2017-05-10 20:57:11 +08:00
|
|
|
require 'sanitize'
|
|
|
|
|
2017-01-03 05:27:12 +08:00
|
|
|
module InputSanitizeHelper
|
2017-05-10 20:57:11 +08:00
|
|
|
# Rails default ActionController::Base.helpers.sanitize method call
|
|
|
|
# the ActiveRecord connecton method on the caller object which in
|
|
|
|
# our cases throws an error when called from not ActiveRecord objects
|
2017-05-10 21:33:33 +08:00
|
|
|
# such as SamplesDatatables
|
2017-05-11 17:36:47 +08:00
|
|
|
def sanitize_input(html, tags = [], attributes = [])
|
2017-05-10 20:57:11 +08:00
|
|
|
Sanitize.fragment(
|
2017-05-11 17:36:47 +08:00
|
|
|
html,
|
2017-05-10 21:33:33 +08:00
|
|
|
elements: Constants::WHITELISTED_TAGS + tags,
|
2017-05-11 17:36:47 +08:00
|
|
|
attributes: { all: Constants::WHITELISTED_ATTRIBUTES + attributes },
|
|
|
|
css: Constants::WHITELISTED_CSS_ATTRIBUTES
|
|
|
|
).html_safe
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|
2017-01-05 19:51:14 +08:00
|
|
|
|
|
|
|
def escape_input(text)
|
|
|
|
ERB::Util.html_escape(text)
|
|
|
|
end
|
2017-01-12 00:02:17 +08:00
|
|
|
|
2017-04-19 15:11:52 +08:00
|
|
|
def custom_auto_link(text, options = {})
|
2017-05-09 17:25:00 +08:00
|
|
|
simple_f = options.fetch(:simple_format) { true }
|
|
|
|
team = options.fetch(:team) { nil }
|
2017-04-19 15:11:52 +08:00
|
|
|
wrapper_tag = options.fetch(:wrapper_tag) { {} }
|
|
|
|
tags = options.fetch(:tags) { [] }
|
2017-05-11 17:36:47 +08:00
|
|
|
format_opt = wrapper_tag.merge(sanitize: false)
|
2017-05-09 17:25:00 +08:00
|
|
|
text = sanitize_input(text, tags)
|
2017-05-11 17:36:47 +08:00
|
|
|
text = simple_format(sanitize_input(text), {}, format_opt) if simple_f
|
2017-01-24 23:44:56 +08:00
|
|
|
auto_link(
|
2017-04-19 15:11:52 +08:00
|
|
|
smart_annotation_parser(text, team),
|
2017-01-24 23:44:56 +08:00
|
|
|
link: :urls,
|
|
|
|
sanitize: false,
|
|
|
|
html: { target: '_blank' }
|
|
|
|
).html_safe
|
2017-01-12 00:02:17 +08:00
|
|
|
end
|
2017-01-03 05:27:12 +08:00
|
|
|
end
|