[Haml] Work around the Rails on_load bug.

Closes gh-142
2022-11-09 12:33:31 -05:00 · 2010-04-27 15:35:00 -07:00 · 2010-04-27 15:35:00 -07:00 · 099a34a080
commit 099a34a080
parent 7c9ef1c059
2 changed files with 6 additions and 3 deletions
--- a/doc-src/HAML_CHANGELOG.md
+++ b/doc-src/HAML_CHANGELOG.md
@ -10,8 +10,7 @@
 * **Support for Rails 3.0.0.beta1 has been dropped**.
  Use Rails beta 2 or later instead.

-* Don't improperly HTML-escape stuff like form contents
-  (pending the merging of [this patch to Rails](http://github.com/nex3/rails/commit/4a5ed486c326de19e83d49814a162f2246d8f73f)).
+* Don't improperly HTML-escape stuff like form contents.

 ## 3.0.0.rc.2

--- a/lib/haml/template.rb
+++ b/lib/haml/template.rb
@ -19,7 +19,11 @@ module Haml
    #
    # @return [Boolean] Whether the XSS integration was enabled.
    def try_enabling_xss_integration
-      return false unless ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?
+      return false unless (ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?) ||
+        # We check for ActiveSupport#on_load here because if we're loading Haml that way, it means:
+        # A) we're in Rails 3 so XSS support is always on, and
+        # B) we might be in Rails 3 beta 3 where the load order is broken and xss_safe? is undefined
+        (defined?(ActiveSupport) && Haml::Util.has?(:public_method, ActiveSupport, :on_load))

      Haml::Template.options[:escape_html] = true