devth
(devth)
June 8, 2011, 1:28am
1
Upgraded from rails 3.0.7.rc1 to 3.0.8 today and ran into a problem when rendering haml:
TypeError in Pages#home
Cannot modify SafeBuffer in place
Full Trace:
activesupport (3.0.8) lib/active_support/core_ext/string/output_safety.rb:122:in `gsub!’
haml (3.1.1) lib/haml/compiler.rb:382:in `block in build_attributes’
haml (3.1.1) lib/haml/compiler.rb:358:in `each’
haml (3.1.1) lib/haml/compiler.rb:358:in `collect’
haml (3.1.1) lib/haml/compiler.rb:358:in `build_attributes’
haml (3.1.1) lib/haml/compiler.rb:407:in `prerender_tag’
haml (3.1.1) lib/haml/compiler.rb:119:in `compile_tag’
haml (3.1.1) lib/haml/compiler.rb:447:in `compile’
haml (3.1.1) lib/haml/compiler.rb:446:in `block (2 levels) in compile
Only way I can avoid the error is if I remove everything from application.haml below %body
Could this be the culprit? https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
Only way I can avoid the error is if I remove everything from application.haml below %body
Could this be the culprit? Do not modify a safe buffer in helpers · rails/rails@ed37964 · GitHub
No, this is:
committed 11:51PM - 07 Jun 11 UTC
Also make sure that the versions of those methods which modify a string in place… such as gsub! can't be called on safe buffers at all.
That change is intentional and haml will have to ship a point release
to address it. Sorry about this, we should have noticed earlier and
noticed the haml guys. We'll be sure to add haml views to our
security-verification checklist for future changes.
Please test with the most recent haml release: haml | RubyGems.org | your community gem host
Comment here: https://github.com/nex3/haml/issues/400 if you have any
further issues.
Chris
radar
(Ryan Bigg)
June 8, 2011, 2:39am
4
This should now be fixed with the 3.1.2 release of Haml: https://rubygems.org/gems/haml/versions/3.1.2 .
devth
(devth)
June 8, 2011, 3:30am
5
Excellent, working with haml 3.1.2.