Sha256: 2ab243ded32694dcd3403cfe3ae9b793ecd9131a5f142244c07e5b2d4f42cc1e
Contents?: true
Size: 1001 Bytes
Versions: 3
Compression:
Stored size: 1001 Bytes
Contents
= "{{unsafe}}"
#{'{{unsafe}}'}
= "{{safe}}".html_safe
{{safe}}
= content_tag(:span, '{{unsafe}}')
= content_tag(:span, '{{safe}}'.html_safe)
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
= '{{unsafe}}'
-# HTML attributes in Haml work in different ways:
-# 1. Under certain conditions, attributes are precompiled.
-# We never have to escape those because they can not contain user input.
-# 2. Whenever there is a Ruby call on attributes, Haml will have to evaluate
-# them at runtime. Since they can contain user input, XSS logic applies.
-# Precompiled:
%div(foo='{{safe}}')
%div{:class => '{{safe}}', :id => '{{safe}}'}
-# Compiled at runtime:
- unsafe = '{{unsafe}}'
- safe = '{{safe}}'.html_safe
%div{:class => unsafe, :id => unsafe}
%div(bar="#{unsafe}")
%div{:foo => safe, :bar => unsafe}
{{safe}}
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| angular_xss-0.4.1 | spec/templates/_test_haml.haml |
| angular_xss-0.4.0 | spec/templates/_test_haml.haml |
| angular_xss-0.3.1 | spec/templates/_test_haml.haml |