RubygemsResearch

Sha256: 9eb96ed5432d9aaa59cc29248e78e3c0cc5ed87ec0024ec8b800d4bbad5f705a

Contents?: true

Size: 999 Bytes

Versions: 3

Compression:

Stored size: 999 Bytes

= "{{unsafe}}"
#{'{{unsafe}}'}
= "{{safe}}".html_safe

{{safe}}

= content_tag(:span, '{{unsafe}}')
= content_tag(:span, '{{safe}}'.html_safe)

= '{&lcub;unsafe}}'
= '{&lbrace;unsafe}}'
= '{&#x7b;unsafe}}'
= '{&#X7B;unsafe}}'
= '{&#x000007b;unsafe}}'
= '{&#x000000000007b;unsafe}}'
= '{&#123;unsafe}}'
= '{&#000000123;unsafe}}'
= '{&#0000000000000123;unsafe}}'
= '&lcub;&#x7b;unsafe}}'

-# HTML attributes in Haml work in different ways:
-# 1. Under certain conditions, attributes are precompiled.
-#    We never have to escape those because they can not contain user input.
-# 2. Whenever there is a Ruby call on attributes, Haml will have to evaluate
-#    them at runtime. Since they can contain user input, XSS logic applies.

-# Precompiled:
%div(foo='{{safe}}')
%div{:class => '{{safe}}', :id => '{{safe}}'}

-# Compiled at runtime:
%div{:class => '{{unsafe}}', :id => '{{unsafe}}', :foo => rand}
%div(bar="#{'{{unsafe}}'}")
%div{:foo => '{{safe}}'.html_safe, :bar => '{{unsafe}}'}
  {{safe}}

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
angular_xss-0.3.0	spec/shared/app_root/app/views/test/_test_haml.haml
angular_xss-0.2.3	spec/shared/app_root/app/views/test/_test_haml.haml
angular_xss-0.2.2	spec/shared/app_root/app/views/test/_test_haml.haml