2017-01-03 05:27:12 +08:00
|
|
|
module InputSanitizeHelper
|
2017-01-26 17:46:58 +08:00
|
|
|
def sanitize_input(
|
|
|
|
text,
|
|
|
|
tags = [],
|
|
|
|
attributes = []
|
|
|
|
)
|
2017-01-05 22:33:41 +08:00
|
|
|
ActionController::Base.helpers.sanitize(
|
|
|
|
text,
|
2017-01-26 17:46:58 +08:00
|
|
|
tags: Constants::WHITELISTED_TAGS + tags,
|
|
|
|
attributes: Constants::WHITELISTED_ATTRIBUTES + attributes
|
2017-01-05 22:33:41 +08:00
|
|
|
)
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|
2017-01-05 19:51:14 +08:00
|
|
|
|
|
|
|
def escape_input(text)
|
|
|
|
ERB::Util.html_escape(text)
|
|
|
|
end
|
2017-01-12 00:02:17 +08:00
|
|
|
|
2017-01-26 00:15:22 +08:00
|
|
|
def custom_auto_link(text, simple_format = true, org = nil)
|
|
|
|
text = if simple_format
|
|
|
|
simple_format(sanitize_input(text))
|
|
|
|
else
|
|
|
|
sanitize_input(text)
|
|
|
|
end
|
2017-01-24 23:44:56 +08:00
|
|
|
auto_link(
|
2017-01-26 00:15:22 +08:00
|
|
|
smart_annotation_parser(text, org),
|
2017-01-24 23:44:56 +08:00
|
|
|
link: :urls,
|
|
|
|
sanitize: false,
|
|
|
|
html: { target: '_blank' }
|
|
|
|
).html_safe
|
2017-01-12 00:02:17 +08:00
|
|
|
end
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|