From 30cb9b0697c90682b77395dcaf99c97aef160a3e Mon Sep 17 00:00:00 2001
From: artoscinote <85488244+artoscinote@users.noreply.github.com>
Date: Tue, 29 Aug 2023 13:50:43 +0200
Subject: [PATCH] Fix RTE images in exports [SCI-9164] (#6095)

---
 app/helpers/input_sanitize_helper.rb                  | 11 ++++++++---
 .../reports/elements/_my_module_element.html.erb      |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/helpers/input_sanitize_helper.rb b/app/helpers/input_sanitize_helper.rb
index 444291e33..b7e6f6d5e 100644
--- a/app/helpers/input_sanitize_helper.rb
+++ b/app/helpers/input_sanitize_helper.rb
@@ -4,8 +4,8 @@ require 'sanitize'
 require 'cgi'
 
 module InputSanitizeHelper
-  def sanitize_input(html, _tags = [], _attributes = [])
-    Sanitize.fragment(html, Constants::INPUT_SANITIZE_CONFIG).html_safe
+  def sanitize_input(html, _tags = [], _attributes = [], sanitizer_config: Constants::INPUT_SANITIZE_CONFIG)
+    Sanitize.fragment(html, sanitizer_config).html_safe
   end
 
   def escape_input(text)
@@ -25,7 +25,12 @@ module InputSanitizeHelper
     format_opt = wrapper_tag.merge(sanitize: false)
     base64_encoded_imgs = options.fetch(:base64_encoded_imgs, false)
     text = simple_format(text, {}, format_opt) if simple_f
-    text = sanitize_input(text, tags)
+
+    # allow base64 images when sanitizing if base64_encoded_imgs is true
+    sanitizer_config = Constants::INPUT_SANITIZE_CONFIG.deep_dup
+    sanitizer_config[:protocols]['img']['src'] << 'data' if options.fetch(:base64_encoded_imgs, false)
+    text = sanitize_input(text, tags, sanitizer_config: sanitizer_config)
+
     if text =~ SmartAnnotations::TagToHtml::USER_REGEX || text =~ SmartAnnotations::TagToHtml::REGEX
       text = smart_annotation_parser(text, team, base64_encoded_imgs, preview_repository)
     end
diff --git a/app/views/reports/elements/_my_module_element.html.erb b/app/views/reports/elements/_my_module_element.html.erb
index 4284bffac..b69d2e714 100644
--- a/app/views/reports/elements/_my_module_element.html.erb
+++ b/app/views/reports/elements/_my_module_element.html.erb
@@ -59,7 +59,7 @@
     </div>
   </div>
   <div class="report-element-children">
-    <%= render partial: 'reports/elements/my_module_protocol_element', locals: { protocol: my_module.protocol } %>
+    <%= render partial: 'reports/elements/my_module_protocol_element', locals: { protocol: my_module.protocol, export_all: export_all } %>
 
     <% filter_steps_for_report(my_module.protocol.steps, @settings).order(:position).each do |step| %>
       <%= render partial: 'reports/elements/my_module_step_element', locals: { step: step, export_all: export_all } %>