Sha256: 5448978cdc92e6c84878aab20a9724f5789c0851b8dd93387dabc4c40f099453

Contents?: true

Size: 1.2 KB

Versions: 3

Compression:

Stored size: 1.2 KB

Contents

module Immunio
  # Hook for Slim template engine.
  module SlimHooks
    extend ActiveSupport::Concern

    included do
      Immunio::Utils.alias_method_chain self, :on_slim_output, :immunio
    end

    def on_slim_output_with_immunio(escape, code, content)
      # Allow Slim to insert "do" if judged appropriate
      result = on_slim_output_without_immunio(escape, code, content)
      code = result[3]

      # Wrap expressions in the templates to track their rendered value.
      # Do not wrap expressions with blocks, eg.: `= form_tag do`
      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
        unless code =~ Slim::DoInserter::BLOCK_REGEX
          # Escape if we're told to by Slim
          code = Immunio::Template.generate_render_var_code(code, escape)
        end
      end

      result[3] = code
      result
    end
  end
end

ActiveSupport.on_load(:after_initialize) do
  # Wait after Rails initialization to patch custom template engines.
  Immunio::Plugin.load(
    'Slim',
    feature: 'xss',
    hooks: Immunio::XSS_HOOKS) do |plugin|

    if defined? Slim::DoInserter
      Slim::DoInserter.send :include, Immunio::SlimHooks
      plugin.loaded! Slim::VERSION
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
immunio-2.0.4 lib/immunio/plugins/action_view/slim.rb
immunio-2.0.3 lib/immunio/plugins/action_view/slim.rb
immunio-2.0.2 lib/immunio/plugins/action_view/slim.rb