From 1079e96db236efca57fb79eac26efb40406b5167 Mon Sep 17 00:00:00 2001
From: Arnaud Levy <contact@arnaudlevy.com>
Date: Fri, 25 Feb 2022 15:01:44 +0100
Subject: [PATCH] fix sanitizer
---
.../communication/website/index_page.rb | 2 +-
.../website/index_page/administrators.rb | 2 +-
.../website/index_page/authors.rb | 2 +-
.../website/index_page/communication_posts.rb | 2 +-
.../website/index_page/education_programs.rb | 2 +-
.../communication/website/index_page/home.rb | 2 +-
.../website/index_page/persons.rb | 2 +-
.../website/index_page/research_articles.rb | 2 +-
.../website/index_page/research_volumes.rb | 2 +-
.../website/index_page/researchers.rb | 2 +-
.../website/index_page/teachers.rb | 2 +-
app/services/osuny/sanitizer.rb | 28 ++++++++-----------
...xt_in_communication_website_index_pages.rb | 5 ++++
db/schema.rb | 4 +--
14 files changed, 30 insertions(+), 29 deletions(-)
create mode 100644 db/migrate/20220225135833_change_string_to_text_in_communication_website_index_pages.rb
diff --git a/app/models/communication/website/index_page.rb b/app/models/communication/website/index_page.rb
index 049d93274..6dd9431ca 100644
--- a/app/models/communication/website/index_page.rb
+++ b/app/models/communication/website/index_page.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/administrators.rb b/app/models/communication/website/index_page/administrators.rb
index 77d702863..d659241bf 100644
--- a/app/models/communication/website/index_page/administrators.rb
+++ b/app/models/communication/website/index_page/administrators.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/authors.rb b/app/models/communication/website/index_page/authors.rb
index ac8c19906..e6ecbf853 100644
--- a/app/models/communication/website/index_page/authors.rb
+++ b/app/models/communication/website/index_page/authors.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/communication_posts.rb b/app/models/communication/website/index_page/communication_posts.rb
index 280f4ac36..2b11622df 100644
--- a/app/models/communication/website/index_page/communication_posts.rb
+++ b/app/models/communication/website/index_page/communication_posts.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/education_programs.rb b/app/models/communication/website/index_page/education_programs.rb
index 6deb5218c..99230b5f7 100644
--- a/app/models/communication/website/index_page/education_programs.rb
+++ b/app/models/communication/website/index_page/education_programs.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/home.rb b/app/models/communication/website/index_page/home.rb
index f9e5dbf86..7c929c16e 100644
--- a/app/models/communication/website/index_page/home.rb
+++ b/app/models/communication/website/index_page/home.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/persons.rb b/app/models/communication/website/index_page/persons.rb
index 7560b9c3b..d2f4063e7 100644
--- a/app/models/communication/website/index_page/persons.rb
+++ b/app/models/communication/website/index_page/persons.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/research_articles.rb b/app/models/communication/website/index_page/research_articles.rb
index 35f8f089e..bcf97c7c8 100644
--- a/app/models/communication/website/index_page/research_articles.rb
+++ b/app/models/communication/website/index_page/research_articles.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/research_volumes.rb b/app/models/communication/website/index_page/research_volumes.rb
index d21c7fd25..71c5ed187 100644
--- a/app/models/communication/website/index_page/research_volumes.rb
+++ b/app/models/communication/website/index_page/research_volumes.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/researchers.rb b/app/models/communication/website/index_page/researchers.rb
index 7d0d615db..8fdf3b953 100644
--- a/app/models/communication/website/index_page/researchers.rb
+++ b/app/models/communication/website/index_page/researchers.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/models/communication/website/index_page/teachers.rb b/app/models/communication/website/index_page/teachers.rb
index 4ce22d763..d99383aee 100644
--- a/app/models/communication/website/index_page/teachers.rb
+++ b/app/models/communication/website/index_page/teachers.rb
@@ -6,7 +6,7 @@
# breadcrumb_title :string
# description :text
# featured_image_alt :string
-# header_text :string
+# header_text :text
# kind :integer
# path :string
# text :text
diff --git a/app/services/osuny/sanitizer.rb b/app/services/osuny/sanitizer.rb
index a155edb89..ede92d171 100644
--- a/app/services/osuny/sanitizer.rb
+++ b/app/services/osuny/sanitizer.rb
@@ -1,28 +1,24 @@
class Osuny::Sanitizer
include ActionView::Helpers::SanitizeHelper
+ # type(ActiveRecord) = ['text', 'string']
def self.sanitize(input, type = 'text')
return '' if input.blank?
- raise ArgumentError.new('First argument must be a String') unless [String, ActionText::Content].include? input.class
-
- case type.to_s
- when 'string'
- string_sanitize(input)
- when 'text'
- if input.is_a? String
- safe_list_sanitizer.sanitize input
- else
- ActionText::Content.new(safe_list_sanitizer.sanitize input.to_html)
- end
- else
- input
- end
+ send "sanitize_#{type}", input
end
private
- def self.string_sanitize(raw_string)
- output = Loofah.fragment(raw_string).text(encode_special_chars: false)
+ # input can be String or ActionText::Content
+ def self.sanitize_text(input)
+ input.is_a?(String) ? safe_list_sanitizer.sanitize(input)
+ : ActionText::Content.new(
+ safe_list_sanitizer.sanitize(input.to_html)
+ )
+ end
+
+ def self.sanitize_string(string)
+ output = Loofah.fragment(string).text(encode_special_chars: false)
while output != Loofah.fragment(output).text(encode_special_chars: false)
output = Loofah.fragment(output).text(encode_special_chars: false)
end
diff --git a/db/migrate/20220225135833_change_string_to_text_in_communication_website_index_pages.rb b/db/migrate/20220225135833_change_string_to_text_in_communication_website_index_pages.rb
new file mode 100644
index 000000000..0a2d74491
--- /dev/null
+++ b/db/migrate/20220225135833_change_string_to_text_in_communication_website_index_pages.rb
@@ -0,0 +1,5 @@
+class ChangeStringToTextInCommunicationWebsiteIndexPages < ActiveRecord::Migration[6.1]
+ def change
+ change_column :communication_website_index_pages, :header_text, :text
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 1bfa2d8e9..817111876 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2022_02_25_101556) do
+ActiveRecord::Schema.define(version: 2022_02_25_135833) do
# These are extensions that must be enabled in order to support this database
enable_extension "pgcrypto"
@@ -252,7 +252,7 @@ ActiveRecord::Schema.define(version: 2022_02_25_101556) do
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.string "breadcrumb_title"
- t.string "header_text"
+ t.text "header_text"
t.index ["communication_website_id"], name: "idx_comm_website_index_page_on_communication_website_id"
t.index ["university_id"], name: "index_communication_website_index_pages_on_university_id"
end
--
GitLab