trabajo-afectivo/app/models/concerns/checks_html_sanitized.rb

48 lines
1 KiB
Ruby
Raw Normal View History

# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
module ChecksHtmlSanitized
extend ActiveSupport::Concern
included do
before_create :sanitized_html_attributes
before_update :sanitized_html_attributes
end
def sanitized_html_attributes
html_attributes = self.class.instance_variable_get(:@sanitized_html) || []
return true if html_attributes.empty?
html_attributes.each do |attribute|
value = send(attribute)
next if value.blank?
next if !sanitizeable?(attribute, value)
send("#{attribute}=".to_sym, HtmlSanitizer.strict(value))
end
true
end
def sanitizeable?(_attribute, _value)
true
end
# methods defined here are going to extend the class, not the instance of it
class_methods do
=begin
serve method to mark HTML attributes that need to get sanitized
class Model < ApplicationModel
include Sanitized
sanitized_html :body
end
=end
def sanitized_html(*attributes)
@sanitized_html = attributes
end
end
end