Module: DmCore::LiquidHelper
- Included in:
- BasePresenter
- Defined in:
- app/helpers/dm_core/liquid_helper.rb
Overview
Note: do not make a call to current_user in this file. Was not able to get that helper included in the mailers.
Instance Method Summary collapse
-
#liquidize_html(content, arguments = {}) ⇒ Object
This assumes that the content is from a trusted source ——————————————————————————.
-
#liquidize_markdown(content, arguments = {}) ⇒ Object
use the kramdown library This assumes that the content is from a trusted source ——————————————————————————.
-
#liquidize_textile(content, arguments = {}) ⇒ Object
Pass :view in a register so this view (with helpers) can be used inside of a tag This assumes that the content is from a trusted source ——————————————————————————.
-
#markdown(content = '', options = {safe: true}, &block) ⇒ Object
Use Kramdown for parsing, then sanitize output.
-
#sanitize_text(content, options = {level: :default}) ⇒ Object
Uses Sanitize gem to fully sanitize any text.
Instance Method Details
#liquidize_html(content, arguments = {}) ⇒ Object
This assumes that the content is from a trusted source
32 33 34 35 36 37 |
# File 'app/helpers/dm_core/liquid_helper.rb', line 32 def liquidize_html(content, arguments = {}) doc = Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], :registers => { :controller => controller, :view => self, :account_site_assets => account_site_assets_url }) return doc.html_safe end |
#liquidize_markdown(content, arguments = {}) ⇒ Object
use the kramdown library This assumes that the content is from a trusted source
22 23 24 25 26 27 28 |
# File 'app/helpers/dm_core/liquid_helper.rb', line 22 def liquidize_markdown(content, arguments = {}) doc = ::Kramdown::Document.new(Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], :registers => { :controller => controller, :view => self, :account_site_assets => account_site_assets_url }), :parse_block_html => true) return doc.to_html.html_safe end |
#liquidize_textile(content, arguments = {}) ⇒ Object
Pass :view in a register so this view (with helpers) can be used inside of a tag This assumes that the content is from a trusted source
11 12 13 14 15 16 17 |
# File 'app/helpers/dm_core/liquid_helper.rb', line 11 def liquidize_textile(content, arguments = {}) doc = RedCloth.new(Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], :registers => { :controller => controller, :view => self, :account_site_assets => account_site_assets_url })) #doc.hard_breaks = false return doc.to_html.html_safe end |
#markdown(content = '', options = {safe: true}, &block) ⇒ Object
Use Kramdown for parsing, then sanitize output. Goal is to allow untrusted users to add comments/text with some formatting and linking, but provide safe output
43 44 45 46 47 48 49 50 51 52 |
# File 'app/helpers/dm_core/liquid_helper.rb', line 43 def markdown(content = '', = {safe: true}, &block) content ||= '' if block_given? html = ::Kramdown::Document.new(capture(&block)).to_html.html_safe else html = ::Kramdown::Document.new(content).to_html.html_safe end # for safety, use :basic or lower return [:safe] ? sanitize_text(html, level: :basic).html_safe : html end |
#sanitize_text(content, options = {level: :default}) ⇒ Object
Uses Sanitize gem to fully sanitize any text.
Note: Default setting will make any markdown source (like user comments, etc) safe for sending out in emails
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'app/helpers/dm_core/liquid_helper.rb', line 58 def sanitize_text(content, = {level: :default}) case [:level] when :default # strip all html Sanitize.clean(content) when :restricted # Allows only very simple inline formatting markup. No links, images, or block elements. Sanitize.clean(content, Sanitize::Config::RESTRICTED) when :basic # Allows a variety of markup including formatting tags, links, and lists. # Images and tables are not allowed, links are limited to FTP, HTTP, HTTPS, and # mailto protocols, and a rel="nofollow" attribute is added to all links to # mitigate SEO spam. Sanitize.clean(content, Sanitize::Config::BASIC) when :relaxed # Allows an even wider variety of markup than BASIC, including images and tables. # Links are still limited to FTP, HTTP, HTTPS, and mailto protocols, while images # are limited to HTTP and HTTPS. In this mode, rel="nofollow" is not added to links. Sanitize.clean(content, Sanitize::Config::RELAXED) end end |