trabajo-afectivo/lib/notification_factory/template.rb

54 lines
1.3 KiB
Ruby
Raw Permalink Normal View History

2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
2016-04-13 23:40:37 +00:00
class NotificationFactory::Template
2016-11-11 10:17:53 +00:00
=begin
examples how to use
cleaned_template = NotificationFactory::Template.new(
'some template <b>#{ticket.title}</b> #{config.fqdn}',
true,
false, # Allow ERB tags in the template?
).to_s
2016-11-11 10:17:53 +00:00
=end
def initialize(template, escape, trusted)
2016-04-13 23:40:37 +00:00
@template = template
@escape = escape
@trusted = trusted
2016-04-13 23:40:37 +00:00
end
def to_s
result = @template
result.gsub!(%r{<%(?!%)}, '<%%') if !@trusted
result.gsub(%r{\#{\s*(.*?)\s*}}m) do
# some browsers start adding HTML tags
# fixes https://github.com/zammad/zammad/issues/385
input_template = $1.gsub(%r{\A<.+?>\s*|\s*<.+?>\z}, '')
case input_template
when %r{\At\('(.+?)'\)\z}m
%(<%= t "#{sanitize_text($1)}", #{@escape} %>)
when %r{\At\((.+?)\)\z}m
%(<%= t d"#{sanitize_object_name($1)}", #{@escape} %>)
when %r{\Aconfig\.(.+?)\z}m
%(<%= c "#{sanitize_object_name($1)}", #{@escape} %>)
else
%(<%= d "#{sanitize_object_name(input_template)}", #{@escape} %>)
end
end
2016-04-13 23:40:37 +00:00
end
def sanitize_text(string)
string&.tr("\t\r\n", '')
&.gsub(%r{(?<!\\)(?=")}, '\\')
end
def sanitize_object_name(string)
string&.tr("\t\r\n\f \"'§;", '')
end
2016-04-13 23:40:37 +00:00
end