Move to Ruby 2.7+

.github/workflows/ci.yml

@@ -17,11 +17,7 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
-          - "2.5"
-          - "2.6"
           - "2.7"
-          - "3.0"
-          - "3.1"
     steps:
       - uses: actions/checkout@v3
       - uses: ruby/setup-ruby@v1

README.markdown

@@ -23,9 +23,11 @@ For manual evaluation of Ruby code and ERB templates see demo.rb
 You can use the ActionView template handlers by registering them, e.g., in 
 a config/initializer file like this:
 
-    # in config/intializer/safemode_tempate_handlers.rb
-    ActionView::Template.register_template_handler :serb, ActionView::TemplateHandlers::SafeErb
-    ActionView::Template.register_template_handler :haml, ActionView::TemplateHandlers::SafeHaml
+```ruby
+# in config/intializer/safemode_tempate_handlers.rb
+ActionView::Template.register_template_handler :serb, ActionView::TemplateHandlers::SafeErb
+ActionView::Template.register_template_handler :haml, ActionView::TemplateHandlers::SafeHaml
+```
 
 If you register the ERB template handler for the file extension :erb be aware
 that this most probably will break when your application tries to render an
@@ -36,11 +38,13 @@ You will then have to "whitelist" all method calls to the objects that are
 registered as template variables by explicitely allowing access to them. You
 can do that by defining a Safemode::Jail class for your classes, like so:
 
-    class User
-      class Jail < Safemode::Jail
-        allow :name
-      end
-    end
+```ruby
+class User
+  class Jail < Safemode::Jail
+    allow :name
+  end
+end
+```
 
 This will allow your template users to access the name method on your User 
 objects.
@@ -63,12 +67,6 @@ Requires the gems:
 * RubyParser
 * Ruby2Ruby
 
-As of writing RubyParser alters StringIO and thus breaks usage with Rails.
-See http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html
-
-A patch is included that fixes this issue and can be applied to RubyParser.
-See lib/ruby\_parser\_string\_io\_patch.diff
-
 ### Credits
 
 * Sven Fuchs - Initial Maintainer

lib/action_view/template_handlers/safe_haml.rb

@@ -6,7 +6,7 @@ module TemplateHandlers
     class SafeHaml < TemplateHandler
       include Compilable rescue nil # does not exist prior Rails 2.1
       extend SafemodeHandler
-      
+
       def self.line_offset
       3
       end

lib/action_view/template_handlers/safemode_handler.rb

@@ -5,23 +5,23 @@ module SafemodeHandler
       def valid_assigns(assigns)
         assigns = assigns.reject{|key, value| skip_assigns.include?(key) }
       end
-      
+
       def delegate_methods(view)
-        [ :render, :params, :flash ] + 
-        helper_methods(view) + 
+        [ :render, :params, :flash ] +
+        helper_methods(view) +
         ActionController::Routing::Routes.named_routes.helpers
       end
 
       def helper_methods(view)
         view.class.included_modules.collect {|m| m.instance_methods(false) }.flatten.map(&:to_sym)
       end
-      
+
       def skip_assigns
         [ "_cookies", "_flash", "_headers", "_params", "_request",
           "_response", "_session", "before_filter_chain_aborted",
           "ignore_missing_templates", "logger", "request_origin",
           "template", "template_class", "url", "variables_added",
-          "view_paths" ]        
+          "view_paths" ]
       end
     end
   end

lib/haml/safemode.rb

@@ -1,40 +1,40 @@
 require 'haml'
 
-module Haml  
+module Haml
   class Buffer
     class Jail < Safemode::Jail
       allow :push_script, :push_text, :_hamlout, :open_tag
     end
   end
 end
 
-module Haml  
+module Haml
   class Engine
-    def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])        
+    def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])
         @precompiled.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
-        
-        <<-CODE 
+
+        <<-CODE
           buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
           local_assigns = local_assigns.merge :_hamlout => buffer
-          
+
           handler = ActionView::TemplateHandlers::SafeHaml
           assigns = handler.valid_assigns(@template.assigns)
           methods = handler.delegate_methods(self)
           code = %Q(#{code});
-          
+
           box = Safemode::Box.new(self, methods, #{filename.inspect}, 0)
-          box.eval(code, assigns, local_assigns, &lambda{ yield })     
-          buffer.buffer   
+          box.eval(code, assigns, local_assigns, &lambda{ yield })
+          buffer.buffer
         CODE
 
         # preamble =  "buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
         #              local_assigns = local_assigns.merge :_hamlout => buffer
         #              assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) };".gsub("\n", ';')
-        #             
+        #
         # postamble = "box = Safemode::Box.new(self, #{delegate_methods.inspect})
         #              box.eval(code, assigns, local_assigns, &lambda{ yield })
         #              buffer.buffer".gsub("\n", ';')
-        # 
+        #
         # preamble + "code = %Q(#{@precompiled});" + postamble
     end
   end

lib/safemode.rb

@@ -26,7 +26,7 @@ class << self
     def jail(obj)
       find_jail_class(obj.is_a?(Class) ? obj : obj.class).new obj
     end
-    
+
     def find_jail_class(klass)
       while klass != Object
         return klass.const_get('Jail') if klass.const_defined?('Jail')
@@ -35,16 +35,16 @@ def find_jail_class(klass)
       Jail
     end
   end
-    
+
   define_core_jail_classes
-  
+
   class Box
     def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil)
       @delegate = delegate
       @delegate_methods = delegate_methods
       @filename = filename
       @line = line
-    end    
+    end
 
     def eval(code, assigns = {}, locals = {}, &block)
       code = Parser.jail(code)