Erubis::Eruby
This is from the rails_xss plugin for Rails 2
# File lib/brakeman/parsers/rails2_xss_plugin_erubis.rb, line 39 def add_expr_escaped(src, code) src << '@output_buffer << ' << escaped_expr(code) << ';' end
# File lib/brakeman/parsers/rails2_xss_plugin_erubis.rb, line 31 def add_expr_literal(src, code) if code =~ BLOCK_EXPR src << "@output_buffer.safe_concat((" << $1 << ").to_s);" else src << '@output_buffer << ((' << code << ').to_s);' end end
# File lib/brakeman/parsers/rails2_xss_plugin_erubis.rb, line 43 def add_postamble(src) #src << '@output_buffer.to_s' end
# File lib/brakeman/parsers/rails2_xss_plugin_erubis.rb, line 3 def add_preamble(src) #src << "@output_buffer = ActiveSupport::SafeBuffer.new;" end
This is different from rails_xss - fixes some line number issues
# File lib/brakeman/parsers/rails2_xss_plugin_erubis.rb, line 8 def add_text(src, text) if text == "\n" src << "\n" elsif text.include? "\n" lines = text.split("\n") if text.match(/\n\z/) lines.each do |line| src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n" end else lines[0..-2].each do |line| src << "@output_buffer.safe_concat('" << escape_text(line) << "');\n" end src << "@output_buffer.safe_concat('" << escape_text(lines.last) << "');" end else src << "@output_buffer.safe_concat('" << escape_text(text) << "');" end end
Generated with the Darkfish Rdoc Generator 2.