mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-03-01 02:05:41 +08:00
Also employ "no format" Nokogiri strategy when sanitizing
Closes SCI-691.
This commit is contained in:
parent
fc32aa8606
commit
08c6210f7c
2 changed files with 20 additions and 5 deletions
app
17
app/helpers/quill_js_helper.rb
Normal file
17
app/helpers/quill_js_helper.rb
Normal file
|
@ -0,0 +1,17 @@
|
|||
module QuillJsHelper
|
||||
def sanitize_quill_js_input(input)
|
||||
require "#{Rails.root}/app/utilities/scrubbers/quill_js_scrubber"
|
||||
|
||||
# We need to disable formatting to prevent unwanted \n
|
||||
# symbols from creeping into sanitized HTML (which
|
||||
# cause unwanted new lines when rendered in Quill.js)
|
||||
disable_formatting =
|
||||
Nokogiri::XML::Node::SaveOptions::DEFAULT_HTML ^
|
||||
Nokogiri::XML::Node::SaveOptions::FORMAT
|
||||
|
||||
Loofah
|
||||
.fragment(input)
|
||||
.scrub!(QuillJsScrubber.new)
|
||||
.to_html(save_with: disable_formatting)
|
||||
end
|
||||
end
|
|
@ -1,6 +1,5 @@
|
|||
module ProtocolsImporter
|
||||
require 'scrubbers/quill_js_scrubber'
|
||||
include RenamingUtil
|
||||
include RenamingUtil, QuillJsHelper
|
||||
|
||||
def import_new_protocol(protocol_json, organization, type, user)
|
||||
remove_empty_inputs(protocol_json)
|
||||
|
@ -55,9 +54,8 @@ module ProtocolsImporter
|
|||
step = Step.create!(
|
||||
name: step_json["name"],
|
||||
description: # Sanitize description HTML
|
||||
ActionController::Base.helpers.sanitize(
|
||||
step_json['description'],
|
||||
scrubber: QuillJsScrubber.new
|
||||
sanitize_quill_js_input(
|
||||
step_json['description']
|
||||
),
|
||||
position: step_pos,
|
||||
completed: false,
|
||||
|
|
Loading…
Reference in a new issue