kwatch / erubis Goto Github PK

Hello,

I'm importing a ticket from Rails: rails/rails#18098

Please find @rafaelfranca's comment (rails/rails#18098 (comment)) for a repro example.

It seems that ERB doesn't handle well tags embedded within another tag. My goal is to produce ERB code with some values prefilled in the first pass.

Input ERB code:

    <div>
        <%%= Results: <%= 'first' %> | <%= 'second' %> | <%= 'third' %> %>
    </div>

Produces the following output:

    <div>
        <%= Results: <%= 'first' %> | second | third %>
    </div>

Expected output is:

    <div>
        <%= Results: first | second | third %>
    </div>

The first nested ERB tag is skipped. The same happens when there is just one block nested.

This is reproducible in Rails v4.1.8, which is using Erubis v2.7.0.

Dear @kwatch,

Thank you for maintaining erubis. I have a tiny request: would you remove the Erubis version logging on boot? It is only logged on Rails 2.2+, and it clutters the output (especially when running tests in parallel).

I would happily provide a pull request if you agree to this change.

Best regards
/codener

Good day @kwatch ,

erubis is a dependency of Rails 3, 4, 5.0 [1][2][3]
When we install the Rails, erubis is used.

However when we install rails5.1, erubi is used instead of erubis [4][5]
erubi is a fork version of erubis.

But I think that we still need to maintain erubis for the users to use Rails 3, 4, 5.0.
So, I think that it's time to add co-maintainer newly.

Are there any people who are happy to maintain this?

I am happy to be maintainer of erubis.
I want to merge current PRs to fix tests for Rubies, and improve the development environment running Travis CI.

[1] https://github.com/junaruga/rails-install-tester/blob/master/rails/3.2.22.5/bundle_list.txt#L11
[2] https://github.com/junaruga/rails-install-tester/blob/master/rails/4.2.8/bundle_list.txt#L13
[3] https://github.com/junaruga/rails-install-tester/blob/master/rails/5.0.2/bundle_list.txt#L14
[4] https://rubygems.org/gems/erubi
[5] https://github.com/junaruga/rails-install-tester/blob/master/rails/5.1.0.rc1/bundle_list.txt#L14

ERB has the whitespace / newline suppression feature, but I have not seen newline suppression of <% foo %> in mentioned in Erubis documentation anywhere. I've also tried it out with no luck. Is this by design?

The "erubis" gem seems not to have a license at all. Unless a license that specifies otherwise is included, nobody else can use, copy, distribute, or modify that library without being at risk of take-downs, shake-downs, or litigation.

I know, that this gem has a license on github, however it's missing one at rubygems and in a gemspec.

Snyk is reporting a Medium security vulnerability due to un-escaped single quotes. https://security.snyk.io/vuln/SNYK-RUBY-ERUBIS-20482

I do see some PRs open addressing this issue but have not had any attention #19 and #18

Any updates or help you need to get this issue resolved and to the finish line?

Thanks.