class TaintedLove::Replacer::ReplaceActionView
Public Instance Methods
append=(value)
click to toggle source
# File lib/tainted_love/replacer/replace_action_view.rb, line 12 def append=(value) if value.tainted? && value.html_safe? TaintedLove.report( :ReplaceActionView, value, [:xss], 'Tainted string is html_safe' ) end self << value end
render(*args, &block)
click to toggle source
Calls superclass method
# File lib/tainted_love/replacer/replace_action_view.rb, line 28 def render(*args, &block) super(*args) do |*sub_args, &sub_block| block.call(*sub_args, &sub_block).untaint end.untaint end
replace!()
click to toggle source
# File lib/tainted_love/replacer/replace_action_view.rb, line 10 def replace! ActionView::OutputBuffer.class_eval do def append=(value) if value.tainted? && value.html_safe? TaintedLove.report( :ReplaceActionView, value, [:xss], 'Tainted string is html_safe' ) end self << value end end # Untaint the yield of a template mod = Module.new do def render(*args, &block) super(*args) do |*sub_args, &sub_block| block.call(*sub_args, &sub_block).untaint end.untaint end end ActionView::Template.prepend(mod) if Object.const_defined?('ActionView::Template') end
should_replace?()
click to toggle source
# File lib/tainted_love/replacer/replace_action_view.rb, line 6 def should_replace? Object.const_defined?('ActionView') end