scinote-web/app/helpers/input_sanitize_helper.rb

module InputSanitizeHelper
  def sanitize_input(
    text,
    tags = [],
    attributes = []
  )
    ActionController::Base.helpers.sanitize(
      text,
      tags: Constants::WHITELISTED_TAGS + tags,
      attributes: Constants::WHITELISTED_ATTRIBUTES + attributes
    )
  end

  def escape_input(text)
    ERB::Util.html_escape(text)
  end

  def custom_auto_link(text, simple_format = true, org = nil, wrapper_tag = {})
    text = if simple_format
             simple_format(sanitize_input(text), {}, wrapper_tag)
           else
             sanitize_input(text)
           end
    auto_link(
      smart_annotation_parser(text, org),
      link: :urls,
      sanitize: false,
      html: { target: '_blank' }
    ).html_safe
  end
end
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`module InputSanitizeHelper`
Re-display images & checkboxes in PDF reports Closes SCI-953. 2017-01-26 17:46:58 +08:00			`def sanitize_input(`
			`text,`
			`tags = [],`
			`attributes = []`
			`)`
Add list of whitelisted attributes [SCI-102] 2017-01-05 22:33:41 +08:00			`ActionController::Base.helpers.sanitize(`
			`text,`
Re-display images & checkboxes in PDF reports Closes SCI-953. 2017-01-26 17:46:58 +08:00			`tags: Constants::WHITELISTED_TAGS + tags,`
			`attributes: Constants::WHITELISTED_ATTRIBUTES + attributes`
Add list of whitelisted attributes [SCI-102] 2017-01-05 22:33:41 +08:00			`)`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`
Add user input sanitizing in the models [SCI-102] 2017-01-05 19:51:14 +08:00
			`def escape_input(text)`
			`ERB::Util.html_escape(text)`
			`end`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00
fix report - checklist items are in separate row than checkboxes 2017-02-22 22:51:26 +08:00			`def custom_auto_link(text, simple_format = true, org = nil, wrapper_tag = {})`
Add flag to disable simple_format in custom_auto_link [SCI-940] 2017-01-26 00:15:22 +08:00			`text = if simple_format`
fix report - checklist items are in separate row than checkboxes 2017-02-22 22:51:26 +08:00			`simple_format(sanitize_input(text), {}, wrapper_tag)`
Add flag to disable simple_format in custom_auto_link [SCI-940] 2017-01-26 00:15:22 +08:00			`else`
			`sanitize_input(text)`
			`end`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`auto_link(`
Add flag to disable simple_format in custom_auto_link [SCI-940] 2017-01-26 00:15:22 +08:00			`smart_annotation_parser(text, org),`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`link: :urls,`
			`sanitize: false,`
			`html: { target: '_blank' }`
			`).html_safe`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00			`end`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`