Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Sass dependency and better support template filters #1314

merged 7 commits into from Feb 16, 2019


None yet
1 participant
Copy link

presidentbeef commented Feb 16, 2019

This removes the dependency on the sass gem (and its dependencies, which require native libraries) while making it easier to support embedded filters for Haml and Slim (e.g. Sass, Markdown, etc.) without adding dependencies.

The idea is to override the calls to the embedded filters so they do not actually invoke the embedded template (sometimes this happens at compile time, at which point we also lose information about the original template).

For Slim, we insert a "fake" call to BrakemanFilter.render which we can detect later.

This may also make it easier to detect cross-site scripting in embedded filters.

@presidentbeef presidentbeef force-pushed the remove_sass_better_template_filter_support branch from 0710508 to c676694 Feb 16, 2019

@presidentbeef presidentbeef merged commit ba11482 into master Feb 16, 2019

5 checks passed

ci/circleci Your tests passed on CircleCI!
codeclimate All good!
codeclimate/diff-coverage 98% (90% threshold)
codeclimate/total-coverage 94% (0.0% change)
continuous-integration/travis-ci/pr The Travis CI build passed

@presidentbeef presidentbeef deleted the remove_sass_better_template_filter_support branch Feb 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.