From f916b725acb53c605338eb00b7c22c4fdf874ee4 Mon Sep 17 00:00:00 2001 From: Jean Boussier Date: Mon, 26 Nov 2012 16:23:19 -0500 Subject: [PATCH 1/2] Allow to use a custom function to compile the escape pattern (<%- %>) EJS.escape_function is now a formatting string. Example: EJS.escape_function = '_.escape(%s)' --- lib/ejs.rb | 20 ++++++++++++-------- test/test_ejs.rb | 19 +++++++++++++++++++ 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/lib/ejs.rb b/lib/ejs.rb index 686649a..f9f6520 100644 --- a/lib/ejs.rb +++ b/lib/ejs.rb @@ -20,6 +20,7 @@ class << self attr_accessor :evaluation_pattern attr_accessor :interpolation_pattern attr_accessor :escape_pattern + attr_accessor :escape_function # Compiles an EJS template to a JavaScript function. The compiled # function takes an optional argument, an object specifying local @@ -69,7 +70,8 @@ def js_unescape!(source) def replace_escape_tags!(source, options) source.gsub!(options[:escape_pattern] || escape_pattern) do - "',(''+#{js_unescape!($1)})#{escape_function},'" + expression = "(''+#{js_unescape!($1)})" + "',#{runtime_escape!(expression)},'" end end @@ -85,17 +87,19 @@ def replace_interpolation_tags!(source, options) end end - def escape_function - ".replace(/&/g, '&')" + - ".replace(//g, '>')" + - ".replace(/\"/g, '"')" + - ".replace(/'/g, ''')" + - ".replace(/\\//g,'/')" + def runtime_escape!(expression) + escape_function % expression end end self.evaluation_pattern = /<%([\s\S]+?)%>/ self.interpolation_pattern = /<%=([\s\S]+?)%>/ self.escape_pattern = /<%-([\s\S]+?)%>/ + self.escape_function = + "%s.replace(/&/g, '&')" + + ".replace(//g, '>')" + + ".replace(/\"/g, '"')" + + ".replace(/'/g, ''')" + + ".replace(/\\//g,'/')" end diff --git a/test/test_ejs.rb b/test/test_ejs.rb index ed760da..1efe2e8 100644 --- a/test/test_ejs.rb +++ b/test/test_ejs.rb @@ -39,6 +39,25 @@ class EJSCompilationTest < Test::Unit::TestCase end end +class EJSCustomEscapeFunctionTest < Test::Unit::TestCase + extend TestHelper + + def setup + @original_escape_function = EJS.escape_function + EJS.escape_function = '_.escape(%s)' + end + + def teardown + EJS.escape_function = @original_escape_function + end + + test 'compile' do + result = EJS.compile('<%- name %>') + assert_match /_\.escape\(.+\)/, result + end + +end + class EJSCustomPatternTest < Test::Unit::TestCase extend TestHelper From 0ad295bab8fab8289f6855012de0f16bc96950c5 Mon Sep 17 00:00:00 2001 From: Jean Boussier Date: Mon, 26 Nov 2012 16:39:55 -0500 Subject: [PATCH 2/2] Let the `escape_function` handle the string coercion --- lib/ejs.rb | 5 ++--- test/test_ejs.rb | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/ejs.rb b/lib/ejs.rb index f9f6520..cda17a2 100644 --- a/lib/ejs.rb +++ b/lib/ejs.rb @@ -70,8 +70,7 @@ def js_unescape!(source) def replace_escape_tags!(source, options) source.gsub!(options[:escape_pattern] || escape_pattern) do - expression = "(''+#{js_unescape!($1)})" - "',#{runtime_escape!(expression)},'" + "',#{runtime_escape!(js_unescape!($1))},'" end end @@ -96,7 +95,7 @@ def runtime_escape!(expression) self.interpolation_pattern = /<%=([\s\S]+?)%>/ self.escape_pattern = /<%-([\s\S]+?)%>/ self.escape_function = - "%s.replace(/&/g, '&')" + + "('' + %s).replace(/&/g, '&')" + ".replace(//g, '>')" + ".replace(/\"/g, '"')" + diff --git a/test/test_ejs.rb b/test/test_ejs.rb index 1efe2e8..63fbc40 100644 --- a/test/test_ejs.rb +++ b/test/test_ejs.rb @@ -53,7 +53,7 @@ def teardown test 'compile' do result = EJS.compile('<%- name %>') - assert_match /_\.escape\(.+\)/, result + assert_match /_\.escape\(\s*name\s*\)/, result end end