Module: Decidim::SanitizeHelper

Included in:

Accountability::Admin::ResultsController, Accountability::ResultMetadataCell, ActivityCell, AddressCell, Admin::Moderations::ReportsHelper, AnnouncementCell, Assemblies::AssembliesHelper, AuthorCell, Blogs::Admin::PostsHelper, Blogs::ApplicationHelper, Budgets::BaseCell, Budgets::BudgetListItemCell, Budgets::OrderSummaryMailer, Budgets::VoteReminderMailer, ButtonCell, CardGCell, CardLCell, CardMetadataCell, CardSCell, Conferences::Admin::InviteJoinConferenceMailer, Conferences::Admin::SendConferenceDiplomaMailer, Conferences::MediaLinkCell, Conferences::RegistrationTypeCell, ContentBlocks::CtaCell, ContentBlocks::HeroCell, ContentBlocks::HighlightedContentBannerCell, ContentBlocks::ParticipatorySpaceHeroCell, ContentBlocks::SubHeroCell, Debates::DebateLCell, Debates::DebatePresenter, Elections::ElectionPresenter, EndorsementButtonsCell, Events::SimpleEvent, Forms::QuestionReadonlyCell, HtmlTruncation, Initiatives::InitiativeHelper, Initiatives::InitiativesMailer, Meetings::Admin::InviteJoinMeetingMailer, Meetings::ApplicationHelper, Meetings::Directory::ApplicationHelper, Meetings::JoinMeetingButtonCell, Meetings::MapHelper, Meetings::MeetingCell, Meetings::MeetingCellsHelper, Meetings::MeetingPresenter, NewsletterTemplates::BaseCell, NotificationCell, ParticipatoryProcessGroups::ContentBlocks::ExtraDataCell, ParticipatoryProcessGroups::ContentBlocks::MainDataCell, ParticipatoryProcesses::ParticipatoryProcessHelper, ParticipatorySpaceDropdownMetadataCell, PhotoCell, PhotosListCell, ProfileSidebarCell, Proposals::CostReportCell, Proposals::ParticipatoryTextProposalCell, Proposals::ProposalPresenter, ResourcePresenter, Decidim::Sortitions::SortitionsHelper, TosPageCell, TraceabilityHelper, UploadModalCell, ValidationErrorsPresenter, VersionCell, VersionsListCell, Votings::ContentBlocks::MainDataCell, Votings::ContentBlocks::PollingStationsCell, Votings::MapHelper, Votings::PollingStationPresenter, Votings::VotingPresenter

Defined in:

decidim-core/app/helpers/decidim/sanitize_helper.rb

Overview

Helper that provides methods to render order selector and links

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #decidim_html_escape(text) ⇒ Object
• #decidim_sanitize(html, options = {}) ⇒ Object

  Public: It sanitizes a user-inputted string with the ‘Decidim::UserInputScrubber` scrubber, so that video embeds work as expected.

• #decidim_sanitize_admin(html, options = {}) ⇒ Object
• #decidim_sanitize_editor(html, options = {}) ⇒ Object
• #decidim_sanitize_editor_admin(html, options = {}) ⇒ Object
• #decidim_sanitize_newsletter(html, options = {}) ⇒ Object
• #decidim_url_escape(text) ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 6

def self.included(base)
  base.include ActionView::Helpers::SanitizeHelper
  base.include ActionView::Helpers::TagHelper
end

Instance Method Details

#decidim_html_escape(text) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 48

def decidim_html_escape(text)
  ERB::Util.unwrapped_html_escape(text.to_str)
end

#decidim_sanitize(html, options = {}) ⇒ Object

Public: It sanitizes a user-inputted string with the ‘Decidim::UserInputScrubber` scrubber, so that video embeds work as expected. Uses Rails’ ‘sanitize` internally.

html - A string representing user-inputted HTML.

Returns an HTML-safe String.

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 18

def decidim_sanitize(html, options = {})
  scrubber = options[:scrubber] || Decidim::UserInputScrubber.new
  if options[:strip_tags]
    strip_tags sanitize(html, scrubber:)
  else
    sanitize(html, scrubber:)
  end
end

#decidim_sanitize_admin(html, options = {}) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 27

def decidim_sanitize_admin(html, options = {})
  decidim_sanitize(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
end

#decidim_sanitize_editor(html, options = {}) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 39

def decidim_sanitize_editor(html, options = {})
  content_tag(:div, decidim_sanitize(html, options), class: %w(rich-text-display))
end

#decidim_sanitize_editor_admin(html, options = {}) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 43

def decidim_sanitize_editor_admin(html, options = {})
  html = Decidim::IframeDisabler.new(html, options).perform
  decidim_sanitize_editor(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
end

#decidim_sanitize_newsletter(html, options = {}) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 31

def decidim_sanitize_newsletter(html, options = {})
  if options[:strip_tags]
    strip_tags sanitize(html, scrubber: Decidim::NewsletterScrubber.new)
  else
    sanitize(html, scrubber: Decidim::NewsletterScrubber.new)
  end
end

#decidim_url_escape(text) ⇒ Object

# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 52

def decidim_url_escape(text)
  decidim_html_escape(text).sub(/^javascript:/, "")
end