From d05c16b0ba4f02912fe716011b197558082dc00e Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Wed, 11 Jan 2017 17:02:17 +0100 Subject: [PATCH] Added auto_link wrapper with custom sanitization [SCI-102] --- .../my_module_comments_controller.rb | 2 +- app/controllers/project_comments_controller.rb | 2 +- app/controllers/result_comments_controller.rb | 2 +- app/controllers/step_comments_controller.rb | 2 +- app/datatables/sample_datatable.rb | 7 ++----- app/helpers/input_sanitize_helper.rb | 5 +++++ app/views/my_module_comments/_comment.html.erb | 7 ++++--- .../my_modules/_description_label.html.erb | 5 ++--- app/views/project_comments/_comment.html.erb | 7 ++++--- app/views/projects/show/_experiment.html.erb | 5 ++--- .../elements/_experiment_element.html.erb | 5 ++--- .../elements/_my_module_element.html.erb | 5 ++--- .../elements/_result_comments_element.html.erb | 6 +++--- .../elements/_result_text_element.html.erb | 5 ++--- .../elements/_step_checklist_element.html.erb | 7 +++---- .../elements/_step_comments_element.html.erb | 6 +++--- .../reports/elements/_step_element.html.erb | 5 ++--- app/views/result_comments/_comment.html.erb | 7 ++++--- app/views/results/_result_text.html.erb | 5 ++--- app/views/step_comments/_comment.html.erb | 7 ++++--- app/views/steps/_step.html.erb | 17 +++++++++-------- 21 files changed, 59 insertions(+), 60 deletions(-) diff --git a/app/controllers/my_module_comments_controller.rb b/app/controllers/my_module_comments_controller.rb index 53220a055..8b5a484ca 100644 --- a/app/controllers/my_module_comments_controller.rb +++ b/app/controllers/my_module_comments_controller.rb @@ -115,7 +115,7 @@ class MyModuleCommentsController < ApplicationController ) ) render json: { - comment: auto_link( + comment: custom_auto_link( simple_format(@comment.message), link: :urls, html: { target: '_blank' } diff --git a/app/controllers/project_comments_controller.rb b/app/controllers/project_comments_controller.rb index 1bf80f85b..c25dba8ab 100644 --- a/app/controllers/project_comments_controller.rb +++ b/app/controllers/project_comments_controller.rb @@ -112,7 +112,7 @@ class ProjectCommentsController < ApplicationController ) ) render json: { - comment: auto_link( + comment: custom_auto_link( simple_format(@comment.message), link: :urls, html: { target: '_blank' } diff --git a/app/controllers/result_comments_controller.rb b/app/controllers/result_comments_controller.rb index e063e306a..505e22c3c 100644 --- a/app/controllers/result_comments_controller.rb +++ b/app/controllers/result_comments_controller.rb @@ -113,7 +113,7 @@ class ResultCommentsController < ApplicationController ) ) render json: { - comment: auto_link( + comment: custom_auto_link( simple_format(@comment.message), link: :urls, html: { target: '_blank' } diff --git a/app/controllers/step_comments_controller.rb b/app/controllers/step_comments_controller.rb index 5c8d3018e..799c60e24 100644 --- a/app/controllers/step_comments_controller.rb +++ b/app/controllers/step_comments_controller.rb @@ -118,7 +118,7 @@ class StepCommentsController < ApplicationController ) end render json: { - comment: auto_link( + comment: custom_auto_link( simple_format(@comment.message), link: :urls, html: { target: '_blank' } diff --git a/app/datatables/sample_datatable.rb b/app/datatables/sample_datatable.rb index 1b200055f..4cbd32ca6 100644 --- a/app/datatables/sample_datatable.rb +++ b/app/datatables/sample_datatable.rb @@ -130,11 +130,8 @@ class SampleDatatable < AjaxDatatablesRails::Base # Add custom attributes record.sample_custom_fields.each do |scf| - sample[@cf_mappings[scf.custom_field_id]] = auto_link(scf.value, - link: :urls, - html: { - target: '_blank' - }) + sample[@cf_mappings[scf.custom_field_id]] = + custom_auto_link(scf.value, link: :urls, html: { target: '_blank' }) end sample end diff --git a/app/helpers/input_sanitize_helper.rb b/app/helpers/input_sanitize_helper.rb index afb46a69d..0ed9271ae 100644 --- a/app/helpers/input_sanitize_helper.rb +++ b/app/helpers/input_sanitize_helper.rb @@ -10,4 +10,9 @@ module InputSanitizeHelper def escape_input(text) ERB::Util.html_escape(text) end + + def custom_auto_link(text, args) + args[:sanitize] = false + sanitize_input(auto_link(text, args)) + end end diff --git a/app/views/my_module_comments/_comment.html.erb b/app/views/my_module_comments/_comment.html.erb index e37c2b3c6..1a009aa4b 100644 --- a/app/views/my_module_comments/_comment.html.erb +++ b/app/views/my_module_comments/_comment.html.erb @@ -39,7 +39,8 @@ <%= comment.user.full_name %>:
