Permalink
Browse files

strip style property before saving html

  • Loading branch information...
1 parent 4b2530c commit d1dcd15e0942f4af408c434de903e93c9c92b7ca @chawei committed Apr 11, 2012
Showing with 33 additions and 5 deletions.
  1. +1 −3 Gemfile
  2. +2 −0 Gemfile.lock
  3. +10 −0 app/models/article.rb
  4. +10 −1 app/models/film.rb
  5. +9 −0 app/models/page.rb
  6. +1 −1 app/views/admin/films/_form.html.erb
View
@@ -3,9 +3,6 @@ source 'http://rubygems.org'
gem 'rails', '3.2.3'
gem 'mysql2'
-# Use unicorn as the web server
-# gem 'unicorn'
-
# Deploy with Capistrano
gem 'capistrano'
@@ -22,6 +19,7 @@ gem 'will_paginate', '~> 3.0.pre4'
gem 'paperclip'
gem 'acts_as_list'
gem 'state_machine'
+gem 'hpricot'
group :development, :test, :cucumber do
gem 'ruby-debug'
View
@@ -48,6 +48,7 @@ GEM
babosa (~> 0.3.0)
highline (1.6.11)
hike (1.2.1)
+ hpricot (0.8.6)
i18n (0.6.0)
journey (1.0.3)
json (1.6.6)
@@ -128,6 +129,7 @@ DEPENDENCIES
authlogic
capistrano
friendly_id (~> 3.1)
+ hpricot
mysql2
paperclip
rails (= 3.2.3)
View
@@ -4,4 +4,14 @@ class Article < ActiveRecord::Base
has_friendly_id :title, :use_slug => true
default_scope :order => "date DESC, updated_at DESC"
+
+ before_update :sanitize_html
+
+ def sanitize_html
+ doc = Hpricot self.content
+ doc.search("[@style]").each do |e|
+ e.remove_attribute("style")
+ end
+ self.content = doc.html
+ end
end
View
@@ -19,9 +19,18 @@ class Film < ActiveRecord::Base
scope :public, :conditions => { :draft => false }
- after_create :remove_redundant_videos
+ after_create :remove_redundant_videos
+ before_update :sanitize_html
def remove_redundant_videos
Video.cleanup
end
+
+ def sanitize_html
+ doc = Hpricot self.description
+ doc.search("[@style]").each do |e|
+ e.remove_attribute("style")
+ end
+ self.description = doc.html
+ end
end
View
@@ -2,6 +2,7 @@ class Page < ActiveRecord::Base
has_friendly_id :unique_name
validates_presence_of :unique_name
+ before_update :sanitize_html
def self.all_custom_pages
return [self.page('bio'), self.page('cv'), self.page('contact')]
@@ -16,4 +17,12 @@ def self.page(unique_name)
end
return page
end
+
+ def sanitize_html
+ doc = Hpricot self.content
+ doc.search("[@style]").each do |e|
+ e.remove_attribute("style")
+ end
+ self.content = doc.html
+ end
end
@@ -80,7 +80,7 @@
<div class="field clear_fix">
<div class="label left">
<label for="film_thumb">Film Thumbnail</label>
- <div class="warning">at least 800 pixels wide</div>
+ <div class="warning">800 x 450 pixels</div>
</div>
<% if @film.film_thumb.exists? -%>
<div class="left">

0 comments on commit d1dcd15

Please sign in to comment.