From 83160a487bd45478ea478a0de180d11ab5caa27a Mon Sep 17 00:00:00 2001
From: Luka Murn <luka.murn@biosistemika.com>
Date: Tue, 15 Nov 2016 16:57:36 +0100
Subject: [PATCH 1/2] Fix importer so it supports rendering & importing rich
 text format

Closes SCI-674.
---
 .../javascripts/protocols/import_export/import.js.erb       | 6 +++---
 .../protocols/import_export/_preview_templates.html.erb     | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/protocols/import_export/import.js.erb b/app/assets/javascripts/protocols/import_export/import.js.erb
index 1ff9df895..ae08873c0 100644
--- a/app/assets/javascripts/protocols/import_export/import.js.erb
+++ b/app/assets/javascripts/protocols/import_export/import.js.erb
@@ -60,7 +60,7 @@ function importProtocolFromFile(
     // Populate values in the template
     if (values !== null) {
       _.each(values, function(val, key) {
-        template.find("[data-val='" + key + "']").text(val);
+        template.find("[data-val='" + key + "']").append(val);
       });
     }
 
@@ -134,7 +134,7 @@ function importProtocolFromFile(
       var stepGuid = node.attr("guid");
       var stepPosition = String(Number.parseInt(node.attr("position")) + 1);
       var stepName = node.children("name").text();
-      var stepDescription = node.children("description").text();
+      var stepDescription = $(node.children("description")).html();
 
       // Generate step element
       var stepEl = newPreviewElement(
@@ -431,7 +431,7 @@ function importProtocolFromFile(
       stepJson.id = stepId;
       stepJson.position = $(this).attr("position");
       stepJson.name = $(this).children("name").text();
-      stepJson.description = $(this).children("description").text();
+      stepJson.description = $(this).children("description").html();
 
       // Iterate through assets
       var stepAssetsJson = [];
diff --git a/app/views/protocols/import_export/_preview_templates.html.erb b/app/views/protocols/import_export/_preview_templates.html.erb
index 29aead7fc..a7183f488 100644
--- a/app/views/protocols/import_export/_preview_templates.html.erb
+++ b/app/views/protocols/import_export/_preview_templates.html.erb
@@ -14,7 +14,7 @@
   <br>
   <div class="tab-content">
     <div class="tab-pane active" role="tabpanel">
-      <span data-val="description"></span>
+      <div data-val="description"></div>
       <hr>
       <div class="row">
         <div data-toggle="tables" class="col-xs-12">

From 29f0557d3c4b210805e2896540b97801b3fdb3c6 Mon Sep 17 00:00:00 2001
From: Luka Murn <luka.murn@biosistemika.com>
Date: Tue, 15 Nov 2016 17:06:39 +0100
Subject: [PATCH 2/2] Prevent CORS when importing protocols

---
 app/utilities/protocols_importer.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/utilities/protocols_importer.rb b/app/utilities/protocols_importer.rb
index 0c3e64359..50a9466d5 100644
--- a/app/utilities/protocols_importer.rb
+++ b/app/utilities/protocols_importer.rb
@@ -53,7 +53,8 @@ module ProtocolsImporter
       protocol_json['steps'].values.each do |step_json|
       step = Step.create!(
         name: step_json["name"],
-        description: step_json["description"],
+        description: # Sanitize description HTML
+          ActionController::Base.helpers.sanitize(step_json['description']),
         position: step_pos,
         completed: false,
         user: user,