Permalink
Browse files

BREAKING: Changing interpolation to escape by default

  • Loading branch information...
1 parent 7eb12cb commit 063907ecfe29090b22dfc0525743f607122092eb @aaronblohowiak aaronblohowiak committed May 11, 2011
Showing with 22 additions and 7 deletions.
  1. +1 −1 README.markdown
  2. +7 −5 lib/haml.js
  3. +12 −0 test/interpolation.haml
  4. +1 −0 test/interpolation.html
  5. +1 −1 test/other/custom_escape.html
View
@@ -196,7 +196,7 @@ Please see `test/whitespace.haml` for more examples.
As of version 0.2.0 there is string interpolation throughout. This means that the body of regular text areas can have embedded code. This is true for attributes and the contents of plugins like javascript and markdown also. If you notice an area that doesn't support interpolation and it should then send me a note and I'll add it.
-For interpolation, you may use `#{}` for unescaped interpolation or `!{}` for escaped interpolation.
+For interpolation, you may use `#{}` for escaped interpolation or `!{}` for unsafe interpolation.
## Plugins
View
@@ -153,16 +153,20 @@ var Haml;
match = value.substr(pos).match(embedder);
next = match[0].length;
if (next < 0) { break; }
- items.push(match[1] || match[2]);
- //items.push(escaperName+"("+(match[1] || match[2])+")");
+ if(match[1] === "#"){
+ items.push(escaperName+"("+(match[2] || match[3])+")");
+ }else{
+ //unsafe!!!
+ items.push(match[2] || match[3]);
+ }
pos += next;
}
return items.filter(function (part) { return part && part.length > 0}).join(" +\n");
}
// Used to find embedded code in interpolated strings.
- embedder = /\#\{([^}]*)\}/;
+ embedder = /([#!])\{([^}]*)\}/;
self_close_tags = ["meta", "img", "link", "br", "hr", "input", "area", "base"];
@@ -594,8 +598,6 @@ var Haml;
" }\n" +
"}"
-
-
return new Function("locals", escaper + str );
}
View
@@ -0,0 +1,12 @@
+- var amp = "&",
+ quo = '"',
+ carrots = "<>",
+ tag="<br/>";
+
+%p(id="p-#{amp}") Well then #{carrots}
+%p(id="p-!{amp}") Well then !{carrots}
+
+This is some text #{amp} it is cool. !{tag} i am doing fun stuff!
+
+%p(src="!{quo}!{tag}!{quo}")
+
View
@@ -0,0 +1 @@
+<p id="p-&amp;">Well then &lt;&gt;</p><p id="p-&">Well then <></p>This is some text &amp; it is cool. <br/> i am doing fun stuff!<p src=""<br/>""></p>
@@ -1 +1 @@
-<a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"></a> <a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"> </a> <a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo">moo</a><p apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"><br></p> <p> </p> <p> </p> <p attr0="moo" attr1="moo"></p><h1 id="<> blah">How's it going & how are you?</h1>
+<a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"></a> <a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"> </a> <a apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo">moo</a><p apos="moo" amp="moo" carrots="moo" quo="moo" sol="moo"><br></p> <p> </p> <p> </p> <p attr0="moo" attr1="moo"></p><h1 id="moo blah">Howmoos it going moo how are you?</h1>

0 comments on commit 063907e

Please sign in to comment.