added sanitize, fixes #26: Clicking the wiki link withing comments gives a "page does not exist" error
This commit is contained in:
albert
1
Gemfile
1
Gemfile
@@ -27,6 +27,7 @@ gem "nokogiri"
|
|||||||
gem "meta_search", :git => "git://github.com/ernie/meta_search.git"
|
gem "meta_search", :git => "git://github.com/ernie/meta_search.git"
|
||||||
gem "silent-postgres"
|
gem "silent-postgres"
|
||||||
gem "whenever", :require => false
|
gem "whenever", :require => false
|
||||||
|
gem "sanitize", :git => "git://github.com/rgrove/sanitize.git"
|
||||||
|
|
||||||
group :development do
|
group :development do
|
||||||
gem 'pry'
|
gem 'pry'
|
||||||
|
|||||||
@@ -8,6 +8,13 @@ GIT
|
|||||||
activesupport (~> 3.1.0)
|
activesupport (~> 3.1.0)
|
||||||
polyamorous (~> 0.5.0)
|
polyamorous (~> 0.5.0)
|
||||||
|
|
||||||
|
GIT
|
||||||
|
remote: git://github.com/rgrove/sanitize.git
|
||||||
|
revision: afdfa8f7f4129820c573f94f79b99aed715a385d
|
||||||
|
specs:
|
||||||
|
sanitize (2.0.3)
|
||||||
|
nokogiri (< 1.6, >= 1.4.4)
|
||||||
|
|
||||||
GIT
|
GIT
|
||||||
remote: http://github.com/EmmanuelOga/ffaker.git
|
remote: http://github.com/EmmanuelOga/ffaker.git
|
||||||
revision: f94bcf502fcdd4ba5f29155a3df1811af2663950
|
revision: f94bcf502fcdd4ba5f29155a3df1811af2663950
|
||||||
@@ -179,6 +186,7 @@ DEPENDENCIES
|
|||||||
pg
|
pg
|
||||||
pry
|
pry
|
||||||
rails (= 3.1.0)
|
rails (= 3.1.0)
|
||||||
|
sanitize!
|
||||||
shoulda
|
shoulda
|
||||||
silent-postgres
|
silent-postgres
|
||||||
simple_form
|
simple_form
|
||||||
|
|||||||
@@ -11,11 +11,6 @@ class DText
|
|||||||
end
|
end
|
||||||
|
|
||||||
def self.parse_inline(str, options = {})
|
def self.parse_inline(str, options = {})
|
||||||
str = parse_aliased_wiki_links(str)
|
|
||||||
str = parse_wiki_links(str)
|
|
||||||
str = parse_post_links(str)
|
|
||||||
str = parse_id_links(str)
|
|
||||||
|
|
||||||
str.gsub!(/\n/m, "<br>")
|
str.gsub!(/\n/m, "<br>")
|
||||||
str.gsub!(/\[b\](.+?)\[\/b\]/i, '<strong>\1</strong>')
|
str.gsub!(/\[b\](.+?)\[\/b\]/i, '<strong>\1</strong>')
|
||||||
str.gsub!(/\[i\](.+?)\[\/i\]/i, '<em>\1</em>')
|
str.gsub!(/\[i\](.+?)\[\/i\]/i, '<em>\1</em>')
|
||||||
@@ -26,6 +21,10 @@ class DText
|
|||||||
str.gsub!(/\[url=(.+?)\](.+?)\[\/url\]/m) do
|
str.gsub!(/\[url=(.+?)\](.+?)\[\/url\]/m) do
|
||||||
%{<a href="#{u($1)}">#{h($2)}</a>}
|
%{<a href="#{u($1)}">#{h($2)}</a>}
|
||||||
end
|
end
|
||||||
|
str = parse_aliased_wiki_links(str)
|
||||||
|
str = parse_wiki_links(str)
|
||||||
|
str = parse_post_links(str)
|
||||||
|
str = parse_id_links(str)
|
||||||
str
|
str
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -36,9 +35,9 @@ class DText
|
|||||||
wiki_page = WikiPage.find_title_and_id(title)
|
wiki_page = WikiPage.find_title_and_id(title)
|
||||||
|
|
||||||
if wiki_page
|
if wiki_page
|
||||||
%{[url=/wiki_pages/#{wiki_page.id}]#{text}[/url]}
