Check for block expressions here

joloudov · Jan 14, 2013 · 6c9b5dc · 6c9b5dc
1 parent b63c3e5
commit 6c9b5dc
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/rails_xss/erubis.rb b/lib/rails_xss/erubis.rb
@@ -17,8 +17,10 @@ def add_text(src, text)
       src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
     end
 
+    BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
+
     def add_expr_literal(src, code)
-      if code =~ /\s*raw\s+(.*)/
+      if code =~ BLOCK_EXPR
         src << "@output_buffer.safe_concat((" << $1 << ").to_s);"
       else
         src << '@output_buffer << ((' << code << ').to_s);'