Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Sass dependency and better support template filters #1314

Merged
merged 7 commits into from Feb 16, 2019

Conversation

Projects
None yet
1 participant
@presidentbeef
Copy link
Owner

presidentbeef commented Feb 16, 2019

This removes the dependency on the sass gem (and its dependencies, which require native libraries) while making it easier to support embedded filters for Haml and Slim (e.g. Sass, Markdown, etc.) without adding dependencies.

The idea is to override the calls to the embedded filters so they do not actually invoke the embedded template (sometimes this happens at compile time, at which point we also lose information about the original template).

For Slim, we insert a "fake" call to BrakemanFilter.render which we can detect later.

This may also make it easier to detect cross-site scripting in embedded filters.

@presidentbeef presidentbeef force-pushed the remove_sass_better_template_filter_support branch from 0710508 to c676694 Feb 16, 2019

@presidentbeef presidentbeef merged commit ba11482 into master Feb 16, 2019

5 checks passed

ci/circleci Your tests passed on CircleCI!
Details
codeclimate All good!
Details
codeclimate/diff-coverage 98% (90% threshold)
Details
codeclimate/total-coverage 94% (0.0% change)
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@presidentbeef presidentbeef deleted the remove_sass_better_template_filter_support branch Feb 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.