From 0d438d05bc25b0e4719aa2aebc7c77128fc9a823 Mon Sep 17 00:00:00 2001 From: Dante Soares Date: Fri, 29 Apr 2022 15:38:10 -0500 Subject: [PATCH 1/2] Removed auto-links and the Rinku gem --- Gemfile | 3 --- Gemfile.lock | 2 -- lib/user_html.rb | 9 ++++----- spec/lib/user_html_spec.rb | 20 ++++++++++---------- 4 files changed, 14 insertions(+), 20 deletions(-) diff --git a/Gemfile b/Gemfile index a6b3536f..5b821448 100644 --- a/Gemfile +++ b/Gemfile @@ -41,9 +41,6 @@ gem 'rails-html-sanitizer' # URI replacement gem 'addressable' -# Converts links in Strings to HTML anchors -gem 'rinku' - # Sanitizes user content gem 'sanitize' diff --git a/Gemfile.lock b/Gemfile.lock index 9c973713..875fcb14 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -399,7 +399,6 @@ GEM actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) - rinku (2.0.6) roar (1.0.3) representable (>= 2.0.1, <= 3.0.0) roar-rails (1.0.1) @@ -589,7 +588,6 @@ DEPENDENCIES redis representable (~> 3.0.0) request_store - rinku roar (= 1.0.3) roo rspec-instafail diff --git a/lib/user_html.rb b/lib/user_html.rb index 5768cd89..07cb7071 100644 --- a/lib/user_html.rb +++ b/lib/user_html.rb @@ -1,16 +1,15 @@ module UserHtml mattr_accessor :sanitize_config - def self.link_and_sanitize(content) - linked_content = Rinku.auto_link(content, :urls) - Sanitize.fragment(linked_content, UserHtml.sanitize_config) + def self.sanitize(content) + Sanitize.fragment(content, UserHtml.sanitize_config) end module ActiveRecord module Base def user_html(*attributes) attributes.each do |attribute| - filter_name = :"link_and_sanitize_#{attribute.to_s}" + filter_name = :"sanitize_#{attribute.to_s}" class_exec do before_validation filter_name @@ -19,7 +18,7 @@ def user_html(*attributes) content = send(attribute) return if content.nil? - send("#{attribute}=", UserHtml.link_and_sanitize(content)) + send("#{attribute}=", UserHtml.sanitize(content)) end end end diff --git a/spec/lib/user_html_spec.rb b/spec/lib/user_html_spec.rb index 046f5b77..c1934a77 100644 --- a/spec/lib/user_html_spec.rb +++ b/spec/lib/user_html_spec.rb @@ -7,7 +7,7 @@ it 'converts url\'s to html anchors with rel="nofollow" and target="_blank"' do content = 'Here is a cool link: http://www.example.com.' - expect(described_class.link_and_sanitize(content)).to( + expect(described_class.sanitize(content)).to( eq 'Here is a cool link: http://www.example.com.' ) @@ -15,7 +15,7 @@ it 'adds rel="nofollow" and target="_blank" to existing html anchors' do content = 'Here is a cooler link: Example.' - expect(described_class.link_and_sanitize(content)).to( + expect(described_class.sanitize(content)).to( eq 'Here is a cooler link: Example.' ) @@ -23,7 +23,7 @@ it 'removes script tags' do content = 'Have a cup of .' - expect(described_class.link_and_sanitize(content)).to eq 'Have a cup of .' + expect(described_class.sanitize(content)).to eq 'Have a cup of .' end it 'allows iframes to whitelisted domains' do @@ -34,7 +34,7 @@ 'src="https://www.youtube.com/embed/Xp6V_lO1ZKA" frameborder="0" ' + 'allowfullscreen="">' - expect(described_class.link_and_sanitize(youtube_content)).to eq expected_youtube_content + expect(described_class.sanitize(youtube_content)).to eq expected_youtube_content khan_content = \ "" - expect(described_class.link_and_sanitize(khan_content)).to eq expected_khan_content + expect(described_class.sanitize(khan_content)).to eq expected_khan_content end @@ -68,7 +68,7 @@ https://server2.cnx.org/content } valid_urls.each do | url | - expect(described_class.link_and_sanitize( + expect(described_class.sanitize( "" end @@ -76,7 +76,7 @@ it 'removes iframes to non-whitelisted domains' do content = "Funny cat videos: