scinote-web/app/helpers/activity_helper.rb
okriuchykhin 02bfd19d1c Merge pull request #385 from okriuchykhin/ok_SCI_102
Fix XSS on activites and throghout the rest of app [SCI-102]
2017-01-16 11:41:38 +01:00

17 lines
602 B
Ruby

module ActivityHelper
def activity_truncate(message, len = Constants::NAME_TRUNCATION_LENGTH)
activity_title = message.match(/<strong>(.*?)<\/strong>/)[1]
if activity_title.length > Constants::NAME_TRUNCATION_LENGTH
title = "<div class='modal-tooltip'>#{truncate(activity_title, length: len)}
<span class='modal-tooltiptext'>#{activity_title}</span></div>"
else
title = truncate(activity_title, length: len)
end
message = message.gsub(/#{activity_title}/, title )
sanitize_input(message) if message
end
def days_since_1970(dt)
dt.to_i / 86400
end
end