-
<%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %>
+
+ <%= custom_auto_link(simple_format(comment.message), + link: :urls, html: { target: '_blank' }) %> +
diff --git a/app/views/my_modules/_description_label.html.erb b/app/views/my_modules/_description_label.html.erb index 28cc40635..8d11d78b3 100644 --- a/app/views/my_modules/_description_label.html.erb +++ b/app/views/my_modules/_description_label.html.erb @@ -1,7 +1,6 @@ <% if @my_module.description.blank? %> <%=t "experiments.canvas.popups.no_description" %> <% else %> - <%= auto_link(simple_format(@my_module.description), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(@my_module.description), + link: :urls, html: { target: '_blank' }) %> <% end %> diff --git a/app/views/project_comments/_comment.html.erb b/app/views/project_comments/_comment.html.erb index 9b7a0b305..25070d368 100644 --- a/app/views/project_comments/_comment.html.erb +++ b/app/views/project_comments/_comment.html.erb @@ -39,7 +39,8 @@ <%= comment.user.full_name %>:
-
<%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %>
+
+ <%= custom_auto_link(simple_format(comment.message), + link: :urls, html: { target: '_blank' }) %> +
diff --git a/app/views/projects/show/_experiment.html.erb b/app/views/projects/show/_experiment.html.erb index 586c0f17c..c7223e187 100644 --- a/app/views/projects/show/_experiment.html.erb +++ b/app/views/projects/show/_experiment.html.erb @@ -49,9 +49,8 @@ <% if experiment.description? %>
- <%= auto_link(simple_format(experiment.description), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(experiment.description), + link: :urls, html: { target: '_blank' }) %>
<% else %> diff --git a/app/views/reports/elements/_experiment_element.html.erb b/app/views/reports/elements/_experiment_element.html.erb index 61560454b..21fc8b939 100644 --- a/app/views/reports/elements/_experiment_element.html.erb +++ b/app/views/reports/elements/_experiment_element.html.erb @@ -27,9 +27,8 @@
<% if experiment.description.present? %> - <%= auto_link(simple_format(experiment.description), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(experiment.description), + link: :urls, html: { target: '_blank' }) %> <% else %> <%=t "projects.reports.elements.experiment.no_description" %> <% end %> diff --git a/app/views/reports/elements/_my_module_element.html.erb b/app/views/reports/elements/_my_module_element.html.erb index 3dcc008f4..0158b6c75 100644 --- a/app/views/reports/elements/_my_module_element.html.erb +++ b/app/views/reports/elements/_my_module_element.html.erb @@ -30,9 +30,8 @@
<% if my_module.description.present? %> - <%= auto_link(simple_format(my_module.description), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(my_module.description), + link: :urls, html: { target: '_blank' }) %> <% else %> <%=t "projects.reports.elements.module.no_description" %> <% end %> diff --git a/app/views/reports/elements/_result_comments_element.html.erb b/app/views/reports/elements/_result_comments_element.html.erb index 9cf568a36..46638895c 100644 --- a/app/views/reports/elements/_result_comments_element.html.erb +++ b/app/views/reports/elements/_result_comments_element.html.erb @@ -31,9 +31,9 @@   - <%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(comment.message), + link: :urls, + html: { target: '_blank' }) %> <% end %> diff --git a/app/views/reports/elements/_result_text_element.html.erb b/app/views/reports/elements/_result_text_element.html.erb index ef2f4515d..891b2c23e 100644 --- a/app/views/reports/elements/_result_text_element.html.erb +++ b/app/views/reports/elements/_result_text_element.html.erb @@ -23,9 +23,8 @@
