Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 7bccc25d75
Branches Tags
zammad
/
app
/
models
/
concerns
/
checks_html_sanitized.rb

checks_html_sanitized.rb 1.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
    2. 

  2. module ChecksHtmlSanitized
    3. 

  3.   extend ActiveSupport::Concern
    4. 

  4. 

  5.   included do
    6. 

  6.     before_create :sanitized_html_attributes
    7. 

  7.     before_update :sanitized_html_attributes
    8. 

  8.   end
    9. 

  9. 

  10.   def sanitized_html_attributes
    11. 

  11.     html_attributes = self.class.instance_variable_get(:@sanitized_html) || []
    12. 

  12.     return true if html_attributes.empty?
    13. 

  13. 

  14.     html_attributes.each do |attribute|
    15. 

  15.       value = send(attribute)
    16. 

  16. 

  17.       next if value.blank?
    18. 

  18.       next if !sanitizeable?(attribute, value)
    19. 

  19. 

  20.       send("#{attribute}=".to_sym, HtmlSanitizer.strict(value))
    21. 

  21.     end
    22. 

  22.     true
    23. 

  23.   end
    24. 

  24. 

  25.   def sanitizeable?(_attribute, _value)
    26. 

  26.     true
    27. 

  27.   end
    28. 

  28. 

  29.   # methods defined here are going to extend the class, not the instance of it
    30. 

  30.   class_methods do
    31. 

  31. 

  32. =begin
    33. 

  33. 

  34. serve method to mark HTML attributes that need to get sanitized
    35. 

  35. 

  36. class Model < ApplicationModel
    37. 

  37.   include Sanitized
    38. 

  38.   sanitized_html :body
    39. 

  39. end
    40. 

  40. 

  41. =end
    42. 

  42. 

  43.     def sanitized_html(*attributes)
    44. 

  44.       @sanitized_html = attributes
    45. 

  45.     end
    46. 

  46.   end
    47. 

  47. end
    48.