Open gyfis opened 5 years ago
Hi, I have a simple .haml file in rails:
- title = "<b>The dog</b> ate her cat's lunch" .js-tooltip{title: title} Dog 1 .js-tooltip{title: title.html_safe} Dog 2
When observing the source code, the first <div> gets transformed and escaped properly and behaves as expected:
<div>
<div class='js-tooltip' title='<b>The dog</b> ate her cat's lunch'> Dog 1 </div>
However, the second <div> gets transformed and escaped poorly, leading to an unfortunate accident that could have been avoided:
<div class='js-tooltip' title='<b>The dog</b> ate her cat's lunch'> Dog 2 </div>
It seems that haml-rails doesn't properly deal with ActiveSupport::SafeBuffer in element attributes (this bug doesn't occur when using = title).
ActiveSupport::SafeBuffer
= title
Let me know if I can provide more info or examples!
Hi, I have a simple .haml file in rails:
When observing the source code, the first
<div>
gets transformed and escaped properly and behaves as expected:However, the second
<div>
gets transformed and escaped poorly, leading to an unfortunate accident that could have been avoided:It seems that haml-rails doesn't properly deal with
ActiveSupport::SafeBuffer
in element attributes (this bug doesn't occur when using= title
).Let me know if I can provide more info or examples!