default_tag
+    use Slim::Controls, :disable_capture
+    use Slim::SplatAttributes, :merge_attrs, :attr_quote, :sort_attrs, :default_tag
     html :AttributeSorter, :sort_attrs
-    html :AttributeMerger, :attr_delimiter
-    use Slim::CodeAttributes, :attr_delimiter
-    use(:AttributeRemover) { Temple::HTML::AttributeRemover.new(:remove_empty_attrs => options[:attr_delimiter].keys) }
-    html :Pretty, :format, :attr_wrapper, :pretty, :indent
+    html :AttributeMerger, :merge_attrs
+    use Slim::CodeAttributes, :merge_attrs
+    use(:AttributeRemover) { Temple::HTML::AttributeRemover.new(:remove_empty_attrs => options[:merge_attrs].keys) }
+    html :Pretty, :format, :attr_quote, :pretty, :indent, :js_wrapper
     filter :Escapable, :use_html_safe, :disable_escape
     filter :ControlFlow
     filter :MultiFlattener

data/lib/slim/filter.rb

@@ -14,7 +14,7 @@ module Slim
 
     # Pass-through handler
     def on_slim_embedded(type, content)
-      [:slim, :embedded, code, compile(content)]
+      [:slim, :embedded, type, compile(content)]
     end
 
     # Pass-through handler

data/lib/slim/logic_less/filter.rb

@@ -14,7 +14,7 @@ module Slim
       super
       access = options[:dictionary_access]
       if access == :wrapped
-        warn 'Slim::LogicLess - Wrapped dictionary access is deprecated'
+        warn 'Slim::LogicLess - Wrapped dictionary access is deprecated and unsupported in Slim 2.0'
         access = DEFAULT_ACCESS_ORDER
       else
         access = [access].flatten.compact

data/lib/slim/parser.rb

@@ -4,7 +4,7 @@ module Slim
   class Parser < Temple::Parser
     define_options :file,
                    :default_tag,
-                   :escape_quoted_attrs => false,
+                   :escape_quoted_attrs,
                    :tabsize => 4,
                    :encoding => 'utf-8',
                    :shortcut => {
@@ -24,7 +24,7 @@ module Slim
       end
 
       def to_s
-        line = @line.strip
+        line = @line.lstrip
         column = @column + line.size - @line.size
         %{#{error}
   #{file}, Line #{lineno}, Column #{@column}
@@ -36,7 +36,14 @@ module Slim
 
     def initialize(opts = {})
       super
-      @tab = ' ' * options[:tabsize]
+      tabsize = options[:tabsize]
+      if tabsize > 1
+        @tab_re = /\G((?: {#{tabsize}})*) {0,#{tabsize-1}}\t/
+        @tab = '\1' + ' ' * tabsize
+      else
+        @tab_re = "\t"
+        @tab = ' '
+      end
       @tag_shortcut, @attr_shortcut = {}, {}
       options[:shortcut].each do |k,v|
         v = deprecated_shortcut(v) if String === v
@@ -47,8 +54,8 @@ module Slim
           raise ArgumentError, 'You can only use special characters for attribute shortcuts' if k =~ /[\w-]/
         end
       end
-      @attr_shortcut_regex = /\A(#{shortcut_regex @attr_shortcut})(\w[\w-]*\w|\w+)/
-      @tag_regex = /\A(?:#{shortcut_regex @tag_shortcut}|\*(?=[^\s]+)|(\w[\w:-]*\w|\w+))/
+      @attr_shortcut_regex = /\A(#{Regexp.union @attr_shortcut.keys})(\w[\w-]*\w|\w+)/
+      @tag_regex = /\A(?:#{Regexp.union @tag_shortcut.keys}|\*(?=[^\s]+)|(\w[\w:-]*\w|\w+))/
     end
 
     # Compile string to Temple expression
@@ -75,14 +82,17 @@ module Slim
       '{' => '}',
     }.freeze
 
+    ATTR_DELIM_REGEX = /\A\s*[#{Regexp.escape DELIMITERS.keys.join}]/
     DELIMITER_REGEX = /\A[#{Regexp.escape DELIMITERS.keys.join}]/
     ATTR_NAME = '\A\s*(\w[:\w-]*)'
     QUOTED_ATTR_REGEX = /#{ATTR_NAME}=(=?)("|')/
     CODE_ATTR_REGEX = /#{ATTR_NAME}=(=?)/
+    QUOTED_ATTR_REGEX_20 = /#{ATTR_NAME}\s*=(=?)\s*("|')/
+    CODE_ATTR_REGEX_20 = /#{ATTR_NAME}\s*=(=?)\s*/
 
