trabajo-afectivo/app/models/concerns/checks_html_sanitized.rb

51 lines
1 KiB
Ruby
Raw Permalink Normal View History

2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
module ChecksHtmlSanitized
extend ActiveSupport::Concern
included do
before_create :sanitized_html_attributes
before_update :sanitized_html_attributes
end
def sanitized_html_attributes
html_attributes = self.class.instance_variable_get(:@sanitized_html) || []
2017-11-21 07:24:03 +00:00
return true if html_attributes.blank?
html_attributes.each do |attribute|
next if changes[attribute].blank?
value = send(attribute)
next if value.blank?
next if !sanitizeable?(attribute, value)
send(:"#{attribute}=", HtmlSanitizer.strict(value))
end
true
end
def sanitizeable?(_attribute, _value)
true
end
# methods defined here are going to extend the class, not the instance of it
class_methods do
=begin
serve method to mark HTML attributes that need to get sanitized
class Model < ApplicationModel
include Sanitized
sanitized_html :body
end
=end
def sanitized_html(*attributes)
@sanitized_html = attributes
end
end
end