New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Produces broken syntax for certain calls inside attribute interpolation #921

Closed
elia opened this Issue May 3, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@elia
Contributor

elia commented May 3, 2017

Here's the reproduction

puts Haml::Engine.new(%{%a(data-foo="#{render 'foobar',foo: bar}")}).precompiled.gsub(';', "\n")

the following has been re-indented for readability, notice that the second line produces invalid code ("#{render 'foobar')

_hamlout.buffer << ("<a".freeze)
_haml_attribute_compiler1 = ("#{render 'foobar')
case (_haml_attribute_compiler1)
when Hash
  _hamlout.buffer << ((_hamlout.attributes({ "data-foo".freeze => _haml_attribute_compiler1 }, nil)).to_s)

when true
  _hamlout.buffer << (" data-foo".freeze)

when false, nil
else
  _hamlout.buffer << (" data-foo='".freeze)

  _hamlout.buffer << (::Haml::Helpers.html_escape((_haml_attribute_compiler1)))

  _hamlout.buffer << ("'".freeze)

end
_haml_attribute_compiler2 = (bar}")
case (_haml_attribute_compiler2)
when Hash
  _hamlout.buffer << ((_hamlout.attributes({ "foo".freeze => _haml_attribute_compiler2 }, nil)).to_s)
  
when true
  _hamlout.buffer << (" foo".freeze)
  
when false, nil
else
  _hamlout.buffer << (" foo='".freeze)
  
  _hamlout.buffer << (::Haml::Helpers.html_escape((_haml_attribute_compiler2)))
  
  _hamlout.buffer << ("'".freeze)
  
end
_hamlout.buffer << ("></a>\n".freeze)
@k0kubun

This comment has been minimized.

Show comment
Hide comment
@k0kubun

k0kubun May 3, 2017

Member

Thank you for reporting. But this is essentially the same as #917 and already fixed on master branch. Please wait for new release.

Member

k0kubun commented May 3, 2017

Thank you for reporting. But this is essentially the same as #917 and already fixed on master branch. Please wait for new release.

@k0kubun k0kubun closed this May 3, 2017

@k0kubun

This comment has been minimized.

Show comment
Hide comment
@k0kubun

k0kubun May 3, 2017

Member

@amatsuda Could you ship a new release?

Member

k0kubun commented May 3, 2017

@amatsuda Could you ship a new release?

@amatsuda

This comment has been minimized.

Show comment
Hide comment
@amatsuda

amatsuda May 3, 2017

Member

Yes, just released 5.0.1 gem including the patch for this issue.

Member

amatsuda commented May 3, 2017

Yes, just released 5.0.1 gem including the patch for this issue.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Jun 21, 2017

taca
Update ruby-haml to 5.0.1
## 5.0.1

Released on May 3, 2017
([diff](haml/haml@v5.0.0...v5.0.1)).

* Fix parsing attributes including string interpolation. [#917](haml/haml#917) [#921](haml/haml#921)
* Stop distributing test files in gem package and allow installing on Windows.
* Use ActionView's Erubi/Erubis handler for erb filter only on ActionView. [#914](haml/haml#914)

## 5.0.0

Released on April 26, 2017
([diff](haml/haml@4.0.7...v5.0.0)).

Breaking Changes

* Haml now requires Ruby 2.0.0 or above.
* Rails 3 is no longer supported, matching the official
  [Maintenance Policy for Ruby on Rails](http://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/).
  (Tee Parham)
* The `haml` command's debug option (`-d`) no longer executes the Haml code, but
  rather checks the generated Ruby syntax for errors.
* Drop parser/compiler accessor from `Haml::Engine`. Modify `Haml::Engine#initialize` options
  or `Haml::Template.options` instead. (Takashi Kokubun)
* Drop dynamic quotes support and always escape `'` for `escape_html`/`escape_attrs` instead.
  Also, escaped results are slightly changed and always unified to the same characters. (Takashi Kokubun)
* Don't preserve newlines in attributes. (Takashi Kokubun)
* HTML escape interpolated code in filters.
  [#770](haml/haml#770)
  (Matt Wildig)

        :javascript
          #{JSON.generate(foo: "bar")}
        Haml 4 output: {"foo":"bar"}
        Haml 5 output: {&quot;foo&quot;:&quot;bar&quot;}

Added

* Add a tracing option. When enabled, Haml will output a data-trace attribute on each tag showing the path
  to the source Haml file from which it was generated. Thanks [Alex Babkin](https://github.com/ababkin).
* Add `haml_tag_if` to render a block, conditionally wrapped in another element (Matt Wildig)
* Support Rails 5.1 Erubi template handler.
* Support Sprockets 3. Thanks [Sam Davies](https://github.com/samphilipd) and [Jeremy Venezia](https://github.com/jvenezia).
* General performance and memory usage improvements. (Akira Matsuda)
* Analyze attribute values by Ripper and render static attributes beforehand. (Takashi Kokubun)
* Optimize attribute rendering about 3x faster. (Takashi Kokubun)
* Add temple gem as dependency and create `Haml::TempleEngine` class.
  Some methods in `Haml::Compiler` are migrated to `Haml::TempleEngine`. (Takashi Kokubun)

