notes: move sanitization from d_text.rb to note_sanitizer.rb.

2017-06-15 20:30:19 -05:00
parent 56b1651cd4
commit 990f173b3d
4 changed files with 27 additions and 26 deletions
--- a/app/controllers/note_previews_controller.rb
+++ b/app/controllers/note_previews_controller.rb
@@ -2,7 +2,7 @@ class NotePreviewsController < ApplicationController
  respond_to :json

  def show
-    @body = DText.sanitize(params[:body].to_s)
+    @body = NoteSanitizer.sanitize(params[:body].to_s)
    respond_with(@body) do |format|
      format.json do
        render :json => {:body => @body}.to_json
--- a/app/logical/d_text.rb
+++ b/app/logical/d_text.rb
@@ -369,30 +369,6 @@ class DText
    s
  end

-  def self.sanitize(text)
-    text.gsub!(/<( |-|3|:|>|\Z)/, "&lt;\\1")
-
-    Sanitize.clean(
-      text,
-      :elements => %w(code center tn h1 h2 h3 h4 h5 h6 a span div blockquote br p ul li ol em strong small big b i font u s pre ruby rb rt rp),
-      :attributes => {
-        "a" => %w(href title style),
-        "span" => %w(class style),
-        "div" => %w(class style align),
-        "p" => %w(class style align),
-        "font" => %w(color size style)
-      },
-      :protocols => {
-        "a" => {
-          "href" => ["http", "https", :relative]
-        }
-      },
-      :css => Sanitize::Config::RELAXED[:css].merge({
-        :protocols => []
-      })
-    )
-  end
-
  # extract the first paragraph `needle` occurs in.
  def self.excerpt(dtext, needle)
    dtext = dtext.gsub(/\r\n|\r|\n/, "\n")
--- a/app/logical/note_sanitizer.rb
+++ b/app/logical/note_sanitizer.rb
@@ -0,0 +1,25 @@
+module NoteSanitizer
+  def self.sanitize(text)
+    text.gsub!(/<( |-|3|:|>|\Z)/, "&lt;\\1")
+
+    Sanitize.clean(
+      text,
+      :elements => %w(code center tn h1 h2 h3 h4 h5 h6 a span div blockquote br p ul li ol em strong small big b i font u s pre ruby rb rt rp),
+      :attributes => {
+        "a" => %w(href title style),
+        "span" => %w(class style),
+        "div" => %w(class style align),
+        "p" => %w(class style align),
+        "font" => %w(color size style)
+      },
+      :protocols => {
+        "a" => {
+          "href" => ["http", "https", :relative]
+        }
+      },
+      :css => Sanitize::Config::RELAXED[:css].merge({
+        :protocols => []
+      })
+    )
+  end
+end
--- a/app/views/notes/_note.html.erb
+++ b/app/views/notes/_note.html.erb
@@ -1 +1 @@
-<article data-width="<%= note.width %>" data-height="<%= note.height %>" data-x="<%= note.x %>" data-y="<%= note.y %>" data-id="<%= note.id %>" data-body="<%= note.body %>"><%= raw DText.sanitize(note.body) %></article>
+<article data-width="<%= note.width %>" data-height="<%= note.height %>" data-x="<%= note.x %>" data-y="<%= note.y %>" data-id="<%= note.id %>" data-body="<%= note.body %>"><%= raw NoteSanitizer.sanitize(note.body) %></article>