-
-
Notifications
You must be signed in to change notification settings - Fork 574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
haml6 & string interpolation escapes #1084
Comments
Possibly in haml/util.rb it should be something like this? def unescape_interpolation(str, escape_html = nil)
res = ''.dup
rest = Haml::Util.handle_interpolation str.dump do |scan|
escapes = (scan[2].size - 1) / 2
char = scan[3] # '{', '@' or '$'
res << scan.matched[0...-3 - escapes]
if escapes % 2 == 1
res << "\##{char}"
else
interpolated = if char == '{'
balance(scan, ?{, ?}, 1)[0][0...-1]
else
scan.scan(/\w+/)
end
content = eval("\"#{interpolated}\"")
content = "#{char}#{content}" if char == '@' || char == '$'
- content = "CGI.escapeHTML((#{content}).to_s)" if escape_html
+ content = "Haml::Util.escape_html_safe((#{content}).to_s)" if escape_html
res << "\#{#{content}}"
end
end
res + rest
end |
I'll need more time to work on a better solution, but I accepted your patch for now. Thank you! |
Released as v6.0.1. |
freesteph
added a commit
to betagouv/dsfr-view-components
that referenced
this issue
Dec 28, 2022
And fix the templates since Haml 6.x seems to have changed the way it handles escaping[1]. [1]: haml/haml#1084
freesteph
added a commit
to betagouv/dsfr-view-components
that referenced
this issue
Dec 28, 2022
And fix the templates since Haml 6.x seems to have changed the way it handles escaping[1]. [1]: haml/haml#1084
freesteph
added a commit
to betagouv/dsfr-view-components
that referenced
this issue
Jan 2, 2023
And fix the templates since Haml 6.x seems to have changed the way it handles escaping[1]. [1]: haml/haml#1084
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for haml6! But I'm puzzled by a change we're seeing with it in our Rails 7.0.3 app. A template like this:
Generates this html in haml 5.2.2:
But generates this html in haml 6.0.0:
Should we still be able to use
foo #{html_safe_string} bar
withouthtml_safe_string
getting over-escaped?The text was updated successfully, but these errors were encountered: