scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-28 11:14:24 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add list of whitelisted attributes [SCI-102]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2017-01-05 15:33:41 +01:00
parent 6487bd788a
commit 1009347026
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/helpers/input_sanitize_helper.rb
View file

@ -1,7 +1,10 @@
module InputSanitizeHelper
def sanitize_input(text)
ActionController::Base.helpers.sanitize(text,
tags: Constants::WHITELISTED_TAGS)
ActionController::Base.helpers.sanitize(
text,
tags: Constants::WHITELISTED_TAGS,
attributes: Constants::WHITELISTED_ATTRIBUTES
)
end
def escape_input(text)

4
config/initializers/constants.rb
View file

@ -213,6 +213,10 @@ class Constants
'div', 'span', 'u', 's', 'blockquote', 'pre'
].freeze
WHITELISTED_ATTRIBUTES = [
'href', 'src', 'width', 'height', 'alt', 'cite', 'datetime', 'title',
'class', 'name', 'xml:lang', 'abbr', 'style'
]
# Very basic regex to check for validity of emails
BASIC_EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP