47 lines
1,018 B
Ruby
47 lines
1,018 B
Ruby
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
||
|
|
module HtmlSanitized
|
||
|
|
extend ActiveSupport::Concern
|
||
|
|
|
||
|
|
included do
|
||
|
|
before_create :sanitized_html_attributes
|
||
|
|
before_update :sanitized_html_attributes
|
||
|
|
end
|
||
|
|
|
||
|
|
def sanitized_html_attributes
|
||
|
|
html_attributes = self.class.instance_variable_get(:@sanitized_html) || []
|
||
|
|
return if html_attributes.empty?
|
||
|
|
|
||
|
|
html_attributes.each do |attribute|
|
||
|
|
value = send(attribute)
|
||
|
|
|
||
|
|
next if value.blank?
|
||
|
|
next if !sanitizeable?(attribute, value)
|
||
|
|
|
||
|
|
send("#{attribute}=".to_sym, HtmlSanitizer.strict(value))
|
||
|
|
end
|
||
|
|
end
|
||
|
|
|
||
|
|
def sanitizeable?(_attribute, _value)
|
||
|
|
true
|
||
|
|
end
|
||
|
|
|
||
|
|
# methods defined here are going to extend the class, not the instance of it
|
||
|
|
class_methods do
|
||
|
|
|
||
|
|
=begin
|
||
|
|
|
||
|
|
serve methode to mark HTML attrbibutes that need to get sanitized
|
||
|
|
|
||
|
|
class Model < ApplicationModel
|
||
|
|
include Sanitized
|
||
|
|
sanitized_html :body
|
||
|
|
end
|
||
|
|
|
||
|
|
=end
|
||
|
|
|
||
|
|
def sanitized_html(*attributes)
|
||
|
|
@sanitized_html = attributes
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|