Module: HasSanitizableFields

Extended by:
ActiveSupport::Concern
Included in:
Badge, SiteSettingExtension, Tag, TranslationOverride, UserField
Defined in:
app/models/concerns/has_sanitizable_fields.rb

Instance Method Summary collapse

Instance Method Details

#sanitize_field(field, additional_attributes: []) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'app/models/concerns/has_sanitizable_fields.rb', line 6

def sanitize_field(field, additional_attributes: [])
  if field
    sanitizer = Rails::Html::SafeListSanitizer.new
    allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes.dup

    if additional_attributes.present?
      allowed_attributes = allowed_attributes.merge(additional_attributes)
    end

    field = CGI.unescape_html(sanitizer.sanitize(field, attributes: allowed_attributes))
    # Just replace the characters that our translations use for interpolation.
    # Calling CGI.unescape removes characters like '+', which will corrupt the original value.
    field = field.gsub("%7B", "{").gsub("%7D", "}")
  end

  field
end