     # Convert deprecated string shortcut to hash
     def deprecated_shortcut(v)
-      warn "Slim :shortcut string values are deprecated, use hash like { '#' => { :tag => 'div', :attr => 'id' } }"
+      warn "Slim :shortcut string values are deprecated and unsupported in Slim 2.0, use hash like { '#' => { :tag => 'div', :attr => 'id' } }"
       if v =~ /\A([^\s]+)\s+([^\s]+)\Z/
         { :tag => $1, :attr => $2 }
       else
@@ -90,11 +100,6 @@ module Slim
       end
     end
 
-    # Compile shortcut regular expression
-    def shortcut_regex(shortcut)
-      shortcut.map { |k,v| Regexp.escape(k) }.join('|')
-    end
-
     # Set string encoding if option is set
     def set_encoding(s)
       if options[:encoding] && s.respond_to?(:encoding)
@@ -102,7 +107,10 @@ module Slim
         s = s.dup if s.frozen?
         s.force_encoding(options[:encoding])
         # Fall back to old encoding if new encoding is invalid
-        s.force_encoding(old_enc) unless s.valid_encoding?
+        unless s.valid_encoding?
+          s.force_encoding(old_enc)
+          s.force_encoding(Encoding::BINARY) unless s.valid_encoding?
+        end
       end
       s
     end
@@ -160,7 +168,7 @@ module Slim
     def get_indent(line)
       # Figure out the indentation. Kinda ugly/slow way to support tabs,
       # but remember that this is only done at parsing time.
-      line[/\A[ \t]*/].gsub("\t", @tab).size
+      line[/\A[ \t]*/].gsub(@tab_re, @tab).size
     end
 
     def parse_line
@@ -354,8 +362,10 @@ module Slim
         tag << [:slim, :output, $1 != '=', parse_broken_line, block]
         @stacks.last << [:static, ' '] unless $2.empty?
         @stacks << block
-      when /\A\s*\//
+      when /\A\s*\/\s*/
         # Closed tag. Do nothing
+        @line = $'
+        syntax_error!('Unexpected text after closed tag') unless @line.empty?
       when /\A\s*\Z/
         # Empty content
         content = [:multi]
@@ -380,9 +390,13 @@ module Slim
 
       # Check to see if there is a delimiter right after the tag name
       delimiter = nil
-      if @line =~ DELIMITER_REGEX
-        delimiter = DELIMITERS[$&]
-        @line.slice!(0)
+      if @line =~ ATTR_DELIM_REGEX
+        if $&.size > 1
+          warn "#{options[:file]}:#{@lineno} - spaces around attribute delimiters will be allowed in Slim 2.0. Your code is incompatible."
+        else
+          delimiter = DELIMITERS[$&]
+          @line.slice!(0)
+        end
       end
 
       if delimiter
@@ -399,9 +413,16 @@ module Slim
         when QUOTED_ATTR_REGEX
           # Value is quoted (static)
           @line = $'
-          attributes << [:html, :attr, $1,
-                         [:escape, options[:escape_quoted_attrs] && $2.empty?,
-                          [:slim, :interpolate, parse_quoted_attribute($3)]]]
+          name = $1
+          escape = $2.empty?
+          quote = $3
+          value = parse_quoted_attribute(quote)
+          if escape && !options[:escape_quoted_attrs] && value =~ /&(amp|quot|gt|lt);/
+            warn "#{options[:file]}:#{@lineno} - quoted attribute value '#{value}' might be double escaped in Slim 2.0. Remove manually escaped entities and set :escape_quoted_attrs => true! :escaped_quoted_attrs is activated on Slim 2.0 by default."
+          end
+          attributes << [:html, :attr, name,
+                         [:escape, options[:escape_quoted_attrs] && escape,
+                          [:slim, :interpolate, value]]]
         when CODE_ATTR_REGEX
           # Value is ruby code
           @line = $'
@@ -410,11 +431,17 @@ module Slim
           value = parse_ruby_code(delimiter)
           # Remove attribute wrapper which doesn't belong to the ruby code
           # e.g id=[hash[:a] + hash[:b]]
-          value = value[1..-2] if value =~ DELIMITER_REGEX &&
-            DELIMITERS[$&] == value[-1, 1]
+          if value =~ /\A[\[\{]/ && DELIMITERS[$&] == value[-1, 1]
+            warn "#{options[:file]}:#{@lineno} - ruby attribute value #{value} with curly braces/brackets is deprecated and unsupported in Slim 2.0. Use parentheses!"
+            value = value[1..-2]
+          end
           syntax_error!('Invalid empty attribute') if value.empty?
           attributes << [:html, :attr, name, [:slim, :attrvalue, escape, value]]
         else
+          if @line =~ QUOTED_ATTR_REGEX_20 || @line =~ CODE_ATTR_REGEX_20
+            warn "#{options[:file]}:#{@lineno} - you have spaces around =, this will be interpreted as attribute in Slim 2.0."
+          end
+
           break unless delimiter
 
