diff options
| author | makoto kuwata <kwa@kuwata-lab.com> | 2006-04-26 09:23:59 +0000 |
|---|---|---|
| committer | makoto kuwata <kwa@kuwata-lab.com> | 2006-04-26 09:23:59 +0000 |
| commit | 0cc5ba197c97a8f26574115bea60013d423db891 (patch) | |
| tree | fca2235bc65c3e5a4bec5273967559da30c3ab5b /lib/erubis/enhancer.rb | |
| parent | e0ca656ab98f192b7260c852c4da81f9c5c8a9ea (diff) | |
| download | erubis-0cc5ba197c97a8f26574115bea60013d423db891.tar.gz | |
- [change] class EscapedEruby is removed and add EscapeEnhancer
- [change] XmlEruby includes EscapeEnhancer
Diffstat (limited to 'lib/erubis/enhancer.rb')
| -rw-r--r-- | lib/erubis/enhancer.rb | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/lib/erubis/enhancer.rb b/lib/erubis/enhancer.rb index 79c0e8c..8c0f04b 100644 --- a/lib/erubis/enhancer.rb +++ b/lib/erubis/enhancer.rb @@ -11,6 +11,98 @@ require 'erubis/eruby' module Erubis + ## + ## helper for xml + ## + module XmlHelper + + module_function + + def escape_xml(obj) + str = obj.to_s.dup + #str = obj.to_s + #str = str.dup if obj.__id__ == str.__id__ + str.gsub!(/&/, '&') + str.gsub!(/</, '<') + str.gsub!(/>/, '>') + str.gsub!(/"/, '"') #" + return str + end + + alias h escape_xml + alias html_escape escape_xml + + end + + + module PrivateHelper # :nodoc: + + module_function + + def report_expr(src, code) + code.strip! + s = code.dump + s.sub!(/\A"/, '') + s.sub!(/"\z/, '') + src << " $stderr.puts(\"** erubis: #{s} = \#{(#{code}).inspect}\");" + end + + end + + + ## + ## convenient module to escape expression value ('<%= ... %>') by default + ## + ## ex. + ## class LatexEruby < Eruby + ## def self.escape(str) + ## return str.gsub(/[%\\]/, '\\\1') + ## end + ## def escaped_expr(expr_code) + ## return "LatexEruby.escape(#{expr_code})" + ## end + ## end + ## + module EscapeEnhancer + + protected + + ## + ## abstract method to convert expression code into escaped + ## + ## ex. + ## def escaped_expr(code) + ## return "CGI.escapeHTML(#{code})" + ## end + ## + def escaped_expr(code) + raise NotImplementedError.new("#{self.class.name}#escaped_expr() is not implemented.") + end + + + ## + ## escape expression code ('<%= .... %>') + ## + ## * '<%= ... %>' => escaped + ## * '<%== ... %>' => not escaped + ## * '<%=== ... %>' => report expression value into $stderr + ## + def add_src_expr(src, code, indicator) + case indicator + when '=' # <%= %> + src << " _out << " << escaped_expr(code) << ";" + when '==' # <%== %> + super + when '===' # <%=== %> + PrivateHelper.report_expr(src, code) + else + # nothing + end + end + + end + + ## (obsolete) module FastEnhancer end @@ -53,6 +145,19 @@ module Erubis end + ## + ## sanitize expression (<%= ... %>) by default + ## + class XmlEruby < Eruby + include EscapeEnhancer + + def escaped_expr(code) + return "Erubis::XmlHelper.escape_xml(#{code})" + end + + end + + ## (obsolete) class FastEruby < Eruby include FastEnhancer |