Merge pull request #984 from wjordan/escape_interpolated_html

add escape_interpolated_html option
haml · Jan 22, 2019 · 877bbea · 877bbea
2 parents 99ded8b + 450f9c7
commit 877bbea
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1126,7 +1126,7 @@ is compiled to
     </div>
 
 Note that `#{}` interpolation within filters is HTML-escaped if you specify
-{Haml::Options#escape_html `:escape_html`} option.
+{Haml::Options#escape_interpolated_html `:escape_interpolated_html`} option.
 
 The functionality of some filters such as Markdown can be provided by many
 different libraries. Usually you don't have to worry about this - you can just

diff --git a/lib/haml/filters.rb b/lib/haml/filters.rb
@@ -164,7 +164,11 @@ def compile(compiler, text)
           if contains_interpolation?(text)
             return if options[:suppress_eval]
 
-            text = unescape_interpolation(text, options[:escape_html]).gsub(/(\\+)n/) do |s|
+            escape = options[:escape_interpolated_html]
+            # `escape_interpolated_html` defaults to `escape_html` if unset.
+            escape = options[:escape_html] if escape.nil?
+
+            text = unescape_interpolation(text, escape).gsub(/(\\+)n/) do |s|
               escapes = $1.size
               next s if escapes % 2 == 0
               "#{'\\' * (escapes - 1)}\n"

diff --git a/lib/haml/options.rb b/lib/haml/options.rb
@@ -8,7 +8,7 @@ class Options
     @valid_formats = [:html4, :html5, :xhtml]
 
     @buffer_option_keys = [:autoclose, :preserve, :attr_wrapper, :format,
-      :encoding, :escape_html, :escape_attrs, :hyphenate_data_attrs, :cdata]
+      :encoding, :escape_html, :escape_interpolated_html, :escape_attrs, :hyphenate_data_attrs, :cdata]
 
     # The default option values.
     # @return Hash
@@ -85,6 +85,13 @@ def self.wrap(options)
     # Defaults to false.
     attr_accessor :escape_html
 
+    # Sets whether or not to escape HTML-sensitive characters in interpolated strings.
+    # See also {file:REFERENCE.md#escaping_html Escaping HTML} and
+    # {file:REFERENCE.md#unescaping_html Unescaping HTML}.
+    #
+    # Defaults to the current value of `escape_html`.
+    attr_accessor :escape_interpolated_html
+
     # The name of the Haml file being parsed.
     # This is only used as information when exceptions are raised. This is
     # automatically assigned when working through ActionView, so it's really

diff --git a/lib/haml/temple_engine.rb b/lib/haml/temple_engine.rb
@@ -13,6 +13,7 @@ class TempleEngine < Temple::Engine
       encoding:             nil,
       escape_attrs:         true,
       escape_html:          false,
+      escape_interpolated_html: nil,
       filename:             '(haml)',
       format:               :html5,
       hyphenate_data_attrs: true,