class AngularXss::Escaper

Constants

XSS_DISABLED_KEY

Public Class Methods

disable() { || ... } click to toggle source
# File lib/angular_xss/escaper.rb, line 42
def self.disable
  old_disabled = Thread.current[XSS_DISABLED_KEY]
  Thread.current[XSS_DISABLED_KEY] = true
  yield
ensure
  Thread.current[XSS_DISABLED_KEY] = old_disabled
end
disabled?() click to toggle source
# File lib/angular_xss/escaper.rb, line 38
def self.disabled?
  !!Thread.current[XSS_DISABLED_KEY]
end
escape(string) click to toggle source

BRACE = [

'\\{',
'{',
'{',
'&#x0*7b;',
'&#0*123;',

] DOUBLE_BRACE_REGEXP = Regexp.new(“(#{BRACE.join(‘|’)})(#{BRACE.join(‘|’)})”, Regexp::IGNORECASE)

# File lib/angular_xss/escaper.rb, line 21
def self.escape(string)
  return unless string
  if disabled?
    string
  else
    string.to_s.gsub('{{'.freeze, '{{ $root.DOUBLE_LEFT_CURLY_BRACE }}'.freeze)
  end
end
escape_if_unsafe(string) click to toggle source
# File lib/angular_xss/escaper.rb, line 30
def self.escape_if_unsafe(string)
  if string.nil? || string.to_s.html_safe?
    string
  else
    escape(string.to_s)
  end
end