kotovalexarian-likes-github/haml--haml
1
0
Fork 0
mirror of https://github.com/haml/haml.git synced 2022-11-09 12:33:31 -05:00
Code Releases Activity

Always escape attribute values, for valid output. Attributes are no longer effected by :escape_html.

Browse source
This commit is contained in:
Andre Arko 2008-03-18 16:39:56 -07:00
parent 7624e01519
commit 402977ccc7
4 changed files with 12 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/haml/buffer.rb
View file

@ -135,7 +135,7 @@ module Haml
str = ">\n"
end
attributes = Precompiler.build_attributes(html?, @options[:attr_wrapper], escape_html, attributes)
attributes = Precompiler.build_attributes(html?, @options[:attr_wrapper], attributes)
@buffer << "#{@options[:ugly] ? '' : tabs(tabulation)}<#{name}#{attributes}#{str}"
if content

6
lib/haml/helpers.rb
View file

@ -292,10 +292,8 @@ module Haml
attributes = alt_atts
end
attributes = Haml::Precompiler.build_attributes(haml_buffer.html?,
haml_buffer.options[:attr_wrapper],
haml_buffer.options[:escape_html],
attributes)
attributes = Haml::Precompiler.build_attributes(
haml_buffer.html?, haml_buffer.options[:attr_wrapper], attributes)
if text.nil? && block.nil?
puts "<#{name}#{attributes} />"
return nil

15
lib/haml/precompiler.rb
View file

@ -463,7 +463,7 @@ END
end
# This is a class method so it can be accessed from Buffer.
def self.build_attributes(is_html, attr_wrapper, escape_html, attributes = {})
def self.build_attributes(is_html, attr_wrapper, attributes = {})
quote_escape = attr_wrapper == '"' ? "&quot;" : "&apos;"
other_quote_char = attr_wrapper == '"' ? "'" : '"'
@ -477,7 +477,7 @@ END
next
end
value = value.to_s
value = Haml::Helpers.escape_once(value.to_s)
this_attr_wrapper = attr_wrapper
if value.include? attr_wrapper
if value.include? other_quote_char
@ -487,13 +487,12 @@ END
end
end
" #{attr}=#{this_attr_wrapper}#{value}#{this_attr_wrapper}"
end.compact.sort.join
escape_html ? Haml::Helpers.escape_once(result) : result
end
result.compact.sort.join
end
def prerender_tag(name, self_close, escape_html, attributes)
attributes_string = Precompiler.build_attributes(html?, @options[:attr_wrapper], escape_html, attributes)
def prerender_tag(name, self_close, attributes)
attributes_string = Precompiler.build_attributes(html?, @options[:attr_wrapper], attributes)
"<#{name}#{attributes_string}#{self_close && xhtml? ? ' /' : ''}>"
end
@ -562,7 +561,7 @@ END
# This means that we can render the tag directly to text and not process it in the buffer
tag_closed = !value.empty? && one_liner && !parse
open_tag = prerender_tag(tag_name, atomic, escape_html, attributes)
open_tag = prerender_tag(tag_name, atomic, attributes)
open_tag << "#{value}</#{tag_name}>" if tag_closed
open_tag << "\n" unless parse

4
test/haml/engine_test.rb
View file

@ -211,13 +211,13 @@ class EngineTest < Test::Unit::TestCase
def test_attr_wrapper
assert_equal("<p strange=*attrs*>\n</p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*'))
assert_equal("<p escaped='quo\"te'>\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
assert_equal("<p escaped=\"quo&quot;te\">\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
assert_equal("<p escaped=\"q'uo&quot;te\">\n</p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"'))
end
def test_attrs_parsed_correctly
assert_equal("<p boom=>biddly='bar => baz'>\n</p>\n", render("%p{'boom=>biddly' => 'bar => baz'}"))
assert_equal("<p boom=>biddly='bar =&gt; baz'>\n</p>\n", render("%p{'boom=>biddly' => 'bar => baz'}"))
assert_equal("<p foo,bar='baz, qux'>\n</p>\n", render("%p{'foo,bar' => 'baz, qux'}"))
assert_equal("<p escaped='quo\nte'>\n</p>\n", render("%p{ :escaped => \"quo\\nte\"}"))
assert_equal("<p escaped='quo4te'>\n</p>\n", render("%p{ :escaped => \"quo\#{2 + 2}te\"}"))