scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-09-07 21:55:20 +08:00
Code Issues Projects Releases Packages Wiki Activity

Initial code commit [SCI-102]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2017-01-02 22:27:12 +01:00
parent 09ef3b3ad5
commit 9c4191a1e0
9 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/helpers/activity_helper.rb
View file

@ -8,6 +8,6 @@ module ActivityHelper
title = truncate(activity_title, length: len)
end
message = message.gsub(/#{activity_title}/, title )
message.html_safe if message
sanitize_input(message.html_safe) if message
end
end

6
app/helpers/application_helper.rb
View file

@ -14,8 +14,10 @@ module ApplicationHelper
def display_tooltip(message, len = Constants::NAME_TRUNCATION_LENGTH)
if message.strip.length > Constants::NAME_TRUNCATION_LENGTH
"<div class='modal-tooltip'>#{truncate(message.strip, length: len)} \
<span class='modal-tooltiptext'>#{message.strip}</span></div>".html_safe
sanitize_input("<div class='modal-tooltip'> \
#{truncate(message.strip, length: len)} \
<span class='modal-tooltiptext'> \
#{message.strip}</span></div>")
else
truncate(message.strip, length: len)
end

2
app/helpers/assets_helper.rb
View file

@ -4,7 +4,7 @@ module AssetsHelper
res = <<-eos
<span
data-status='asset-loading'
data-filename='#{asset.file_file_name}'
data-filename='#{sanitize_input(asset.file_file_name)}'
data-type='#{asset.is_image? ? "image" : "asset"}'
data-present-url='#{file_present_asset_path(asset, format: :json)}'
#{asset.is_image? ? "data-preview-url='" + preview_asset_path(asset) + "'" : ""}'

6
app/helpers/input_sanitize_helper.rb Normal file
View file

@ -0,0 +1,6 @@
module InputSanitizeHelper
def sanitize_input(text)
ActionController::Base.helpers.sanitize(text,
tags: Constants::WHITELISTED_TAGS)
end
end

5
app/helpers/organizations_helper.rb
View file

@ -9,8 +9,9 @@ module OrganizationsHelper
def truncate_organization_name(name, len = Constants::NAME_TRUNCATION_LENGTH)
if name.length > len
"<div class='modal-tooltip'>#{truncate(name, length: len)}
<span class='modal-tooltiptext'>#{name}</span></div>".html_safe
"<div class='modal-tooltip'>#{truncate(sanitize_input(name), length: len)}
<span class='modal-tooltiptext'>#{sanitize_input(name)}</span>
</div>".html_safe
else
name
end

5
app/helpers/protocol_status_helper.rb
View file

@ -5,7 +5,10 @@ module ProtocolStatusHelper
res = ""
res << "<a href=\"#\" data-toggle=\"popover\" data-html=\"true\" "
res << "data-trigger=\"focus\" data-placement=\"bottom\" title=\""
res << protocol_status_popover_title(parent) + "\" data-content=\"" + protocol_status_popover_content(parent) + "\">" + protocol_name(parent) + "</a>"
res << sanitize_input(protocol_status_popover_title(parent)) +
'" data-content="' +
sanitize_input(protocol_status_popover_content(parent)) +
'">' + sanitize_input(protocol_name(parent)) + '</a>'
res.html_safe
end

4
app/views/my_modules/activities/_activity.html.erb
View file

@ -2,6 +2,6 @@
<span class="activity-item-date">
<%= l activity.created_at, format: :full %>
</span>
<span class="activity-item-text"><%= activity.message.html_safe %>
<span class="activity-item-text"><%= sanitize_input(activity.message) %>
</span>
</li>
</li>

2
app/views/reports/elements/_my_module_activity_element.html.erb
View file

@ -30,7 +30,7 @@
</span>
<span class="activity-message">
&nbsp;
<%= activity.message.html_safe %>
<%= sanitize_input(activity.message) %>
</span>
</li>
<% end %>

5
config/initializers/constants.rb
View file

@ -207,6 +207,11 @@ class Constants
'gif', 'jpeg', 'pjpeg', 'png', 'x-png', 'svg+xml', 'bmp'
].freeze
WHITELISTED_TAGS = [
'a', 'b', 'strong', 'i', 'em', 'li', 'ul', 'ol', 'h1',
'h2', 'h3', 'br', 'sub', 'p', 'div', 'span'
].freeze
# Very basic regex to check for validity of emails
BASIC_EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP