mirror of
https://github.com/haml/haml.git
synced 2022-11-09 12:33:31 -05:00
[Haml] Try enabling XSS integration after all Rails plugins are loaded.
Closes gh-49
This commit is contained in:
Nathan Weizenbaum
parent
5d7e90c2b4
commit
0193edf05a
2 changed files with 33 additions and 13 deletions
|
|
@ -8,6 +8,15 @@
|
|||
* Fixed a bug where elements with dynamic attributes and no content
|
||||
would have too much whitespace between the opening and closing tag.
|
||||
|
||||
* Changed `rails/init.rb` away from loading `init.rb` and instead
|
||||
have it basically copy the content.
|
||||
This allows us to transfer the proper binding to `Haml.init_rails`.
|
||||
|
||||
* Make sure Haml only tries to enable XSS protection integration
|
||||
once all other plugins are loaded.
|
||||
This allows it to work properly when Haml is a gem
|
||||
and the `rails_xss` plugin is being used.
|
||||
|
||||
## [2.2.9](http://github.com/nex3/haml/commit/2.2.9)
|
||||
|
||||
* Fixed a bug where Haml's text was concatenated to the wrong buffer
|
||||
|
|
|
|||
|
|
@ -11,6 +11,23 @@ module Haml
|
|||
#
|
||||
# @return [Hash<Symbol, Object>]
|
||||
attr_accessor :options
|
||||
|
||||
# Enables integration with the Rails 2.2.5+ XSS protection,
|
||||
# if it's available and enabled.
|
||||
#
|
||||
# @return [Boolean] Whether the XSS integration was enabled.
|
||||
def try_enabling_xss_integration
|
||||
return false unless ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?
|
||||
|
||||
Haml::Template.options[:escape_html] = true
|
||||
|
||||
Haml::Util.module_eval {def rails_xss_safe?; true; end}
|
||||
|
||||
require 'haml/helpers/xss_mods'
|
||||
Haml::Helpers.send(:include, Haml::Helpers::XssMods)
|
||||
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -27,19 +44,13 @@ else
|
|||
require 'haml/template/patch'
|
||||
end
|
||||
|
||||
if ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?
|
||||
Haml::Template.options[:escape_html] = true
|
||||
|
||||
module Haml::Util
|
||||
def rails_xss_safe?
|
||||
true
|
||||
end
|
||||
end
|
||||
|
||||
require 'haml/helpers/xss_mods'
|
||||
module Haml::Helpers
|
||||
include XssMods
|
||||
end
|
||||
# Enable XSS integration. Use Rails' after_initialize method if possible
|
||||
# so that integration will be checked after the rails_xss plugin is loaded
|
||||
# (for Rails 2.3.* where it's not enabled by default).
|
||||
if defined?(Rails.configuration.after_initialize)
|
||||
Rails.configuration.after_initialize {Haml::Template.try_enabling_xss_integration}
|
||||
else
|
||||
Haml::Template.try_enabling_xss_integration
|
||||
end
|
||||
|
||||
if defined?(RAILS_ROOT)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue