scinote-web/app/helpers/input_sanitize_helper.rb
ajugo f75265974e
Print protocol smart annotation and table improvements [SCI-6566] (#3925)
* Improve table printing in the print menu [SCI-6566]

* Open smart annotation in new tab for print view [SCI-6566]

* Unify naming of same parameter [SCI-6566]

* Fix typo [SCI-6566]

* Fix hound errors [SCI-6566]
2022-03-29 12:09:33 +02:00

38 lines
1.4 KiB
Ruby

require 'sanitize'
module InputSanitizeHelper
# Rails default ActionController::Base.helpers.sanitize method call
# the ActiveRecord connecton method on the caller object which in
# our cases throws an error when called from not ActiveRecord objects
# such as Datatables
def sanitize_input(html, tags = [], attributes = [])
Sanitize.fragment(
html,
elements: Constants::WHITELISTED_TAGS + tags,
attributes: { all: Constants::WHITELISTED_ATTRIBUTES + attributes },
css: Constants::WHITELISTED_CSS_ATTRIBUTES
).html_safe
end
def escape_input(text)
ERB::Util.html_escape(text)
end
def custom_auto_link(text, options = {})
simple_f = options.fetch(:simple_format) { true }
team = options.fetch(:team) { nil }
wrapper_tag = options.fetch(:wrapper_tag) { {} }
tags = options.fetch(:tags) { [] }
preview_repository = options.fetch(:preview_repository) { false }
format_opt = wrapper_tag.merge(sanitize: false)
base64_encoded_imgs = options.fetch(:base64_encoded_imgs) { false }
text = sanitize_input(text, tags)
text = simple_format(sanitize_input(text), {}, format_opt) if simple_f
auto_link(
custom_link_open_new_tab(smart_annotation_parser(text, team, base64_encoded_imgs, preview_repository)),
link: :urls,
sanitize: false,
html: { target: '_blank' }
).html_safe
end
end