Remove and legacy ActionText parts, include Sanitizable pretty much everywhere and custom sanitize

a60b0d0b · Sébastien Gaya · a38a3f0e · a60b0d0b · a38a3f0e · a38a3f0e
Unverified Commit a60b0d0b authored 2 years ago by Sébastien Gaya
--- a/app/models/user/with_authentication.rb
+++ b/app/models/user/with_authentication.rb
@@ -94,13 +94,11 @@ module User::WithAuthentication
    end

    def sanitize_fields
-      full_sanitizer = Rails::Html::FullSanitizer.new
-
      # Only text allowed, and remove '=' to prevent excel formulas
-      self.email = full_sanitizer.sanitize(self.email)&.gsub('=', '')
-      self.first_name = full_sanitizer.sanitize(self.first_name)&.gsub('=', '')
-      self.last_name = full_sanitizer.sanitize(self.last_name)&.gsub('=', '')
-      self.mobile_phone = full_sanitizer.sanitize(self.mobile_phone)&.gsub('=', '')
+      self.email = Osuny::Sanitizer.sanitize(self.email, 'string')&.gsub('=', '')
+      self.first_name = Osuny::Sanitizer.sanitize(self.first_name, 'string')&.gsub('=', '')
+      self.last_name = Osuny::Sanitizer.sanitize(self.last_name, 'string')&.gsub('=', '')
+      self.mobile_phone = Osuny::Sanitizer.sanitize(self.mobile_phone, 'string')&.gsub('=', '')
    end

    def password_required?

--- a/app/views/action_text/content/_layout.html.erb
+++ b/app/views/action_text/content/_layout.html.erb
-<%= render_action_text_content(content) %>
--- a/app/views/active_storage/blobs/_blob.html.erb
+++ b/app/views/active_storage/blobs/_blob.html.erb
-<figure class="attachment attachment--<%= blob.variable? ? "preview" : "file" %> attachment--<%= blob.filename.extension %>">
-  <% if blob.image? %>
-    <%= kamifusen_tag blob, width: 800 %>
-  <% elsif blob.video? %>
-    <video controls>
-      <source src="<%= rails_blob_path(blob) %>" type="<%= blob.content_type %>">
-    </video>
-  <% else %>
-    <%= link_to polymorphic_path(blob), target: :blank do %>
-      <p>
-        <span class="attachment__name"><%= blob.filename %></span>
-        <span class="attachment__size"><%= number_to_human_size blob.byte_size %></span>
-      </p>
-    <% end %>
-  <% end %>
-
-  <% if caption = blob.try(:caption) %>
-    <figcaption class="attachment__caption">
-      <%= caption %>
-    </figcaption>
-  <% end %>
-</figure>
--- a/config/application.rb
+++ b/config/application.rb
@@ -9,7 +9,7 @@ require "active_storage/engine"
 require "action_controller/railtie"
 require "action_mailer/railtie"
 require "action_mailbox/engine"
-require "action_text/engine"
+# require "action_text/engine"
 require "action_view/railtie"
 # require "action_cable/engine"
 require "sprockets/railtie"