Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix Video embeds are not shown in short_description field
* Fix: Video embeds are not shown in short_description field * Add test for ParticipatoryProcess * Add admin_support for Blog * Add decidim-budget admin sanitization * Add decidim-consultations * Enable iframes for decidim-pages * Enable iframes for decidim-proposals * Enable iframes for decidim-debates * Enable iframes for decidim-sortitions * Enable full editor in decidim-elections * Enable full content in decidim-surveys * revert sortitions * Running Linters * Revert proposals fields * Fix Election spec * Fix decidim assemblies * Implement new restrictions * Fix the scrubbers * Add more restrictions to the scrubber scrubber * Sort the restricted tags * Revert strip tags for questions in consultations * Fix consultations change requests
- Loading branch information
Showing
37 changed files
with
371 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
decidim-budgets/app/cells/decidim/budgets/budgets_header/show.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
<div class="row"> | ||
<div class="columns medium-7 mediumlarge-8"> | ||
<div class="section"> | ||
<%= decidim_sanitize_editor(landing_page_content) %> | ||
<%= decidim_sanitize_editor_admin(landing_page_content) %> | ||
</div> | ||
</div> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
decidim-consultations/app/scrubbers/decidim/consultations/question_title_scrubber.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module Consultations | ||
class QuestionTitleScrubber < Decidim::UserInputScrubber | ||
private | ||
|
||
def custom_allowed_tags | ||
%w(strong em u b i br ul ol li p a code) | ||
end | ||
|
||
def custom_allowed_attributes | ||
%w(class href target rel) | ||
end | ||
end | ||
end | ||
end |
2 changes: 1 addition & 1 deletion
2
...onsultations/app/views/decidim/consultations/consultations/_consultation_details.html.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
61 changes: 61 additions & 0 deletions
61
decidim-consultations/spec/scrubbers/decidim/consultations/question_title_scrubber_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# frozen_string_literal: true | ||
|
||
require "spec_helper" | ||
|
||
describe Decidim::Consultations::QuestionTitleScrubber do | ||
subject { described_class.new } | ||
|
||
def scrub(html) | ||
Loofah.scrub_fragment(html, subject).to_s | ||
end | ||
|
||
RSpec::Matchers.define :be_scrubbed do | ||
match do |actual| | ||
expect(scrub(actual)).to eq actual | ||
end | ||
|
||
failure_message do |actual| | ||
"expected \"#{actual}\" to eq \"#{scrub(actual)}\" after scrubbing" | ||
end | ||
end | ||
|
||
RSpec::Matchers.define :be_scrubbed_as do |expected| | ||
match do |actual| | ||
expect(scrub(actual)).to eq expected | ||
end | ||
|
||
failure_message do |actual| | ||
"expected \"#{actual}\" to eq \"#{expected}\" after scrubbing, scrubbed as \"#{scrub(actual)}\" instead" | ||
end | ||
end | ||
|
||
it "does not allow iframes" do | ||
html = "<iframe frameborder=\"0\" allowfullscreen=\"true\" src=\"url\"></iframe>" | ||
expect(html).to be_scrubbed_as("") | ||
end | ||
|
||
it "does not allow comments" do | ||
html = "<p>Hello, <!-- world! --></p>" | ||
expect(html).to be_scrubbed_as("<p>Hello, </p>") | ||
end | ||
|
||
it "does not allow disabled iframes" do | ||
html = %(<div class="disabled-iframe"><!-- <iframe src="url"></iframe> --></div>) | ||
expect(html).to be_scrubbed_as("") | ||
end | ||
|
||
it "allows most basic tags" do | ||
html = "<a></a><b></b><strong></strong><em></em><i></i><p></p><br>" | ||
expect(html).to be_scrubbed | ||
end | ||
|
||
it "does not allow scripts" do | ||
html = "<script></script>" | ||
expect(html).to be_scrubbed_as("") | ||
end | ||
|
||
it "does not allow onerror attributes" do | ||
html = "<img src=x onerror=alert(1)>" | ||
expect(html).to be_scrubbed_as("") | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.