Fixed

* Fix for attribute merging. When an attribute method (or literal nested hash)
  was used in an old style attribute hash and there is also a (non-static) new
  style hash there is an error. The fix can result in different behavior in
  some circumstances. See the [commit message](https://github.com/haml/haml/tree/e475b015d3171fb4c4f140db304f7970c787d6e3)
  for detailed info. (Matt Wildig)
* Make escape_once respect hexadecimal references. (Matt Wildig)
* Don't treat the 'data' attribute specially when merging attribute hashes. (Matt Wildig and Norman Clarke)
* Fix #@foo and #$foo style interpolation that was not working in html_safe mode. (Akira Matsuda)
* Allow `@` as tag's class name. Thanks [Joe Bartlett](https://github.com/redoPop).
* Raise `Haml::InvalidAttributeNameError` when attribute name includes invalid characters. (Takashi Kokubun)
* Don't ignore unexpected exceptions on initializing `ActionView::OutputBuffer`. (Takashi Kokubun)

jsonn pushed a commit to jsonn/pkgsrc that referenced this issue Jun 21, 2017

taca
Update ruby-haml to 5.0.1
## 5.0.1

Released on May 3, 2017
([diff](haml/haml@v5.0.0...v5.0.1)).

* Fix parsing attributes including string interpolation. [#917](haml/haml#917) [#921](haml/haml#921)
* Stop distributing test files in gem package and allow installing on Windows.
* Use ActionView's Erubi/Erubis handler for erb filter only on ActionView. [#914](haml/haml#914)

## 5.0.0

Released on April 26, 2017
([diff](haml/haml@4.0.7...v5.0.0)).

Breaking Changes

* Haml now requires Ruby 2.0.0 or above.
* Rails 3 is no longer supported, matching the official
  [Maintenance Policy for Ruby on Rails](http://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/).
  (Tee Parham)
* The `haml` command's debug option (`-d`) no longer executes the Haml code, but
  rather checks the generated Ruby syntax for errors.
* Drop parser/compiler accessor from `Haml::Engine`. Modify `Haml::Engine#initialize` options
  or `Haml::Template.options` instead. (Takashi Kokubun)
* Drop dynamic quotes support and always escape `'` for `escape_html`/`escape_attrs` instead.
  Also, escaped results are slightly changed and always unified to the same characters. (Takashi Kokubun)
* Don't preserve newlines in attributes. (Takashi Kokubun)
* HTML escape interpolated code in filters.
  [#770](haml/haml#770)
  (Matt Wildig)

        :javascript
          #{JSON.generate(foo: "bar")}
        Haml 4 output: {"foo":"bar"}
        Haml 5 output: {&quot;foo&quot;:&quot;bar&quot;}

Added

* Add a tracing option. When enabled, Haml will output a data-trace attribute on each tag showing the path
  to the source Haml file from which it was generated. Thanks [Alex Babkin](https://github.com/ababkin).
* Add `haml_tag_if` to render a block, conditionally wrapped in another element (Matt Wildig)
* Support Rails 5.1 Erubi template handler.
* Support Sprockets 3. Thanks [Sam Davies](https://github.com/samphilipd) and [Jeremy Venezia](https://github.com/jvenezia).
* General performance and memory usage improvements. (Akira Matsuda)
* Analyze attribute values by Ripper and render static attributes beforehand. (Takashi Kokubun)
* Optimize attribute rendering about 3x faster. (Takashi Kokubun)
* Add temple gem as dependency and create `Haml::TempleEngine` class.
  Some methods in `Haml::Compiler` are migrated to `Haml::TempleEngine`. (Takashi Kokubun)

Fixed

* Fix for attribute merging. When an attribute method (or literal nested hash)
  was used in an old style attribute hash and there is also a (non-static) new
  style hash there is an error. The fix can result in different behavior in
  some circumstances. See the [commit message](https://github.com/haml/haml/tree/e475b015d3171fb4c4f140db304f7970c787d6e3)
  for detailed info. (Matt Wildig)
* Make escape_once respect hexadecimal references. (Matt Wildig)
* Don't treat the 'data' attribute specially when merging attribute hashes. (Matt Wildig and Norman Clarke)
* Fix #@foo and #$foo style interpolation that was not working in html_safe mode. (Akira Matsuda)
* Allow `@` as tag's class name. Thanks [Joe Bartlett](https://github.com/redoPop).
* Raise `Haml::InvalidAttributeNameError` when attribute name includes invalid characters. (Takashi Kokubun)
* Don't ignore unexpected exceptions on initializing `ActionView::OutputBuffer`. (Takashi Kokubun)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment