Module: Decidim::SanitizeHelper

Overview

Helper that provides methods to render order selector and links

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object



6
7
8
9
10
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 6

def self.included(base)
  base.include ActionView::Helpers::SanitizeHelper
  base.include ActionView::Helpers::TagHelper
  base.include Decidim::TranslatableAttributes
end

Instance Method Details

#decidim_escape_translated(text) ⇒ Object



70
71
72
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 70

def decidim_escape_translated(text)
  decidim_html_escape(translated_attribute(text))
end

#decidim_html_escape(text) ⇒ Object



58
59
60
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 58

def decidim_html_escape(text)
  ERB::Util.unwrapped_html_escape(text.to_str)
end

#decidim_rich_text(html) ⇒ Object

Converts the blob and blob variant references to blob URLs.



41
42
43
44
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 41

def decidim_rich_text(html, **)
  renderer = Decidim::ContentProcessor.renderer_klass(:blob).constantize.new(html)
  renderer.render(**)
end

#decidim_sanitize(html, options = {}) ⇒ Object

Public: It sanitizes a user-inputted string with the ‘Decidim::UserInputScrubber` scrubber, so that video embeds work as expected. Uses Rails’ ‘sanitize` internally.

html - A string representing user-inputted HTML.

Returns an HTML-safe String.



19
20
21
22
23
24
25
26
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 19

def decidim_sanitize(html, options = {})
  scrubber = options[:scrubber] || Decidim::UserInputScrubber.new
  if options[:strip_tags]
    strip_tags sanitize(html, scrubber:)
  else
    sanitize(html, scrubber:)
  end
end

#decidim_sanitize_admin(html, options = {}) ⇒ Object



28
29
30
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 28

def decidim_sanitize_admin(html, options = {})
  decidim_sanitize(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
end

#decidim_sanitize_editor(html, options = {}) ⇒ Object



46
47
48
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 46

def decidim_sanitize_editor(html, options = {})
  (:div, decidim_sanitize(html, options), class: %w(rich-text-display))
end

#decidim_sanitize_editor_admin(html, options = {}) ⇒ Object



50
51
52
53
54
55
56
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 50

def decidim_sanitize_editor_admin(html, options = {})
  html = Decidim::IframeDisabler.new(html, options).perform
  decidim_sanitize_editor(
    decidim_rich_text(html),
    { scrubber: Decidim::AdminInputScrubber.new }.merge(options)
  )
end

#decidim_sanitize_newsletter(html, options = {}) ⇒ Object



32
33
34
35
36
37
38
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 32

def decidim_sanitize_newsletter(html, options = {})
  if options[:strip_tags]
    strip_tags sanitize(html, scrubber: Decidim::NewsletterScrubber.new)
  else
    sanitize(html, scrubber: Decidim::NewsletterScrubber.new)
  end
end

#decidim_sanitize_translated(text) ⇒ Object



66
67
68
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 66

def decidim_sanitize_translated(text)
  decidim_sanitize(translated_attribute(text))
end

#decidim_url_escape(text) ⇒ Object



62
63
64
# File 'decidim-core/app/helpers/decidim/sanitize_helper.rb', line 62

def decidim_url_escape(text)
  decidim_html_escape(text).sub(/^javascript:/, "")
end