scinote-web/app/helpers/input_sanitize_helper.rb

module InputSanitizeHelper
  def sanitize_input(text)
    ActionController::Base.helpers.sanitize(
      text,
      tags: Constants::WHITELISTED_TAGS,
      attributes: Constants::WHITELISTED_ATTRIBUTES
    )
  end

  def escape_input(text)
    ERB::Util.html_escape(text)
  end

  def custom_auto_link(text, args)
    args[:sanitize] = false
    auto_link(sanitize_input(text), args)
  end
end
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`module InputSanitizeHelper`
			`def sanitize_input(text)`
Add list of whitelisted attributes [SCI-102] 2017-01-05 22:33:41 +08:00			`ActionController::Base.helpers.sanitize(`
			`text,`
			`tags: Constants::WHITELISTED_TAGS,`
			`attributes: Constants::WHITELISTED_ATTRIBUTES`
			`)`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`
Add user input sanitizing in the models [SCI-102] 2017-01-05 19:51:14 +08:00
			`def escape_input(text)`
			`ERB::Util.html_escape(text)`
			`end`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00
			`def custom_auto_link(text, args)`
			`args[:sanitize] = false`
Merge branch 'smart-annotations' Conflicts: app/assets/javascripts/comments.js.erb app/assets/javascripts/protocols/index.js app/assets/javascripts/protocols/steps.js.erb app/assets/javascripts/samples/sample_datatable.js.erb app/controllers/my_module_comments_controller.rb app/controllers/project_comments_controller.rb app/controllers/result_comments_controller.rb app/controllers/step_comments_controller.rb app/datatables/sample_datatable.rb app/views/my_module_comments/_comment.html.erb app/views/project_comments/_comment.html.erb app/views/projects/show/_experiment.html.erb app/views/reports/elements/_experiment_element.html.erb app/views/reports/elements/_result_comments_element.html.erb app/views/reports/elements/_result_text_element.html.erb app/views/reports/elements/_step_checklist_element.html.erb app/views/reports/elements/_step_comments_element.html.erb app/views/reports/elements/_step_element.html.erb app/views/result_comments/_comment.html.erb app/views/results/_result_text.html.erb app/views/step_comments/_comment.html.erb app/views/steps/_step.html.erb db/schema.rb 2017-01-24 21:33:23 +08:00			`auto_link(sanitize_input(text), args)`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00			`end`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`