a5e08f7bcc
I installed the rails_xss plugin, for the main purpose of seeing what will break with Rails 3.0 (where the behaviour of the plugin is the default). I think I've fixed everything, but let me know if you see stuff that is HTML-escaped, which shouldn't be. As a side benefit, we now use Erubis, rather than ERB, to render templates. They tell me it's faster ...
293 lines
16 KiB
HTML
293 lines
16 KiB
HTML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<title>Class: Erubis::PI::TinyEruby</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
|
|
<meta http-equiv="Content-Script-Type" content="text/javascript" />
|
|
<link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
|
|
<script type="text/javascript">
|
|
// <![CDATA[
|
|
|
|
function popupCode( url ) {
|
|
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
|
|
}
|
|
|
|
function toggleCode( id ) {
|
|
if ( document.getElementById )
|
|
elem = document.getElementById( id );
|
|
else if ( document.all )
|
|
elem = eval( "document.all." + id );
|
|
else
|
|
return false;
|
|
|
|
elemStyle = elem.style;
|
|
|
|
if ( elemStyle.display != "block" ) {
|
|
elemStyle.display = "block"
|
|
} else {
|
|
elemStyle.display = "none"
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
// Make codeblocks hidden by default
|
|
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
|
|
|
|
// ]]>
|
|
</script>
|
|
|
|
</head>
|
|
<body>
|
|
|
|
|
|
|
|
<div id="classHeader">
|
|
<table class="header-table">
|
|
<tr class="top-aligned-row">
|
|
<td><strong>Class</strong></td>
|
|
<td class="class-name-in-header">Erubis::PI::TinyEruby</td>
|
|
</tr>
|
|
<tr class="top-aligned-row">
|
|
<td><strong>In:</strong></td>
|
|
<td>
|
|
<a href="../../../files/erubis/tiny_rb.html">
|
|
erubis/tiny.rb
|
|
</a>
|
|
<br />
|
|
</td>
|
|
</tr>
|
|
|
|
<tr class="top-aligned-row">
|
|
<td><strong>Parent:</strong></td>
|
|
<td>
|
|
Object
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<!-- banner header -->
|
|
|
|
<div id="bodyContent">
|
|
|
|
|
|
|
|
<div id="contextContent">
|
|
|
|
|
|
|
|
</div>
|
|
|
|
<div id="method-list">
|
|
<h3 class="section-bar">Methods</h3>
|
|
|
|
<div class="name-list">
|
|
<a href="#M000051">convert</a>
|
|
<a href="#M000053">evaluate</a>
|
|
<a href="#M000050">new</a>
|
|
<a href="#M000052">result</a>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<!-- if includes -->
|
|
|
|
<div id="section">
|
|
|
|
|
|
<div id="constants-list">
|
|
<h3 class="section-bar">Constants</h3>
|
|
|
|
<div class="name-list">
|
|
<table summary="Constants">
|
|
<tr class="top-aligned-row context-row">
|
|
<td class="context-item-name">EMBEDDED_PATTERN</td>
|
|
<td>=</td>
|
|
<td class="context-item-value">/(^[ \t]*)?<\?rb(\s.*?)\?>([ \t]*\r?\n)?|@(!+)?\{(.*?)\}@/m</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div id="attribute-list">
|
|
<h3 class="section-bar">Attributes</h3>
|
|
|
|
<div class="name-list">
|
|
<table>
|
|
<tr class="top-aligned-row context-row">
|
|
<td class="context-item-name">src</td>
|
|
<td class="context-item-value"> [R] </td>
|
|
<td class="context-item-desc"></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<!-- if method_list -->
|
|
<div id="methods">
|
|
<h3 class="section-bar">Public Class methods</h3>
|
|
|
|
<div id="method-M000050" class="method-detail">
|
|
<a name="M000050"></a>
|
|
|
|
<div class="method-heading">
|
|
<a href="#M000050" class="method-signature">
|
|
<span class="method-name">new</span><span class="method-args">(input=nil, options={})</span>
|
|
</a>
|
|
</div>
|
|
|
|
<div class="method-description">
|
|
<p><a class="source-toggle" href="#"
|
|
onclick="toggleCode('M000050-source');return false;">[Source]</a></p>
|
|
<div class="method-source-code" id="M000050-source">
|
|
<pre>
|
|
<span class="ruby-comment cmt"># File erubis/tiny.rb, line 79</span>
|
|
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">input</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">options</span>={})
|
|
<span class="ruby-ivar">@escape</span> = <span class="ruby-identifier">options</span>[<span class="ruby-identifier">:escape</span>] <span class="ruby-operator">||</span> <span class="ruby-value str">'Erubis::XmlHelper.escape_xml'</span>
|
|
<span class="ruby-ivar">@src</span> = <span class="ruby-identifier">convert</span>(<span class="ruby-identifier">input</span>) <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">input</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<h3 class="section-bar">Public Instance methods</h3>
