| Module | Haml::Template |
| In: |
lib/haml/template/options.rb
lib/haml/template.rb |
The class that keeps track of the global options for Haml within Rails.
# File lib/haml/template.rb, line 33
33: def precompiled_method_return_value_with_haml_xss
34: "::Haml::Util.html_safe(#{precompiled_method_return_value_without_haml_xss})"
35: end
Enables integration with the Rails 2.2.5+ XSS protection, if it‘s available and enabled.
@return [Boolean] Whether the XSS integration was enabled.
# File lib/haml/template.rb, line 18
18: def try_enabling_xss_integration
19: return false unless (ActionView::Base.respond_to?(:xss_safe?) && ActionView::Base.xss_safe?) ||
20: # We check for ActiveSupport#on_load here because if we're loading Haml that way, it means:
21: # A) we're in Rails 3 so XSS support is always on, and
22: # B) we might be in Rails 3 beta 3 where the load order is broken and xss_safe? is undefined
23: (defined?(ActiveSupport) && Haml::Util.has?(:public_method, ActiveSupport, :on_load))
24:
25: Haml::Template.options[:escape_html] = true
26:
27: Haml::Util.module_eval {def rails_xss_safe?; true; end}
28:
29: require 'haml/helpers/xss_mods'
30: Haml::Helpers.send(:include, Haml::Helpers::XssMods)
31:
32: Haml::Precompiler.module_eval do
33: def precompiled_method_return_value_with_haml_xss
34: "::Haml::Util.html_safe(#{precompiled_method_return_value_without_haml_xss})"
35: end
36: alias_method :precompiled_method_return_value_without_haml_xss, :precompiled_method_return_value
37: alias_method :precompiled_method_return_value, :precompiled_method_return_value_with_haml_xss
38: end
39:
40: true
41: end