sanitize document

2015-04-29 16:07:39 +02:00
parent 19959b083e
commit 8a32bff399
4 changed files with 23 additions and 2 deletions
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -24,7 +24,12 @@ class DocumentsController < ApplicationController
      format.html
    end
  end
-
+  def sanitize
+    @document = Document.find(params[:id])
+    @document.sanitize
+    @parent=@document.parent
+    render :write
+  end
  def show
    @document = Document.find(params[:id])
    respond_to do |format|
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -45,7 +45,19 @@ class Document < ActiveRecord::Base
    Rails.logger.puts(serr.read)
    file
  end
+  def sanitize
+    trans_icons= lambda do |env|
+      node=env[:node]
+      node_name=env[:node_name]
+      return if env[:is_whitelisted] || !node.element?
+      return unless node_name == 'span'
+      # return unless node["class"] =~ /.*ffi.*/
+      Sanitize.node!(node,{:elements=>["span"],:attributes=>{"span"=>["class","style"]},:css=>{:properties=>["color"]}})
+      {:node_whitelist=>[node]}
+    end
+    self.text = Sanitize.fragment(self.text, {:elements=>['table','tr','td','p','h1','h2','h3','h4','h5','a','th','img','ul','li','i','b','em','pre','code'],:attributes=>{'p'=>['class'],'table'=>['class'],'a'=>['href','data'],'img'=>['src','width','height'],:all=>['class']},:css=>{:properties=>['float']},:transformers=>[trans_icons]})

+  end

  def ether
    if @ep.nil?
--- a/app/views/documents/show.html.erb
+++ b/app/views/documents/show.html.erb
@@ -2,6 +2,8 @@
 <%= link_to "Back to parent" , @document.parent, class: "btn" %>
 <div class="btn-group">
 <%= link_to "PDF", document_path(@document, :format=>"pdf"),class: "btn" %>
+<%= link_to "sanitize", document_path(@document),class: "btn" if can? :sanitize, @document %>
+
 <%= link_to ff_icon("icon-pencil") + "Edit", write_document_path(@document), class: "btn" %>
 <%= link_to ff_icon("icon-refresh")+"Refresh from Etherpad", read_from_etherpad_document_path(@document), class: "btn" if @document.is_etherpad? %>
 <%= link_to "Copy Document to Etherpad", dump_to_etherpad_document_path(@document)  , confirm: "Sicher? Löscht alle Änderungen im Etherpad" , class: "btn" %>
@@ -9,11 +11,12 @@

 </div>
 </div>
+<div style="background:white; border: thin #ccc solid; padding: 15px;-webkit-box-shadow: 10px 10px 10px 0px rgba(0,0,0,0.5); -moz-box-shadow: 10px 10px 10px 0px rgba(0,0,0,0.5); box-shadow: 10px 10px 10px 0px rgba(0,0,0,0.5);">
 <h2><%= @document.name %></h2>
 <div id="">
 <%= raw(@document.text) %>
 </div>
-
+</div>
 <% if can?(:edit, @document) %>
 <ul class='breadcrumb hidden-print'>
 <% @document.versions.each do |v| %>
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -188,6 +188,7 @@
      resources :calentries
      resources :documents do
        member do
+          get :sanitize
          get :write
          get :write_etherpad
          get :read_from_etherpad