search

judofyr / temple

Template compilation framework in Ruby
http://judofyr.net/posts/temple.html
MIT License
491 stars 53 forks source link

Fix a crash in StringSplitter filter #138

Closed k0kubun closed 1 year ago

k0kubun commented 2 years ago

StringSplitter splits a string literal %Q(href("#{1 + 1}");) into %Q(href(), 1 + 1, and %Q();).

Because %Q( ) was used for quoting the string and the string content also has parenthesis, it results in unterminated string meets end of file (SyntaxError).

To extract "href(" safely, we should just use a null character for quoting a string to be evaled.

k0kubun commented 2 years ago

There's a Haml user impacted by this. Once we merge this, can we cut a new release? If you wish, I can do that myself if you make me a gem owner on rubygems.org as well. Currently, I can only merge PRs and not release them.

k0kubun commented 2 years ago

@judofyr WDYT about https://github.com/judofyr/temple/pull/138#issuecomment-1255746989? I'd like to release and maintain the optimization filters I authored myself. If you're not comfortable with it, I could separately maintain Haml's original version in the Haml repository as well.

k0kubun commented 1 year ago

Thank you for the permission!