2023-03-09 18:38:47 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-05-10 20:57:11 +08:00
|
|
|
require 'sanitize'
|
2023-05-03 22:08:46 +08:00
|
|
|
require 'cgi'
|
2017-05-10 20:57:11 +08:00
|
|
|
|
2017-01-03 05:27:12 +08:00
|
|
|
module InputSanitizeHelper
|
2023-08-29 19:50:43 +08:00
|
|
|
def sanitize_input(html, _tags = [], _attributes = [], sanitizer_config: Constants::INPUT_SANITIZE_CONFIG)
|
|
|
|
Sanitize.fragment(html, sanitizer_config).html_safe
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|
2017-01-05 19:51:14 +08:00
|
|
|
|
|
|
|
def escape_input(text)
|
|
|
|
ERB::Util.html_escape(text)
|
|
|
|
end
|
2017-01-12 00:02:17 +08:00
|
|
|
|
2023-05-03 22:08:46 +08:00
|
|
|
def unescape_input(text)
|
|
|
|
CGI.unescapeHTML(text)
|
|
|
|
end
|
|
|
|
|
2017-04-19 15:11:52 +08:00
|
|
|
def custom_auto_link(text, options = {})
|
2022-07-25 21:39:11 +08:00
|
|
|
simple_f = options.fetch(:simple_format, true)
|
|
|
|
team = options.fetch(:team, nil)
|
2017-04-19 15:11:52 +08:00
|
|
|
wrapper_tag = options.fetch(:wrapper_tag) { {} }
|
|
|
|
tags = options.fetch(:tags) { [] }
|
2022-07-25 21:39:11 +08:00
|
|
|
preview_repository = options.fetch(:preview_repository, false)
|
2017-05-11 17:36:47 +08:00
|
|
|
format_opt = wrapper_tag.merge(sanitize: false)
|
2022-07-25 21:39:11 +08:00
|
|
|
base64_encoded_imgs = options.fetch(:base64_encoded_imgs, false)
|
|
|
|
text = simple_format(text, {}, format_opt) if simple_f
|
2023-08-29 19:50:43 +08:00
|
|
|
|
|
|
|
# allow base64 images when sanitizing if base64_encoded_imgs is true
|
|
|
|
sanitizer_config = Constants::INPUT_SANITIZE_CONFIG.deep_dup
|
|
|
|
sanitizer_config[:protocols]['img']['src'] << 'data' if options.fetch(:base64_encoded_imgs, false)
|
|
|
|
text = sanitize_input(text, tags, sanitizer_config: sanitizer_config)
|
|
|
|
|
2023-01-16 17:46:35 +08:00
|
|
|
if text =~ SmartAnnotations::TagToHtml::USER_REGEX || text =~ SmartAnnotations::TagToHtml::REGEX
|
|
|
|
text = smart_annotation_parser(text, team, base64_encoded_imgs, preview_repository)
|
|
|
|
end
|
2017-01-24 23:44:56 +08:00
|
|
|
auto_link(
|
2023-01-16 17:46:35 +08:00
|
|
|
text,
|
|
|
|
html: { target: '_blank' },
|
2017-01-24 23:44:56 +08:00
|
|
|
link: :urls,
|
2023-01-16 17:46:35 +08:00
|
|
|
sanitize: false
|
2017-01-24 23:44:56 +08:00
|
|
|
).html_safe
|
2017-01-12 00:02:17 +08:00
|
|
|
end
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|