@@ -5,32 +5,32 @@ module ActionView module TemplateHandlers class SafeErb < TemplateHandler include Compilable rescue nil # does not exist prior Rails 2.1 - include SafemodeHandler + extend SafemodeHandler def self.line_offset 0 end - + def compile(template) # Rails 2.0 passes the template source, while Rails 2.1 passes the # template instance src = template.respond_to?(:source) ? template.source : template + filename = template.filename rescue nil code = ::ERB.new(src, nil, @view.erb_trim_mode).src code.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them - - # wow, this sucks. ruby gets totally confused about backtrace line numbers - # when the line_offset is greater than x (like 5?) so that Rails' template - # error rewriting breaks. thus, we have to reduce the code to no more than - # one line before the actually executed template code starts - - preamble = "assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) } - methods = #{delegate_methods.inspect} + ActionController::Routing::Routes.named_routes.helpers;".gsub("\n", ';') - - postamble = "box = Safemode::Box.new(self, methods) - box.eval(code, assigns, local_assigns, &lambda{ yield })".gsub("\n", ';') - - preamble + "code = %Q(#{code});" + postamble + + code = <<-CODE + handler = ActionView::TemplateHandlers::SafeHaml + assigns = handler.valid_assigns(@template.assigns) + methods = handler.delegate_methods(self) + code = %Q(#{code}); + + box = Safemode::Box.new(self, methods, #{filename.inspect}, 0) + box.eval(code, assigns, local_assigns, &lambda{ yield }) + CODE + puts code + code end end end lib/action_view/template_handlers/safe_erb.rb @@ -5,7 +5,7 @@ module ActionView module TemplateHandlers class SafeHaml < TemplateHandler include Compilable rescue nil # does not exist prior Rails 2.1 - include SafemodeHandler + extend SafemodeHandler def self.line_offset 3 @@ -15,11 +15,12 @@ module ActionView # Rails 2.0 passes the template source, while Rails 2.1 passes the # template instance src = template.respond_to?(:source) ? template.source : template + filename = template.filename rescue nil options = Haml::Template.options.dup haml = Haml::Engine.new template, options methods = delegate_methods + ActionController::Routing::Routes.named_routes.helpers - haml.precompile_for_safemode ignore_assigns, methods + haml.precompile_for_safemode filename, ignore_assigns, methods end end end lib/action_view/template_handlers/safe_haml.rb @@ -1,19 +1,27 @@ module ActionView module TemplateHandlers - module SafemodeHandler - def delegate_methods - [ :render, :params, :flash ] + helper_methods - end + module SafemodeHandler - def helper_methods - @view.class.included_modules.collect {|m| m.instance_methods(false) }.flatten.map(&:to_sym) + def valid_assigns(assigns) + assigns = assigns.reject{|key, value| skip_assigns.include?(key) } + end + + def delegate_methods(view) + [ :render, :params, :flash ] + + helper_methods(view) + + ActionController::Routing::Routes.named_routes.helpers end - def ignore_assigns - [ "_cookies", "_flash", "_headers", "_params", "_request", "_response", - "_session", "before_filter_chain_aborted", "ignore_missing_templates", - "logger", "request_origin", "template", "template_class", "url", - "variables_added", "view_paths" ] + def helper_methods(view) + view.class.included_modules.collect {|m| m.instance_methods(false) }.flatten.map(&:to_sym) + end + + def skip_assigns + [ "_cookies", "_flash", "_headers", "_params", "_request", + "_response", "_session", "before_filter_chain_aborted", + "ignore_missing_templates", "logger", "request_origin", + "template", "template_class", "url", "variables_added", + "view_paths" ] end end end lib/action_view/template_handlers/safemode_handler.rb @@ -10,23 +10,32 @@ end module Haml class Engine - def precompile_for_safemode(ignore_assigns = [], delegate_methods = []) + def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = []) @precompiled.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them - # wow, this sucks. ruby gets totally confused about backtrace line numbers - # when the line_offset is greater than x (like 5?) so that Rails' template - # error rewriting breaks. thus, we have to reduce the code to no more than - # one line before the actually executed template code starts + <<-CODE + buffer = Haml::Buffer.new(#{options_for_buffer.inspect}) + local_assigns = local_assigns.merge :_hamlout => buffer + + handler = ActionView::TemplateHandlers::SafeHaml + assigns = handler.valid_assigns(@template.assigns) + methods = handler.delegate_methods(self) + code = %Q(#{code}); + + box = Safemode::Box.new(self, methods, #{filename.inspect}, 0) + box.eval(code, assigns, local_assigns, &lambda{ yield }) + buffer.buffer + CODE - preamble = "buffer = Haml::Buffer.new(#{options_for_buffer.inspect}) - local_assigns = local_assigns.merge :_hamlout => buffer - assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) };".gsub("\n", ';') - - postamble = "box = Safemode::Box.new(self, #{delegate_methods.inspect}) - box.eval(code, assigns, local_assigns, &lambda{ yield }) - buffer.buffer".gsub("\n", ';') - - preamble + "code = %Q(#{@precompiled});" + postamble + # preamble = "buffer = Haml::Buffer.new(#{options_for_buffer.inspect}) + # local_assigns = local_assigns.merge :_hamlout => buffer + # assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) };".gsub("\n", ';') + # + # postamble = "box = Safemode::Box.new(self, #{delegate_methods.inspect}) + # box.eval(code, assigns, local_assigns, &lambda{ yield }) + # buffer.buffer".gsub("\n", ';') + # + # preamble + "code = %Q(#{@precompiled});" + postamble end end end \ No newline at end of file lib/haml/safemode.rb @@ -32,14 +32,16 @@ module Safemode define_core_jail_classes class Box - def initialize(delegate = nil, delegate_methods = []) + def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil) @scope = Scope.new(delegate, delegate_methods) + @filename = filename + @line = line end def eval(code, assigns = {}, locals = {}, &block) code = Parser.jail(code) binding = @scope.bind(assigns, locals, &block) - result = Kernel.eval code, binding, __FILE__, __LINE__ + result = Kernel.eval code, binding, @filename || __FILE__, @line || __LINE__ end def output lib/safemode.rb 65c892659674bab0a90303df7414ae8a0b7dae8b Sven Fuchs svenfuchs@artweb-design.de http://github.com/svenfuchs/safemode/commit/9af90112548bc5be5b897cd94e67e3cd374cef9b 9af90112548bc5be5b897cd94e67e3cd374cef9b 2008-05-03T12:28:41-07:00 2008-05-03T12:28:41-07:00 add optional parameters filename and line to Safemode::Box use them for evaluation if present use them in SafeErb and SafeHaml handlers 92baabf119d93cf56593b3638ec365d83546c331 Sven Fuchs svenfuchs@artweb-design.de