class AngularXss::Escaper
Constants
- XSS_DISABLED_KEY
Public Class Methods
disable() { || ... }
click to toggle source
# File lib/angular_xss/escaper.rb, line 42 def self.disable old_disabled = Thread.current[XSS_DISABLED_KEY] Thread.current[XSS_DISABLED_KEY] = true yield ensure Thread.current[XSS_DISABLED_KEY] = old_disabled end
disabled?()
click to toggle source
# File lib/angular_xss/escaper.rb, line 38 def self.disabled? !!Thread.current[XSS_DISABLED_KEY] end
escape(string)
click to toggle source
BRACE = [
'\\{', '{', '{', '�*7b;', '�*123;',
] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#{BRACE.join(‘|’)})”, Regexp::IGNORECASE)
# File lib/angular_xss/escaper.rb, line 21 def self.escape(string) return unless string if disabled? string else string.to_s.gsub('{{'.freeze, '{{ $root.DOUBLE_LEFT_CURLY_BRACE }}'.freeze) end end
escape_if_unsafe(string)
click to toggle source
# File lib/angular_xss/escaper.rb, line 30 def self.escape_if_unsafe(string) if string.nil? || string.to_s.html_safe? string else escape(string.to_s) end end