Misc #15294
closed
Add warnings for invalid ERB trim modes
Description
Currently, the ERB library will accept any value for the "trim mode". If the trim mode is any string containing %, -, >, <> or an integer 0-2, the appropriate trim mode will be set. If not, no exception or warning is raised.
I had a bug in Brakeman for 1.5 years because I was passing the wrong value as the trim mode. Since the value coincidentally contained - on my test machine, I didn't notice until yesterday.
The attached patch proposes reporting a warning if an invalid trim mode is provided. It does allow a couple invalid modes (you could provide duplicate or conflicting values, like %% or <>>), but I think this is still an improvement over accepting any value at all.
If there is interest, I could spend some time to make it even more strict.
I set the uplevel to 5, which is right if a user is calling ERB.new (most common case?). I don't know if that is the correct approach.
In the future, perhaps this should be an exception instead of a warning.
Files
Updated by k0kubun (Takashi Kokubun) about 6 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r65671.
erb.rb: warn invalid trim_mode [Misc #15294]
From: Justin Collins justin@presidentbeef.com
Updated by k0kubun (Takashi Kokubun) about 6 years ago
I thought warning message should provide information that helps to fix the warning, so I modified your patch but applied that in r65671. Thanks.
Updated by