|
|
|
|
<div id="method-M000051" class="method-detail">
|
|
<a name="M000051"></a>
|
|
|
|
<div class="method-heading">
|
|
<a href="#M000051" class="method-signature">
|
|
<span class="method-name">convert</span><span class="method-args">(input)</span>
|
|
</a>
|
|
</div>
|
|
|
|
<div class="method-description">
|
|
<p><a class="source-toggle" href="#"
|
|
onclick="toggleCode('M000051-source');return false;">[Source]</a></p>
|
|
<div class="method-source-code" id="M000051-source">
|
|
<pre>
|
|
<span class="ruby-comment cmt"># File erubis/tiny.rb, line 88</span>
|
|
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">convert</span>(<span class="ruby-identifier">input</span>)
|
|
<span class="ruby-identifier">src</span> = <span class="ruby-value str">"_buf = '';"</span> <span class="ruby-comment cmt"># preamble</span>
|
|
<span class="ruby-identifier">pos</span> = <span class="ruby-value">0</span>
|
|
<span class="ruby-identifier">input</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-constant">EMBEDDED_PATTERN</span>) <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">lspace</span>, <span class="ruby-identifier">stmt</span>, <span class="ruby-identifier">rspace</span>, <span class="ruby-identifier">indicator</span>, <span class="ruby-identifier">expr</span><span class="ruby-operator">|</span>
|
|
<span class="ruby-identifier">match</span> = <span class="ruby-constant">Regexp</span>.<span class="ruby-identifier">last_match</span>
|
|
<span class="ruby-identifier">len</span> = <span class="ruby-identifier">match</span>.<span class="ruby-identifier">begin</span>(<span class="ruby-value">0</span>) <span class="ruby-operator">-</span> <span class="ruby-identifier">pos</span>
|
|
<span class="ruby-identifier">text</span> = <span class="ruby-identifier">input</span>[<span class="ruby-identifier">pos</span>, <span class="ruby-identifier">len</span>]
|
|
<span class="ruby-identifier">pos</span> = <span class="ruby-identifier">match</span>.<span class="ruby-identifier">end</span>(<span class="ruby-value">0</span>)
|
|
<span class="ruby-comment cmt">#src << " _buf << '" << escape_text(text) << "';"</span>
|
|
<span class="ruby-identifier">text</span>.<span class="ruby-identifier">gsub!</span>(<span class="ruby-regexp re">/['\\]/</span>, <span class="ruby-value str">'\\\\\&'</span>)
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << '"</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">text</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"';"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">text</span>.<span class="ruby-identifier">empty?</span>
|
|
<span class="ruby-keyword kw">if</span> <span class="ruby-identifier">stmt</span> <span class="ruby-comment cmt"># <?rb ... ?></span>
|
|
<span class="ruby-keyword kw">if</span> <span class="ruby-identifier">lspace</span> <span class="ruby-operator">&&</span> <span class="ruby-identifier">rspace</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-node">"#{lspace}#{stmt}#{rspace}"</span>
|
|
<span class="ruby-keyword kw">else</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << '"</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">lspace</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"';"</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">lspace</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">stmt</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">";"</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << '"</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">rspace</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"';"</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">rspace</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-keyword kw">else</span> <span class="ruby-comment cmt"># ${...}, $!{...}</span>
|
|
<span class="ruby-keyword kw">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">indicator</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << "</span> <span class="ruby-operator"><<</span> <span class="ruby-ivar">@escape</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"("</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">expr</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">");"</span>
|
|
<span class="ruby-keyword kw">elsif</span> <span class="ruby-identifier">indicator</span> <span class="ruby-operator">==</span> <span class="ruby-value str">'!'</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << ("</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">expr</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">").to_s;"</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-comment cmt">#rest = $' || input # ruby1.8</span>
