string_template 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c8f17e5bb94d82ff20787118208ba1fd022e81920f9ba2bc5fd7200317dd53a
-  data.tar.gz: 4744f42da1f657f6dd3cffa27492f9ade9f9e5e6ab89b6d4b4645eff7db7dc7c
+  metadata.gz: f24edb1470edcc84b9eb7fb5150344fa7a3ec52fb94ce828c008c9e8a5df2946
+  data.tar.gz: 9b61ea5087325c7d3a9cb8140d7a36f30a4a696443692710c37b44b5adc65114
 SHA512:
-  metadata.gz: 27fcbafde0589969ec31561299701a415b71ce78fd459b29a237ba5e995ba7519c4eb6c140e74ee3302789d15b758b5e561b67c16dd36dad394618df0c4d8cc1
-  data.tar.gz: 8cbfca9d51ae4fc88b790a83621b9e5d7d94a85a42ce7a5e63d8bb10e554e38d470350148d707a07cc486d80770ab1b828864d4829c989b8cff05e8bb652795a
+  metadata.gz: 9f51f25e054ea2607c6b2f7d1cf4925c3d7dbd2db2ef583184ee5367a44134c1128d4c4ea7249bb381d8c9332674c8797aca39a6d4bad30c8a51feb633a265b4
+  data.tar.gz: 16ba86b238e8d32317a7d7ab95012ffffab688e6f988f9793458d23fb8865452b017c1e416d8479e3f955ee59fcaa2609b2252c9bf950a4c1506abcf6e5321c5

data/README.md

@@ -12,15 +12,13 @@ Why don't we use this for the view files in our apps?
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your Rails application's Gemfile:
 
 ```ruby
 gem 'string_template'
 ```
 
-And then execute:
-
-    % bundle
+And then bundle.
 
 
 ## Syntax
@@ -51,33 +49,38 @@ ERB:
 
 string\_template:
 ```
-<p id="notice">#{ notice }</p>
+<p id="notice">#{h notice }</p>
 
 <p>
   <strong>Title:</strong>
-  #{ @post.title }
+  #{h @post.title }
 </p>
 
 <p>
   <strong>Body:</strong>
-  #{ @post.body }
+  #{h @post.body }
 </p>
 
 #{ link_to 'Edit', "/posts/#{@post.id}/edit" } |
 #{ link_to 'Back', '/posts' }
 ```
 
-# More Examples
+### More Examples
 Please take a look at [the tests](https://github.com/amatsuda/string_template/blob/master/test/string_template_test.rb) for actual examples.
 
 
-## Filenames
+## File Names
 By default, string\_template renders view files with `.string` extension, e.g. `app/views/posts/show.html.string`
 
 
+## Security
+string\_template does not automatically `html_escape`. Don't forget to explicitly call `h()` when interpolating possibly HTML unsafe strings, like we used to do in pre Rails 3 era.
+
+
 ## So, Should We Rewrite Everything with This?
 string\_template may not be the best choice as a general purpose template engine.
 It may sometimes be hard to express your template in a simple and maintainable code, especially when the template includes some business logic.
+You need to care about security.
 So this template engine is recommended to use only for performance hotspots.
 For other templates, you might better use your favorite template engine such as haml, or haml, or haml.
 

data/benchmark.rb

@@ -1,15 +1,17 @@
 # frozen_string_literal: true
 
-require 'rails'
-require 'action_view'
-require_relative 'lib/string_template'
-StringTemplate::Railtie.run_initializers
-require 'action_view/base'
 require 'benchmark_driver'
 
 Benchmark.driver do |x|
-  x.prelude %{ (view = Class.new(ActionView::Base).new('.')).instance_variable_set(:@world, 'world!') }
+  x.prelude %{
+    require 'rails'
+    require 'action_view'
+    require 'string_template'
+    StringTemplate::Railtie.run_initializers
+    require 'action_view/base'
+
+    (view = Class.new(ActionView::Base).new('.')).instance_variable_set(:@world, 'world!')
+  }
   x.report 'erb', %{ view.render(template: 'hello', handlers: 'erb') }
   x.report 'string', %{ view.render(template: 'hello', handlers: 'string') }
-  x.compare!
 end

data/lib/string_template/handler.rb

@@ -2,8 +2,8 @@
 
 module StringTemplate
   class Handler
-    def self.call(template)
-      "%Q\0#{template.source}\0"
+    def self.call(template, source = nil)
+      "%Q\0#{source || template.source}\0"
     end
 
     def self.handles_encoding?

data/string_template.gemspec

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "string_template"
-  spec.version       = '0.2.0'
+  spec.version       = '0.2.1'
   spec.authors       = ["Akira Matsuda"]
   spec.email         = ["ronnie@dio.jp"]
 
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'minitest'
-  spec.add_development_dependency 'benchmark_driver'
+  spec.add_development_dependency 'benchmark_driver', '>= 0.9.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: string_template
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Akira Matsuda
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-28 00:00:00.000000000 Z
+date: 2019-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
 description: string_template is a Rails plugin that adds an Action View handler for
   .string template that accepts Ruby's String literal that uses  notation for interpolating
   dynamic variables
@@ -124,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: A template engine for Rails, focusing on speed, using Ruby's String interpolation