|
%{<a href="/wiki_pages/#{wiki_page.id}">#{text}</a>}
|
||||||
else
|
else
|
||||||
%{[url=/wiki_pages/new?title=#{title}]#{text}[/url]}
|
%{<a href="/wiki_pages/new?title=#{title}">#{text}</url>}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@@ -49,22 +48,22 @@ class DText
|
|||||||
wiki_page = WikiPage.find_title_and_id(title)
|
wiki_page = WikiPage.find_title_and_id(title)
|
||||||
|
|
||||||
if wiki_page
|
if wiki_page
|
||||||
%{[url=/wiki_pages/#{wiki_page.id}]#{title}[/url]}
|
%{<a href="/wiki_pages/#{wiki_page.id}">#{title}</a>}
|
||||||
else
|
else
|
||||||
%{[url=/wiki_pages/new?title=#{title}]#{title}[/url]}
|
%{<a href="/wiki_pages/new?wiki_page[title]=#{title}">#{title}</a>}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.parse_post_links(str)
|
def self.parse_post_links(str)
|
||||||
str.gsub(/\{\{(.+?)\}\}/, %{[url=/posts?tags=\1]\1[/url]})
|
str.gsub(/\{\{(.+?)\}\}/, %{<a href="/posts?tags=\\1">\\1</a>})
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.parse_id_links(str)
|
def self.parse_id_links(str)
|
||||||
str = str.gsub(/\bpost #(\d+)/i, %{[url=/posts/\1]post #\1[/url]})
|
str = str.gsub(/\bpost #(\d+)/i, %{<a href="/posts/\\1">post #\\1</a>})
|
||||||
str = str.gsub(/\bforum #(\d+)/i, %{[url=/forum_posts/\1]forum #\1[/url]})
|
str = str.gsub(/\bforum #(\d+)/i, %{<a href="/forum_posts/\\1">forum #\\1</a>})
|
||||||
str = str.gsub(/\bcomment #(\d+)/i, %{[url=/comments/\1]comment #\1[/url]})
|
str = str.gsub(/\bcomment #(\d+)/i, %{<a href="/comments/\\1">comment #\\1</a>})
|
||||||
str = str.gsub(/\bpool #(\d+)/i, %{[url=/pools/\1]pool #\1[/url]})
|
str = str.gsub(/\bpool #(\d+)/i, %{<a href="/pools/\\1">pool #\\1</a>})
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.parse_list(str, options = {})
|
def self.parse_list(str, options = {})
|
||||||
@@ -151,7 +150,7 @@ class DText
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
html.join("").html_safe
|
Sanitize.clean(html.join(""), Sanitize::Config::BASIC).html_safe
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
<%= content_tag(:article, raw(note.body), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>
|
<%= content_tag(:article, raw(Sanitize.clean(note.body)), "data-width" => note.width, "data-height" => note.height, "data-x" => note.x, "data-y" => note.y, "data-id" => note.id) %>
|
||||||
|
|||||||
@@ -50,7 +50,7 @@
|
|||||||
</menu>
|
</menu>
|
||||||
|
|
||||||
<section id="comments">
|
<section id="comments">
|
||||||
<%= render "comments/partials/index/list", :comments => @post.comments, :post => @post, :show_header => false %>
|
<%= render "comments/partials/index/list", :comments => @post.comments.reverse, :post => @post, :show_header => false %>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="notes">
|
<section id="notes">
|
||||||
|
|||||||
Reference in New Issue
Block a user