Module: DmCore::LiquidHelper

Included in:
BasePresenter
Defined in:
app/helpers/dm_core/liquid_helper.rb

Overview

Note: do not make a call to current_user in this file. Was not able to get that helper included in the mailers.

Instance Method Summary collapse

Instance Method Details

#liquidize_html(content, arguments = {}) ⇒ Object

This assumes that the content is from a trusted source



32
33
34
35
36
37
 
# File 'app/helpers/dm_core/liquid_helper.rb', line 32

def liquidize_html(content, arguments = {})
  doc = Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], 
                            :registers => { :controller => controller, :view => self, 
                                            :account_site_assets =>  })
  return doc.html_safe
end

#liquidize_markdown(content, arguments = {}) ⇒ Object

use the kramdown library This assumes that the content is from a trusted source



22
23
24
25
26
27
28
 
# File 'app/helpers/dm_core/liquid_helper.rb', line 22

def liquidize_markdown(content, arguments = {})
  doc = ::Kramdown::Document.new(Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], 
                            :registers => { :controller => controller, :view => self, 
                                            :account_site_assets =>  }),
                        :parse_block_html => true)
  return doc.to_html.html_safe
end

#liquidize_textile(content, arguments = {}) ⇒ Object

Pass :view in a register so this view (with helpers) can be used inside of a tag This assumes that the content is from a trusted source



11
12
13
14
15
16
17
 
# File 'app/helpers/dm_core/liquid_helper.rb', line 11

def liquidize_textile(content, arguments = {})
  doc = RedCloth.new(Liquid::Template.parse(content).render(arguments, :filters => [LiquidFilters], 
                            :registers => { :controller => controller, :view => self,
                                            :account_site_assets =>  }))
  #doc.hard_breaks = false
  return doc.to_html.html_safe
end

#markdown(content = '', options = {safe: true}, &block) ⇒ Object

Use Kramdown for parsing, then sanitize output. Goal is to allow untrusted users to add comments/text with some formatting and linking, but provide safe output



43
44
45
46
47
48
49
50
51
52
 
# File 'app/helpers/dm_core/liquid_helper.rb', line 43

def markdown(content = '', options = {safe: true}, &block)
  content ||= ''
  if block_given?
    html = ::Kramdown::Document.new(capture(&block)).to_html.html_safe
  else
    html = ::Kramdown::Document.new(content).to_html.html_safe
  end
  # for safety, use :basic or lower
  return options[:safe] ? sanitize_text(html, level: :basic).html_safe : html
end

#sanitize_text(content, options = {level: :default}) ⇒ Object

Uses Sanitize gem to fully sanitize any text.

Note: Default setting will make any markdown source (like user comments, etc) safe for sending out in emails



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'app/helpers/dm_core/liquid_helper.rb', line 58

def sanitize_text(content, options = {level: :default})
  case options[:level]
  when :default
    # strip all html
    Sanitize.clean(content)
  when :restricted
    # Allows only very simple inline formatting markup. No links, images, or block elements.
    Sanitize.clean(content, Sanitize::Config::RESTRICTED)
  when :basic
    # Allows a variety of markup including formatting tags, links, and lists. 
    # Images and tables are not allowed, links are limited to FTP, HTTP, HTTPS, and 
    # mailto protocols, and a rel="nofollow" attribute is added to all links to
    # mitigate SEO spam.
    Sanitize.clean(content, Sanitize::Config::BASIC)
  when :relaxed
    # Allows an even wider variety of markup than BASIC, including images and tables. 
    # Links are still limited to FTP, HTTP, HTTPS, and mailto protocols, while images
    # are limited to HTTP and HTTPS. In this mode, rel="nofollow" is not added to links.
    Sanitize.clean(content, Sanitize::Config::RELAXED)
  end
end