| Module | Haml::Template |
| In: |
lib/haml/template.rb
|
The class that keeps track of the global options for Haml within Rails.
# File lib/haml/template.rb, line 36
36: def precompiled_method_return_value_with_haml_xss
37: "::Haml::Util.html_safe(#{precompiled_method_return_value_without_haml_xss})"
38: end
Enables integration with the Rails 2.2.5+ XSS protection, if it‘s available and enabled.
@return [Boolean] Whether the XSS integration was enabled.
# File lib/haml/template.rb, line 21
21: def try_enabling_xss_integration
22: return false unless (ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?) ||
23: # We check for ActiveSupport#on_load here because if we're loading Haml that way, it means:
24: # A) we're in Rails 3 so XSS support is always on, and
25: # B) we might be in Rails 3 beta 3 where the load order is broken and xss_safe? is undefined
26: (defined?(ActiveSupport) && Haml::Util.has?(:public_method, ActiveSupport, :on_load))
27:
28: Haml::Template.options[:escape_html] = true
29:
30: Haml::Util.module_eval {def rails_xss_safe?; true; end}
31:
32: require 'haml/helpers/xss_mods'
33: Haml::Helpers.send(:include, Haml::Helpers::XssMods)
34:
35: Haml::Precompiler.module_eval do
36: def precompiled_method_return_value_with_haml_xss
37: "::Haml::Util.html_safe(#{precompiled_method_return_value_without_haml_xss})"
38: end
39: alias_method :precompiled_method_return_value_without_haml_xss, :precompiled_method_return_value
40: alias_method :precompiled_method_return_value, :precompiled_method_return_value_with_haml_xss
41: end
42:
43: true
44: end