Sha256: 602eb0b977bf301c9a3493abb97078a2809993e1266f8a36928737fa17fa330f
Contents?: true
Size: 1.89 KB
Versions: 3
Compression:
Stored size: 1.89 KB
Contents
# frozen_string_literal: true
require "temple"
module Hanami
class View
# Specialized Temple buffer class that marks block-captured strings as HTML safe.
#
# This is important for any scope or part methods that receive a string from a yielded block
# and then determine whether to escape that string based on its `.html_safe?` value.
#
# In this case, since blocks captured templates _intentionally_ contain HTML (this is the
# purpose of the template after all), it makes sense to mark the entire captured block string as
# HTML safe.
#
# This is compatible with escaping of values interpolated into the template, since those will
# have already been automatically escaped by the template engine when they are evaluated, before
# the overall block is captured.
#
# This filter is included in all three of our supported HTML template engines (ERB, Haml and
# Slim) to provide consistent behavior across all.
#
# @see Hanami::View::ERB::Engine
# @see Hanami::View::HamlAdapter::Template
# @see Hanami::View::SlimAdapter::Template
#
# @api private
# @since 2.0.0
class HTMLSafeStringBuffer < Temple::Generators::StringBuffer
# Replace `Temple::Generator::ArrayBuffer#call` (which is used via the superclass of
# `StringBuffer`) with the standard implementation from the base `Temple::Generator`.
#
# This avoids certain specialisations in `ArrayBuffer#call` that prevent `#return_buffer` from
# being called. For our needs, `#return_buffer` must be called at all times in order to ensure
# the captured string is consistently marked as `.html_safe`.
def call(exp)
[preamble, compile(exp), postamble].flatten.compact.join('; ')
end
# Marks the string returned from the captured buffer as HTML safe.
def return_buffer
"#{buffer}.html_safe"
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems