kotovalexarian-likes-github
/
haml--haml
mirror of https://github.com/haml/haml.git
1
0
Fork 0
Code Releases Activity

Revert "Don't escape quotes when escaping HTML." 

This reverts commit f3ac053f9c.

Turns out this is necessary for Rails compatibility.
This commit is contained in:
Nathan Weizenbaum 2008-04-30 02:47:24 -07:00
parent 5811636311
commit c7f8a6c5b5
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/haml/helpers.rb
View File

@ -335,18 +335,18 @@ module Haml
end end
# Characters that need to be escaped to HTML entities from user input # Characters that need to be escaped to HTML entities from user input
HTML_ESCAPE = {'&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;'} HTML_ESCAPE = { '&'=>'&amp;', '<'=>'&lt;', '>'=>'&gt;', '"'=>'&quot;', "'"=>'&#039;', }
# Returns a copy of <tt>text</tt> with ampersands, angle brackets and quotes # Returns a copy of <tt>text</tt> with ampersands, angle brackets and quotes
# escaped into HTML entities. # escaped into HTML entities.
def html_escape(text) def html_escape(text)
text.to_s.gsub(/[><&]/) { |s| HTML_ESCAPE[s] } text.to_s.gsub(/[\"><&]/) { |s| HTML_ESCAPE[s] }
end end
# Escapes HTML entities in <tt>text</tt>, but without escaping an ampersand # Escapes HTML entities in <tt>text</tt>, but without escaping an ampersand
# that is already part of an escaped entity. # that is already part of an escaped entity.
def escape_once(text) def escape_once(text)
text.to_s.gsub(/[><]|&(?!([a-zA-Z]+|(#\d+));)/) { |s| HTML_ESCAPE[s] } text.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |s| HTML_ESCAPE[s] }
end end
# Returns whether or not the current template is a Haml template. # Returns whether or not the current template is a Haml template.

3
test/haml/engine_test.rb
View File

@ -236,8 +236,7 @@ END
def test_attr_wrapper def test_attr_wrapper
assert_equal("<p strange=*attrs*>\n</p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*')) assert_equal("<p strange=*attrs*>\n</p>\n", render("%p{ :strange => 'attrs'}", :attr_wrapper => '*'))
assert_equal("<p escaped='quo\"te'>\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"')) assert_equal("<p escaped=\"quo&quot;te\">\n</p>\n", render("%p{ :escaped => 'quo\"te'}", :attr_wrapper => '"'))
assert_equal("<p escaped=\"quo'te\">\n</p>\n", render("%p{ :escaped => 'quo\\'te'}", :attr_wrapper => '"'))
assert_equal("<p escaped=\"q'uo&quot;te\">\n</p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"')) assert_equal("<p escaped=\"q'uo&quot;te\">\n</p>\n", render("%p{ :escaped => 'q\\'uo\"te'}", :attr_wrapper => '"'))
assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"')) assert_equal("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n", render("!!! XML", :attr_wrapper => '"'))
end end