Misc #15294


Add warnings for invalid ERB trim modes

Added by jsc (Justin Collins) about 5 years ago. Updated about 5 years ago.



Currently, the ERB library will accept any value for the "trim mode". If the trim mode is any string containing %, -, >, <> or an integer 0-2, the appropriate trim mode will be set. If not, no exception or warning is raised.

I had a bug in Brakeman for 1.5 years because I was passing the wrong value as the trim mode. Since the value coincidentally contained - on my test machine, I didn't notice until yesterday.

The attached patch proposes reporting a warning if an invalid trim mode is provided. It does allow a couple invalid modes (you could provide duplicate or conflicting values, like %% or <>>), but I think this is still an improvement over accepting any value at all.

If there is interest, I could spend some time to make it even more strict.

I set the uplevel to 5, which is right if a user is calling (most common case?). I don't know if that is the correct approach.

In the future, perhaps this should be an exception instead of a warning.


erb_trim_mode_warning.patch (1.41 KB) erb_trim_mode_warning.patch Add warnings for invalid ERB trim modes jsc (Justin Collins), 11/09/2018 09:02 PM
Actions #1

Updated by k0kubun (Takashi Kokubun) about 5 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r65671.

erb.rb: warn invalid trim_mode [Misc #15294]

From: Justin Collins

Updated by k0kubun (Takashi Kokubun) about 5 years ago

I thought warning message should provide information that helps to fix the warning, so I modified your patch but applied that in r65671. Thanks.


Also available in: Atom PDF