Changeset 243
- Timestamp:
- 02/28/08 11:37:09 (6 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
rubygems/tarantula/trunk/vendor/xss-shield/lib/xss_shield.rb
r240 r243 2 2 # Tarantula doesn't use haml 3 3 # require 'xss_shield/haml_hacks' 4 require 'xss_shield/erb_hacks' 4 # ERB hacks blow up Rails 5 # require 'xss_shield/erb_hacks' 5 6 require 'xss_shield/secure_helpers' rubygems/tarantula/trunk/vendor/xss-shield/lib/xss_shield/erb_hacks.rb
r240 r243 7 7 scanner = make_scanner(s) 8 8 scanner.scan do |token| 9 10 9 if scanner.stag.nil? 10 case token 11 11 when PercentLine 12 13 12 out.push("#{@put_cmd} #{content.dump}") if content.size > 0 13 content = '' 14 14 out.push(token.to_s) 15 15 out.cr 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 16 when :cr 17 out.cr 18 when '<%', '<%=', '<%#' 19 scanner.stag = token 20 out.push("#{@put_cmd} #{content.dump}") if content.size > 0 21 content = '' 22 when "\n" 23 content << "\n" 24 out.push("#{@put_cmd} #{content.dump}") 25 out.cr 26 content = '' 27 when '<%%' 28 content << '<%' 29 else 30 content << token 31 end 32 else 33 case token 34 when '%>' 35 case scanner.stag 36 when '<%' 37 if content[-1] == ?\n 38 content.chop! 39 out.push(content) 40 out.cr 41 else 42 out.push(content) 43 end 44 when '<%=' 45 45 # NOTE: Changed lines 46 46 out.push("#{@insert_cmd}((#{content}).to_s_xss_protected)") 47 47 # NOTE: End changed lines 48 49 50 51 52 53 54 55 56 57 58 48 when '<%#' 49 # out.push("# #{content.dump}") 50 end 51 scanner.stag = nil 52 content = '' 53 when '%%>' 54 content << '%>' 55 else 56 content << token 57 end 58 end 59 59 end 60 60 out.push("#{@put_cmd} #{content.dump}") if content.size > 0