           case @line

data/lib/slim/splat_attributes.rb

@@ -1,13 +1,13 @@
 module Slim
   # @api private
   class SplatAttributes < Filter
-    define_options :attr_delimiter, :attr_wrapper, :sort_attrs, :default_tag
+    define_options :sort_attrs, :default_tag, :merge_attrs, :attr_quote
 
     def call(exp)
-      @attr_delimiter, @splat_used = unique_name, false
+      @merge_attrs, @splat_used = unique_name, false
       exp = compile(exp)
       if @splat_used
-        [:multi, [:code, "#{@attr_delimiter} = #{@options[:attr_delimiter].inspect}"], exp]
+        [:multi, [:code, "#{@merge_attrs} = #{@options[:merge_attrs].inspect}"], exp]
       else
         exp
       end
@@ -82,14 +82,14 @@ module Slim
       merger << [:block, "#{hash}.keys.each do |#{name}|",
                  [:multi,
                   [:code, "#{value} = #{hash}[#{name}]"],
-                  [:if, "#{@attr_delimiter}[#{name}]",
+                  [:if, "#{@merge_attrs}[#{name}]",
                    [:multi,
                     [:code, "#{value}.flatten!"],
                     [:code, "#{value}.map!(&:to_s)"],
                     [:code, "#{value}.reject!(&:empty?)"],
                     [:if, "#{value}.empty?",
                      [:code, "#{hash}.delete(#{name})"],
-                     [:code, "#{hash}[#{name}] = #{value}.join(#{@attr_delimiter}[#{name}].to_s)"]]],
+                     [:code, "#{hash}[#{name}] = #{value}.join(#{@merge_attrs}[#{name}].to_s)"]]],
                    [:multi,
                     [:if, "#{value}.size > 1",
                      [:code, %{raise("Multiple #\{#{name}\} attributes specified")}]],
@@ -101,9 +101,9 @@ module Slim
       attr = [:multi,
               [:static, ' '],
               [:dynamic, name],
-              [:static, "=#{options[:attr_wrapper]}"],
+              [:static, "=#{options[:attr_quote]}"],
               [:escape, true, [:dynamic, value]],
-              [:static, options[:attr_wrapper]]]
+              [:static, options[:attr_quote]]]
       enumerator = options[:sort_attrs] ? "#{hash}.sort_by {|#{name},#{value}| #{name} }" : hash
       formatter = [:block, "#{enumerator}.each do |#{name},#{value}|", attr]
 

data/lib/slim/template.rb

@@ -3,7 +3,7 @@ module Slim
   # @api public
   Template = Temple::Templates::Tilt(Slim::Engine, :register_as => :slim)
 
-  if Object.const_defined?(:Rails)
+  if defined?(::ActionView)
     # Rails template implementation for Slim
     # @api public
     RailsTemplate = Temple::Templates::Rails(Slim::Engine,
@@ -14,6 +14,6 @@ module Slim
                                              # Disable the internal slim capturing.
                                              # Rails takes care of the capturing by itself.
                                              :disable_capture => true,
-                                             :streaming => Object.const_defined?(:Fiber))
+                                             :streaming => defined?(::Fiber))
   end
 end

data/lib/slim/translator.rb

@@ -6,13 +6,13 @@ module Slim
                    :tr_fn   => '_',
                    :tr      => false
 
-    if Object.const_defined?(:I18n)
+    if defined?(::I18n)
       set_default_options :tr_fn => '::Slim::Translator.i18n_text',
                           :tr => true
-    elsif Object.const_defined?(:GetText)
+    elsif defined?(::GetText)
       set_default_options :tr_fn => '::GetText._',
                           :tr => true
-    elsif Object.const_defined?(:FastGettext)
+    elsif defined?(::FastGettext)
       set_default_options :tr_fn => '::FastGettext::Translation._',
                           :tr => true
     end

data/lib/slim/version.rb

@@ -1,5 +1,5 @@
 module Slim
   # Slim version string
   # @api public
-  VERSION = '1.3.6'
+  VERSION = '1.3.8'
 end

data/slim.gemspec

@@ -17,13 +17,6 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = %w(lib)
 
