Skip to content

B
Brakeman

李少辉-开发者 / Brakeman

通知 1
Star 0
Fork 0
B
Brakeman

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 46b97150 编写于 作者: J Justin Collins
浏览文件
操作

Fix ERB parsing <%== 

also update BLOCK_EXPR regex from head Rails
上级 4f75d763
隐藏空白更改
内联 并排
Showing with 4 addition and 2 deletion
lib/brakeman/parsers/rails3_erubis.rb
浏览文件 @ 46b97150
...@@ -29,7 +29,7 @@ class Brakeman::Rails3Erubis < ::Erubis::Eruby ...@@ -29,7 +29,7 @@ class Brakeman::Rails3Erubis < ::Erubis::Eruby
end end
end end
BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/ BLOCK_EXPR = /\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/
def add_expr_literal(src, code) def add_expr_literal(src, code)
if code =~ BLOCK_EXPR if code =~ BLOCK_EXPR
...@@ -43,7 +43,7 @@ class Brakeman::Rails3Erubis < ::Erubis::Eruby ...@@ -43,7 +43,7 @@ class Brakeman::Rails3Erubis < ::Erubis::Eruby
if code =~ BLOCK_EXPR if code =~ BLOCK_EXPR
src << "@output_buffer.safe_append= " << code src << "@output_buffer.safe_append= " << code
else else
src << "@output_buffer.safe_concat(" << code << ");" src << "@output_buffer.safe_append= (" << code << ");"
end end
end end
......
test/apps/rails4/app/views/users/test_parse.html.erb 0 → 100644
浏览文件 @ 46b97150
Testing double ==
<%== %{t="#{stuff unless other? }"} if current_user %>
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册