6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# File 'app/models/concerns/has_sanitizable_fields.rb', line 6
def sanitize_field(field, additional_attributes: [])
if field
sanitizer = Rails::Html::SafeListSanitizer.new
allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes.dup
if additional_attributes.present?
allowed_attributes = allowed_attributes.merge(additional_attributes)
end
field = CGI.unescape_html(sanitizer.sanitize(field, attributes: allowed_attributes))
field = field.gsub("%7B", "{").gsub("%7D", "}")
end
field
end
|