-  s.add_runtime_dependency('temple', ['~> 0.5.5'])
+  s.add_runtime_dependency('temple', ['~> 0.6.3'])
   s.add_runtime_dependency('tilt', ['~> 1.3.3'])
-
-  s.add_development_dependency('rake', ['>= 0.8.7'])
-  s.add_development_dependency('sass', ['>= 3.1.0'])
-  s.add_development_dependency('minitest', ['>= 0'])
-  s.add_development_dependency('kramdown', ['>= 0'])
-  s.add_development_dependency('creole', ['>= 0'])
-  s.add_development_dependency('builder', ['>= 0'])
 end

data/test/core/helper.rb

@@ -16,7 +16,27 @@ class TestSlim < MiniTest::Unit::TestCase
 
   def render(source, options = {}, &block)
     scope = options.delete(:scope)
-    Slim::Template.new(options[:file], options) { source }.render(scope || @env, &block)
+    locals = options.delete(:locals)
+    Slim::Template.new(options[:file], options) { source }.render(scope || @env, locals, &block)
+  end
+
+  class HtmlSafeString < String
+    def html_safe?
+      true
+    end
+
+    def to_s
+      self
+    end
+  end
+
+  def with_html_safe
+    String.send(:define_method, :html_safe?) { false }
+    String.send(:define_method, :html_safe) { HtmlSafeString.new(self) }
+    yield
+  ensure
+    String.send(:undef_method, :html_safe?) if String.method_defined?(:html_safe?)
+    String.send(:undef_method, :html_safe) if String.method_defined?(:html_safe)
   end
 
   def assert_html(expected, source, options = {}, &block)
@@ -69,18 +89,6 @@ end
 class Env
   attr_reader :var, :x
 
-  class ::HtmlSafeString < String
-    def html_safe?
-      true
-    end
-  end
-
-  class ::HtmlUnsafeString < String
-    def html_safe?
-      false
-    end
-  end
-
   def initialize
     @var = 'instance'
     @x = 0

data/test/core/test_code_escaping.rb

@@ -19,18 +19,22 @@ p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>."
 
   def test_render_with_html_safe_false
     source = %q{
-p = HtmlUnsafeString.new("<strong>Hello World\\n, meet \\"Slim\\"</strong>.")
+p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>."
 }
 
-    assert_html "<p>&lt;strong&gt;Hello World\n, meet \&quot;Slim\&quot;&lt;/strong&gt;.</p>", source, :use_html_safe => true
+    with_html_safe do
+      assert_html "<p>&lt;strong&gt;Hello World\n, meet \&quot;Slim\&quot;&lt;/strong&gt;.</p>", source, :use_html_safe => true
+    end
   end
 
   def test_render_with_html_safe_true
     source = %q{
-p = HtmlSafeString.new("<strong>Hello World\\n, meet \\"Slim\\"</strong>.")
+p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>.".html_safe
 }
 
-    assert_html "<p><strong>Hello World\n, meet \"Slim\"</strong>.</p>", source, :use_html_safe => true
+    with_html_safe do
+      assert_html "<p><strong>Hello World\n, meet \"Slim\"</strong>.</p>", source, :use_html_safe => true
+    end
   end
 
   def test_render_with_disable_escape_false
@@ -50,4 +54,58 @@ p = HtmlSafeString.new("<strong>Hello World\\n, meet \\"Slim\\"</strong>.")
 
     assert_html "<p>Hello</p><p>World</p>", source, :disable_escape => true
   end
+
+  def test_escaping_evil_method_with_pretty
+    source = %q{
+p = evil_method
+}
+
+    assert_html "<p>\n  &lt;script&gt;do_something_evil();&lt;/script&gt;\n</p>", source, :pretty => true
+  end
+
+  def test_render_without_html_safe_with_pretty
+    source = %q{
+p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>."
+}
+
+    assert_html "<p>\n  &lt;strong&gt;Hello World\n  , meet \&quot;Slim\&quot;&lt;/strong&gt;.\n</p>", source, :pretty => true
+  end
+
+  def test_render_with_html_safe_false_with_pretty
+    source = %q{
+p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>."
+}
+
+    with_html_safe do
+      assert_html "<p>\n  &lt;strong&gt;Hello World\n  , meet \&quot;Slim\&quot;&lt;/strong&gt;.\n</p>", source, :use_html_safe => true, :pretty => true
+    end
+  end
+
+  def test_render_with_html_safe_true_with_pretty
+    source = %q{
+p = "<strong>Hello World\\n, meet \\"Slim\\"</strong>.".html_safe
+}
+
+    with_html_safe do
+      assert_html "<p>\n  <strong>Hello World\n  , meet \"Slim\"</strong>.\n</p>", source, :use_html_safe => true, :pretty => true
+    end
+  end
+
+  def test_render_with_disable_escape_false_with_pretty
+    source = %q{
+= "<p>Hello</p>"
+== "<p>World</p>"
+}
+
+    assert_html "&lt;p&gt;Hello&lt;/p&gt;<p>World</p>", source, :pretty => true
+  end
+
+  def test_render_with_disable_escape_true_with_pretty
+    source = %q{
+= "<p>Hello</p>"
+== "<p>World</p>"
+}
+
+    assert_html "<p>Hello</p><p>World</p>", source, :disable_escape => true, :pretty => true
+  end
 end