rails--rails/actiontext/app/helpers/action_text/content_helper.rb

# frozen_string_literal: true

require "rails-html-sanitizer"

module ActionText
  module ContentHelper
    mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.safe_list_sanitizer.new }
    mattr_accessor(:allowed_tags) { sanitizer.class.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] }
    mattr_accessor(:allowed_attributes) { sanitizer.class.allowed_attributes + ActionText::Attachment::ATTRIBUTES }
    mattr_accessor(:scrubber)

    def render_action_text_content(content)
      self.prefix_partial_path_with_controller_namespace = false
      sanitize_action_text_content(render_action_text_attachments(content))
    end

    def sanitize_action_text_content(content)
      sanitizer.sanitize(content.to_html, tags: allowed_tags, attributes: allowed_attributes, scrubber: scrubber).html_safe
    end

    def render_action_text_attachments(content)
      content.render_attachments do |attachment|
        unless attachment.in?(content.gallery_attachments)
          attachment.node.tap do |node|
            node.inner_html = render(attachment, in_gallery: false).chomp
          end
        end
      end.render_attachment_galleries do |attachment_gallery|
        render(layout: attachment_gallery, object: attachment_gallery) do
          attachment_gallery.attachments.map do |attachment|
            attachment.node.inner_html = render(attachment, in_gallery: true).chomp
            attachment.to_html
          end.join.html_safe
        end.chomp
      end
    end
  end
end
Add frozen_string_literal: true Adds frozen_string_literal: true comment on top of all currently existing files 2018-10-08 17:44:25 -04:00			`# frozen_string_literal: true`

Explicitly require rails-html-sanitizer gem in ActionText helpers If the [`action_text.helper` initializer][0] runs after `ActionController::Base` has been loaded, but before the `rails-html-sanitizer` gem has been `require`d, then the reference to the constant `Rails::Html` in the body of the `ActionText::ContentHelper` module raises an `uninitialized constant` exception. [0]: https://github.com/rails/rails/blob/21703382393c87212c27c988420ee5c133c1aa9f/actiontext/lib/action_text/engine.rb#L31-L35 2019-03-06 20:25:28 -05:00			`require "rails-html-sanitizer"`

Move attachment rendering to a helper Fixes #5 2018-10-03 14:41:47 -04:00			`module ActionText`
			`module ContentHelper`
Update sanitizer in ActionView::Helpers::SanitizeHelper - The sanitizer has been changed to safe_list_sanitizer. - deprecate white_list_sanitizer 2019-05-14 00:09:39 -04:00			`mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.safe_list_sanitizer.new }`
Make Action Text's rendering helpers more configurable - Allow configuring the sanitizer and its options - Split attachment rendering and sanitizing helpers so each can be overridden by applications 2019-04-22 10:08:15 -04:00			`mattr_accessor(:allowed_tags) { sanitizer.class.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] }`
			`mattr_accessor(:allowed_attributes) { sanitizer.class.allowed_attributes + ActionText::Attachment::ATTRIBUTES }`
			`mattr_accessor(:scrubber)`
Fix `uninitialized constant ActionText:: ALLOWED_TAGS` error on Rails reloading 2018-10-06 10:27:54 -04:00
Move attachment rendering to a helper Fixes #5 2018-10-03 14:41:47 -04:00			`def render_action_text_content(content)`
Disentangle Action Text from ApplicationController This commit allows Action Text to be used without having an ApplicationController defined. In doing so, it also fixes Action Text attachments to render the correct URL host in mailers. It also avoids allocating an ActionController::Renderer per request. Fixes #37183. Fixes #35578. Fixes #36963. Closes #38714. Co-authored-by: Jeremy Daer <jeremydaer@gmail.com> 2020-09-11 12:43:27 -04:00			`self.prefix_partial_path_with_controller_namespace = false`
Make Action Text's rendering helpers more configurable - Allow configuring the sanitizer and its options - Split attachment rendering and sanitizing helpers so each can be overridden by applications 2019-04-22 10:08:15 -04:00			`sanitize_action_text_content(render_action_text_attachments(content))`
			`end`

			`def sanitize_action_text_content(content)`
			`sanitizer.sanitize(content.to_html, tags: allowed_tags, attributes: allowed_attributes, scrubber: scrubber).html_safe`
			`end`

			`def render_action_text_attachments(content)`
			`content.render_attachments do \|attachment\|`
Move attachment rendering to a helper Fixes #5 2018-10-03 14:41:47 -04:00			`unless attachment.in?(content.gallery_attachments)`
			`attachment.node.tap do \|node\|`
			`node.inner_html = render(attachment, in_gallery: false).chomp`
			`end`
			`end`
Make Action Text's rendering helpers more configurable - Allow configuring the sanitizer and its options - Split attachment rendering and sanitizing helpers so each can be overridden by applications 2019-04-22 10:08:15 -04:00			`end.render_attachment_galleries do \|attachment_gallery\|`
Move attachment rendering to a helper Fixes #5 2018-10-03 14:41:47 -04:00			`render(layout: attachment_gallery, object: attachment_gallery) do`
			`attachment_gallery.attachments.map do \|attachment\|`
			`attachment.node.inner_html = render(attachment, in_gallery: true).chomp`
			`attachment.to_html`
Cleanup unneeded blank string params in ActionText 2019-08-23 14:11:50 -04:00			`end.join.html_safe`
Move attachment rendering to a helper Fixes #5 2018-10-03 14:41:47 -04:00			`end.chomp`
			`end`
			`end`
			`end`
			`end`