class Sqreen::Rules::Haml4ParserTagHookCB

Hook into haml4 tag parser

Public Class Methods

new(*args) click to toggle source
Calls superclass method Sqreen::Rules::RuleCB::new
# File lib/sqreen/rules/xss_cb.rb, line 141
def initialize(*args)
  super(*args)
  @overtimeable = false
end

Public Instance Methods

post(ret, _inst, _args, _budget = nil, &_block) click to toggle source
# File lib/sqreen/rules/xss_cb.rb, line 146
def post(ret, _inst, _args, _budget = nil, &_block)
  return unless Haml::VERSION < '5'
  tag = ret
  if tag.value[:escape_html] == false &&
     tag.value[:value].respond_to?(:include?) &&
     !tag.value[:value].include?('html_escape') &&
     tag.value[:parse] == true
    tag.value[:value] = "Sqreen.escape_haml((#{tag.value[:value]}))"
    return { :status => :override, :new_return_value => tag }
  end
  nil
end