|
|
<span class="ruby-identifier">rest</span> = <span class="ruby-identifier">pos</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">input</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">input</span>[<span class="ruby-identifier">pos</span><span class="ruby-operator">..</span><span class="ruby-value">-1</span>] <span class="ruby-comment cmt"># ruby1.9</span>
|
|
<span class="ruby-comment cmt">#src << " _buf << '" << escape_text(rest) << "';"</span>
|
|
<span class="ruby-identifier">rest</span>.<span class="ruby-identifier">gsub!</span>(<span class="ruby-regexp re">/['\\]/</span>, <span class="ruby-value str">'\\\\\&'</span>)
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">" _buf << '"</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">rest</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"';"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">rest</span>.<span class="ruby-identifier">empty?</span>
|
|
<span class="ruby-identifier">src</span> <span class="ruby-operator"><<</span> <span class="ruby-value str">"\n_buf.to_s\n"</span> <span class="ruby-comment cmt"># postamble</span>
|
|
<span class="ruby-keyword kw">return</span> <span class="ruby-identifier">src</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="method-M000053" class="method-detail">
|
|
<a name="M000053"></a>
|
|
|
|
<div class="method-heading">
|
|
<a href="#M000053" class="method-signature">
|
|
<span class="method-name">evaluate</span><span class="method-args">(_context=Object.new)</span>
|
|
</a>
|
|
</div>
|
|
|
|
<div class="method-description">
|
|
<p><a class="source-toggle" href="#"
|
|
onclick="toggleCode('M000053-source');return false;">[Source]</a></p>
|
|
<div class="method-source-code" id="M000053-source">
|
|
<pre>
|
|
<span class="ruby-comment cmt"># File erubis/tiny.rb, line 132</span>
|
|
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">evaluate</span>(<span class="ruby-identifier">_context</span>=<span class="ruby-constant">Object</span>.<span class="ruby-identifier">new</span>)
|
|
<span class="ruby-keyword kw">if</span> <span class="ruby-identifier">_context</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Hash</span>)
|
|
<span class="ruby-identifier">_obj</span> = <span class="ruby-constant">Object</span>.<span class="ruby-identifier">new</span>
|
|
<span class="ruby-identifier">_context</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">k</span>, <span class="ruby-identifier">v</span><span class="ruby-operator">|</span> <span class="ruby-identifier">_obj</span>.<span class="ruby-identifier">instance_variable_set</span>(<span class="ruby-node">"@#{k}"</span>, <span class="ruby-identifier">v</span>) <span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-identifier">_context</span> = <span class="ruby-identifier">_obj</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
<span class="ruby-identifier">_context</span>.<span class="ruby-identifier">instance_eval</span> <span class="ruby-ivar">@src</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="method-M000052" class="method-detail">
|
|
<a name="M000052"></a>
|
|
|
|
<div class="method-heading">
|
|
<a href="#M000052" class="method-signature">
|
|
<span class="method-name">result</span><span class="method-args">(_binding=TOPLEVEL_BINDING)</span>
|
|
</a>
|
|
</div>
|
|
|
|
<div class="method-description">
|
|
<p>
|
|
def escape_text(text)
|
|
</p>
|
|
<pre>
|
|
return text.gsub!(/['\\]/, '\\\\\&') || text
|
|
</pre>
|
|
<p>
|
|
end
|
|
</p>
|
|
<p><a class="source-toggle" href="#"
|
|
onclick="toggleCode('M000052-source');return false;">[Source]</a></p>
|
|
<div class="method-source-code" id="M000052-source">
|
|
<pre>
|
|
<span class="ruby-comment cmt"># File erubis/tiny.rb, line 128</span>
|
|
<span class="ruby-keyword kw">def</span> <span class="ruby-identifier">result</span>(<span class="ruby-identifier">_binding</span>=<span class="ruby-constant">TOPLEVEL_BINDING</span>)
|
|
<span class="ruby-identifier">eval</span> <span class="ruby-ivar">@src</span>, <span class="ruby-identifier">_binding</span>
|
|
<span class="ruby-keyword kw">end</span>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div id="validator-badges">
|
|
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
|
|
</div>
|
|
|
|
</body>
|
|
</html> |