- <%= auto_link(result_text.text, - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(result_text.text, + link: :urls, html: { target: '_blank' }) %>
diff --git a/app/views/reports/elements/_step_checklist_element.html.erb b/app/views/reports/elements/_step_checklist_element.html.erb index 1308ed95e..5e54645ae 100644 --- a/app/views/reports/elements/_step_checklist_element.html.erb +++ b/app/views/reports/elements/_step_checklist_element.html.erb @@ -24,10 +24,9 @@
  • /> - <%= auto_link(simple_format(item.text), - link: :urls, - html: { target: '_blank' }) %> - + <%= custom_auto_link(simple_format(item.text), + link: :urls, html: { target: '_blank' }) %> +
    • <% end %> diff --git a/app/views/reports/elements/_step_comments_element.html.erb b/app/views/reports/elements/_step_comments_element.html.erb index 7bacca06f..9ba6436c0 100644 --- a/app/views/reports/elements/_step_comments_element.html.erb +++ b/app/views/reports/elements/_step_comments_element.html.erb @@ -31,9 +31,9 @@   - <%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(comment.message), + link: :urls, + html: { target: '_blank' }) %> <% end %> diff --git a/app/views/reports/elements/_step_element.html.erb b/app/views/reports/elements/_step_element.html.erb index ffadb3c5f..85fb64ed9 100644 --- a/app/views/reports/elements/_step_element.html.erb +++ b/app/views/reports/elements/_step_element.html.erb @@ -27,9 +27,8 @@
    <% if strip_tags(step.description).present? %> - <%= auto_link(step.description, - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(step.description, + link: :urls, html: { target: '_blank' }) %> <% else %> <%=t "projects.reports.elements.step.no_description" %> <% end %> diff --git a/app/views/result_comments/_comment.html.erb b/app/views/result_comments/_comment.html.erb index f1c2e7343..3603b90bb 100644 --- a/app/views/result_comments/_comment.html.erb +++ b/app/views/result_comments/_comment.html.erb @@ -40,7 +40,8 @@ <% end %>
    -
    <%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %>
    +
    + <%= custom_auto_link(simple_format(comment.message), + link: :urls, html: { target: '_blank' }) %> +
    diff --git a/app/views/results/_result_text.html.erb b/app/views/results/_result_text.html.erb index 640303db8..560361cf5 100644 --- a/app/views/results/_result_text.html.erb +++ b/app/views/results/_result_text.html.erb @@ -1,5 +1,4 @@
    - <%= auto_link(result.result_text.text, - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(result.result_text.text, + link: :urls, html: { target: '_blank' }) %>
    diff --git a/app/views/step_comments/_comment.html.erb b/app/views/step_comments/_comment.html.erb index 454817e5e..f1500a105 100644 --- a/app/views/step_comments/_comment.html.erb +++ b/app/views/step_comments/_comment.html.erb @@ -40,7 +40,8 @@ <% end %>
    -
    <%= auto_link(simple_format(comment.message), - link: :urls, - html: { target: '_blank' }) %>
    +
    + <%= custom_auto_link(simple_format(comment.message), + link: :urls, html: { target: '_blank' }) %> +
    diff --git a/app/views/steps/_step.html.erb b/app/views/steps/_step.html.erb index 51a5b2e0b..5698c11c9 100644 --- a/app/views/steps/_step.html.erb +++ b/app/views/steps/_step.html.erb @@ -37,9 +37,8 @@ <%= t("protocols.steps.no_description") %> <% else %>
    - <%= auto_link(step.description, - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(step.description, + link: :urls, html: { target: '_blank' }) %>
    <% end %>
    @@ -88,9 +87,11 @@ <% unless step.checklists.blank? then %>
    <% step.checklists.each do |checklist| %> - <%= auto_link(simple_format(checklist.name), + + <%= custom_auto_link(simple_format(checklist.name), link: :urls, - html: { target: '_blank' }) %> + html: { target: '_blank' }) %> + <% if checklist.checklist_items.empty? %>
    <%= t("protocols.steps.empty_checklist") %> @@ -104,9 +105,9 @@ <% else %> <% end %> - <%= auto_link(simple_format(checklist_item.text), - link: :urls, - html: { target: '_blank' }) %> + <%= custom_auto_link(simple_format(checklist_item.text), + link: :urls, + html: { target: '_blank' }) %>
    <% end %>