From 78920aaf4674a4aa479582c911497d64e20f9c25 Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Tue, 13 Sep 2011 19:50:38 -0400
Subject: [PATCH] fixed sanitization for notes, added descaling when saving
 notes on scaled images

---
 app/assets/javascripts/notes.js | 12 ++++++++----
 app/logical/d_text.rb           |  8 ++++++--
 app/views/notes/_note.html.erb  |  2 +-
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/app/assets/javascripts/notes.js b/app/assets/javascripts/notes.js
index 9341e1f8b..0272d10a3 100644
--- a/app/assets/javascripts/notes.js
+++ b/app/assets/javascripts/notes.js
@@ -278,12 +278,16 @@ Danbooru.Note = {
     },
     
     parameterize_note: function($note_box, $note_body) {
+      var $image = $("#image");
+      var original_width = parseInt($image.data("original-width"));
+      var ratio = parseInt($image.width()) / original_width;
+      
       var hash = {
         note: {
-          x: $note_box.position().left,
-          y: $note_box.position().top,
-          width: $note_box.width(),
-          height: $note_box.height(),
+          x: $note_box.position().left / ratio,
+          y: $note_box.position().top / ratio,
+          width: $note_box.width() / ratio,
+          height: $note_box.height() / ratio,
           body: $note_body.html(),
           post_id: Danbooru.meta("post-id")
         }
diff --git a/app/logical/d_text.rb b/app/logical/d_text.rb
index cd7524e57..576ac2d1e 100644
--- a/app/logical/d_text.rb
+++ b/app/logical/d_text.rb
@@ -193,8 +193,12 @@ class DText
       end
     end
 
+    sanitize(html.join("")).html_safe
+  end
+  
+  def self.sanitize(text)
     Sanitize.clean(
-      html.join(""),
+      text,
       :elements => %w(h1 h2 h3 h4 h5 h6 a span div blockquote br p ul li ol em strong),
       :attributes => {
         "a" => %w(href title),
@@ -206,7 +210,7 @@ class DText
           "href" => ["http", "https", :relative]
         }
       }
-    ).html_safe
+    )
   end
 end
 
diff --git a/app/views/notes/_note.html.erb b/app/views/notes/_note.html.erb
index 268bc839a..a4972c3fb 100644
--- a/app/views/notes/_note.html.erb
+++ b/app/views/notes/_note.html.erb
@@ -1 +1 @@
-<%= content_tag(:article, raw(Sanitize.clean(note.body)), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>
+<%= content_tag(:article, raw(DText.sanitize(note.body)), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>