scinote-web/app/helpers/input_sanitize_helper.rb

require 'sanitize'

module InputSanitizeHelper
  # Rails default ActionController::Base.helpers.sanitize method call
  # the ActiveRecord connecton method on the caller object which in
  # our cases throws an error when called from not ActiveRecord objects
  # such as Datatables
  def sanitize_input(html, tags = [], attributes = [])
    Sanitize.fragment(
      html,
      elements: Constants::WHITELISTED_TAGS + tags,
      attributes: { all: Constants::WHITELISTED_ATTRIBUTES + attributes },
      css: Constants::WHITELISTED_CSS_ATTRIBUTES
    ).html_safe
  end

  def escape_input(text)
    ERB::Util.html_escape(text)
  end

  def custom_auto_link(text, options = {})
    simple_f = options.fetch(:simple_format) { true }
    team = options.fetch(:team) { nil }
    wrapper_tag = options.fetch(:wrapper_tag) { {} }
    tags = options.fetch(:tags) { [] }
    preview_repository = options.fetch(:preview_repository) { false }
    format_opt = wrapper_tag.merge(sanitize: false)
    base64_encoded_imgs = options.fetch(:base64_encoded_imgs) { false }
    text = sanitize_input(text, tags)
    text = simple_format(sanitize_input(text), {}, format_opt) if simple_f
    auto_link(
      custom_link_open_new_tab(smart_annotation_parser(text, team, base64_encoded_imgs, preview_repository)),
      link: :urls,
      sanitize: false,
      html: { target: '_blank' }
    ).html_safe
  end
end
fixes input sanitize method [fixes SCI-1248] 2017-05-10 20:57:11 +08:00			`require 'sanitize'`

Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`module InputSanitizeHelper`
fixes input sanitize method [fixes SCI-1248] 2017-05-10 20:57:11 +08:00			`# Rails default ActionController::Base.helpers.sanitize method call`
			`# the ActiveRecord connecton method on the caller object which in`
			`# our cases throws an error when called from not ActiveRecord objects`
Cherry-picked commit from ZZ (and LM)'s various changes 2019-01-07 20:29:17 +08:00			`# such as Datatables`
replace all ActionController::Base.helpers.sanitize calls with custom sanitize_input method [fixes SCI-1241] 2017-05-11 17:36:47 +08:00			`def sanitize_input(html, tags = [], attributes = [])`
fixes input sanitize method [fixes SCI-1248] 2017-05-10 20:57:11 +08:00			`Sanitize.fragment(`
replace all ActionController::Base.helpers.sanitize calls with custom sanitize_input method [fixes SCI-1241] 2017-05-11 17:36:47 +08:00			`html,`
add constants 2017-05-10 21:33:33 +08:00			`elements: Constants::WHITELISTED_TAGS + tags,`
replace all ActionController::Base.helpers.sanitize calls with custom sanitize_input method [fixes SCI-1241] 2017-05-11 17:36:47 +08:00			`attributes: { all: Constants::WHITELISTED_ATTRIBUTES + attributes },`
			`css: Constants::WHITELISTED_CSS_ATTRIBUTES`
			`).html_safe`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`
Add user input sanitizing in the models [SCI-102] 2017-01-05 19:51:14 +08:00
			`def escape_input(text)`
			`ERB::Util.html_escape(text)`
			`end`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00
add tinymce img importer and refactor input sanitize helper 2017-04-19 15:11:52 +08:00			`def custom_auto_link(text, options = {})`
fix samples bug [SCI-1241] 2017-05-09 17:25:00 +08:00			`simple_f = options.fetch(:simple_format) { true }`
			`team = options.fetch(:team) { nil }`
add tinymce img importer and refactor input sanitize helper 2017-04-19 15:11:52 +08:00			`wrapper_tag = options.fetch(:wrapper_tag) { {} }`
			`tags = options.fetch(:tags) { [] }`
Print protocol smart annotation and table improvements [SCI-6566] (#3925) * Improve table printing in the print menu [SCI-6566] * Open smart annotation in new tab for print view [SCI-6566] * Unify naming of same parameter [SCI-6566] * Fix typo [SCI-6566] * Fix hound errors [SCI-6566] 2022-03-29 18:09:33 +08:00			`preview_repository = options.fetch(:preview_repository) { false }`
replace all ActionController::Base.helpers.sanitize calls with custom sanitize_input method [fixes SCI-1241] 2017-05-11 17:36:47 +08:00			`format_opt = wrapper_tag.merge(sanitize: false)`
Fix TinyMCE images and avatars for export all [SCI-4107] 2019-12-05 20:27:17 +08:00			`base64_encoded_imgs = options.fetch(:base64_encoded_imgs) { false }`
fix samples bug [SCI-1241] 2017-05-09 17:25:00 +08:00			`text = sanitize_input(text, tags)`
replace all ActionController::Base.helpers.sanitize calls with custom sanitize_input method [fixes SCI-1241] 2017-05-11 17:36:47 +08:00			`text = simple_format(sanitize_input(text), {}, format_opt) if simple_f`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`auto_link(`
Print protocol smart annotation and table improvements [SCI-6566] (#3925) * Improve table printing in the print menu [SCI-6566] * Open smart annotation in new tab for print view [SCI-6566] * Unify naming of same parameter [SCI-6566] * Fix typo [SCI-6566] * Fix hound errors [SCI-6566] 2022-03-29 18:09:33 +08:00			`custom_link_open_new_tab(smart_annotation_parser(text, team, base64_encoded_imgs, preview_repository)),`
Refactor smart annotation/auto_link/simple_format rendering [SCI-940] 2017-01-24 23:44:56 +08:00			`link: :urls,`
			`sanitize: false,`
			`html: { target: '_blank' }`
			`).html_safe`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00			`end`
Initial code commit [SCI-102] 2017-01-03 05:27:12 +08:00			`end`