Also employ "no format" Nokogiri strategy when sanitizing

Closes SCI-691.
This commit is contained in:
Luka Murn 2016-11-17 16:11:43 +01:00
parent fc32aa8606
commit 08c6210f7c
2 changed files with 20 additions and 5 deletions

View file

@ -0,0 +1,17 @@
module QuillJsHelper
def sanitize_quill_js_input(input)
require "#{Rails.root}/app/utilities/scrubbers/quill_js_scrubber"
# We need to disable formatting to prevent unwanted \n
# symbols from creeping into sanitized HTML (which
# cause unwanted new lines when rendered in Quill.js)
disable_formatting =
Nokogiri::XML::Node::SaveOptions::DEFAULT_HTML ^
Nokogiri::XML::Node::SaveOptions::FORMAT
Loofah
.fragment(input)
.scrub!(QuillJsScrubber.new)
.to_html(save_with: disable_formatting)
end
end

View file

@ -1,6 +1,5 @@
module ProtocolsImporter
require 'scrubbers/quill_js_scrubber'
include RenamingUtil
include RenamingUtil, QuillJsHelper
def import_new_protocol(protocol_json, organization, type, user)
remove_empty_inputs(protocol_json)
@ -55,9 +54,8 @@ module ProtocolsImporter
step = Step.create!(
name: step_json["name"],
description: # Sanitize description HTML
ActionController::Base.helpers.sanitize(
step_json['description'],
scrubber: QuillJsScrubber.new
sanitize_quill_js_input(
step_json['description']
),
position: step_pos,
completed: false,