scinote-web/app/helpers/input_sanitize_helper.rb

module InputSanitizeHelper
  def sanitize_input(
    text,
    tags = [],
    attributes = []
  )
    ActionController::Base.helpers.sanitize(
      text,
      tags: Constants::WHITELISTED_TAGS + tags,
      attributes: Constants::WHITELISTED_ATTRIBUTES + attributes
    )
  end

  def escape_input(text)
    ERB::Util.html_escape(text)
  end

  def custom_auto_link(text, options = {})
    simple_f = options.fetch(:simple_format) { true }
    team = options.fetch(:team) { nil }
    wrapper_tag = options.fetch(:wrapper_tag) { {} }
    tags = options.fetch(:tags) { [] }
    fromat_opt = wrapper_tag.merge(sanitize: false)
    text = sanitize_input(text, tags)
    text = simple_format(sanitize_input(text), {}, fromat_opt) if simple_f
    auto_link(
      smart_annotation_parser(text, team),
      link: :urls,
      sanitize: false,
      html: { target: '_blank' }
    ).html_safe
  end
end
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`module InputSanitizeHelper`
Re-display images & checkboxes in PDF reports Closes SCI-953. 2017-01-26 17:46:58 +08:00			`def sanitize_input(`
			`text,`
			`tags = [],`
			`attributes = []`
			`)`
Add list of whitelisted attributes [SCI-102] 2017-01-05 22:33:41 +08:00			`ActionController::Base.helpers.sanitize(`
			`text,`
Re-display images & checkboxes in PDF reports Closes SCI-953. 2017-01-26 17:46:58 +08:00			`tags: Constants::WHITELISTED_TAGS + tags,`
			`attributes: Constants::WHITELISTED_ATTRIBUTES + attributes`
Add list of whitelisted attributes [SCI-102] 2017-01-05 22:33:41 +08:00			`)`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`
Add user input sanitizing in the models [SCI-102] 2017-01-05 19:51:14 +08:00
			`def escape_input(text)`
			`ERB::Util.html_escape(text)`
			`end`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00
add tinymce img importer and refactor input sanitize helper 2017-04-19 15:11:52 +08:00			`def custom_auto_link(text, options = {})`
fix samples bug [SCI-1241] 2017-05-09 17:25:00 +08:00			`simple_f = options.fetch(:simple_format) { true }`
			`team = options.fetch(:team) { nil }`
add tinymce img importer and refactor input sanitize helper 2017-04-19 15:11:52 +08:00			`wrapper_tag = options.fetch(:wrapper_tag) { {} }`
			`tags = options.fetch(:tags) { [] }`
fix samples bug [SCI-1241] 2017-05-09 17:25:00 +08:00			`fromat_opt = wrapper_tag.merge(sanitize: false)`
			`text = sanitize_input(text, tags)`
			`text = simple_format(sanitize_input(text), {}, fromat_opt) if simple_f`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`auto_link(`
add tinymce img importer and refactor input sanitize helper 2017-04-19 15:11:52 +08:00			`smart_annotation_parser(text, team),`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`link: :urls,`
			`sanitize: false,`
			`html: { target: '_blank' }`
			`).html_safe`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00			`end`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`