From 6639011968924117e23e2dfa69572317d6cd5c1c Mon Sep 17 00:00:00 2001
From: Andreas Stephanides <andreas.stephanides@gmail.com>
Date: Thu, 16 Oct 2014 21:44:22 +0200
Subject: [PATCH] thmen sanitize

---
 Gemfile                              |  5 +++--
 app/controllers/themen_controller.rb | 23 ++++++++++++++++++++---
 app/views/rubriken/index.html.erb    |  1 +
 app/views/themen/show.html.erb       |  3 ++-
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index c89b9cc..dea0ce9 100755
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,8 @@ gem 'webrick', '1.3.1'
   gem 'sqlite3'
   gem 'execjs', '~>1.4.0' 
 
-  gem 'sanitize'
+  gem 'sanitize',  :git=>'git://github.com/rgrove/sanitize'
+
 # Gems used only for assets and not required
 # in production environments by default.
   gem 'sass-rails', '~> 3.2'
@@ -77,7 +78,7 @@ gem 'git'
 gem 'haml'
 gem 'RedCloth'
 gem 'wikicloth'
-gem 'gollum-lib'
+#gem 'gollum-lib'
 gem 'awesome_nested_set'
 gem 'annotate', ">=2.5.0"
 gem 'carrierwave', "~>0.9.0"
diff --git a/app/controllers/themen_controller.rb b/app/controllers/themen_controller.rb
index 9b44767..f56126f 100644
--- a/app/controllers/themen_controller.rb
+++ b/app/controllers/themen_controller.rb
@@ -1,8 +1,9 @@
+
 class ThemenController < ApplicationController
   # GET /themen
   # GET /themen.json
   load_and_authorize_resource
-
+  
   def show
     @thema = Thema.find(params[:id])
     @fragen=@thema.fragen
@@ -19,9 +20,25 @@ class ThemenController < ApplicationController
     end
   end
   def sanitize
+    require 'sanitize'
     @thema = Thema.find(params[:id])
-    @fragen=@thema.fragen
-    
+    @fragen = @thema.fragen
+    trans_icons= lambda do |env|
+      node=env[:node]
+      node_name=env[:node_name]
+      return if env[:is_whitelisted] || !node.element?
+      return unless node_name == 'span'
+     # return unless node["class"] =~ /.*ffi.*/
+      Sanitize.node!(node,{:elements=>["span"],:attributes=>{"span"=>["class","style"]},:css=>{:properties=>["color"]}})
+      {:node_whitelist=>[node]}
+    end
+    @thema.text = Sanitize.fragment(@thema.text, {:elements=>['table','tr','td','p','h3','h4','a','th','img','ul','li','i','b','em'],:attributes=>{'p'=>['class'],'table'=>['class'],'a'=>['href','data'],'img'=>['src','width','height'],:all=>['class']},:css=>{:properties=>['float']},:transformers=>[trans_icons]})
+    # # #
+    # #
+    # # 
+    #
+    # @thema.text = @thema.text.sanitize
+    render :show
   end
   def verwalten
     @thema = Thema.find(params[:id])
diff --git a/app/views/rubriken/index.html.erb b/app/views/rubriken/index.html.erb
index e07d4d7..1a58ce4 100755
--- a/app/views/rubriken/index.html.erb
+++ b/app/views/rubriken/index.html.erb
@@ -20,6 +20,7 @@
 	<li><%= render n if can?(:show, n) %> </li>
 	<% end %>
       </ul>
+
 <div id="infinite-scrolling">
 <%= paginate @neuigkeiten, theme:'twitter-bootstrap' %>
 </div>
diff --git a/app/views/themen/show.html.erb b/app/views/themen/show.html.erb
index 534a436..78a47ea 100644
--- a/app/views/themen/show.html.erb
+++ b/app/views/themen/show.html.erb
@@ -1,7 +1,8 @@
 <p id="notice"><%= notice %></p>
 <%= link_to "Zurück", @thema.themengruppe %>
 <br> 
+<div class="contentbox">
 <%= render :partial=>"themen/small", :object=>@thema %>
-
+</div>
 <%= render :partial=>'layouts/pretty_toolbar' %>