Commit 09f41a8349ca42cc70a4433bbe7e0dfaabd25df8
1 parent
741b63db
Exists in
master
and in
29 other branches
ActionItem192: fixing xss_terminate plugin and some functionals tests
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1724 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
22 changed files
with
115 additions
and
83 deletions
Show diff stats
app/models/community.rb
| @@ -3,7 +3,7 @@ class Community < Organization | @@ -3,7 +3,7 @@ class Community < Organization | ||
| 3 | 3 | ||
| 4 | settings_items :description | 4 | settings_items :description |
| 5 | 5 | ||
| 6 | - xss_terminate :only => [ :description ] | 6 | + xss_terminate :only => [ :name, :address, :contact_phone, :description ] |
| 7 | 7 | ||
| 8 | def name=(value) | 8 | def name=(value) |
| 9 | super(value) | 9 | super(value) |
app/models/create_enterprise.rb
| @@ -40,7 +40,7 @@ class CreateEnterprise < Task | @@ -40,7 +40,7 @@ class CreateEnterprise < Task | ||
| 40 | # check for explanation when rejecting | 40 | # check for explanation when rejecting |
| 41 | validates_presence_of :reject_explanation, :if => (lambda { |record| record.status == Task::Status::CANCELLED } ) | 41 | validates_presence_of :reject_explanation, :if => (lambda { |record| record.status == Task::Status::CANCELLED } ) |
| 42 | 42 | ||
| 43 | - xss_terminate :only => [ :acronym, :address, :contact_person, :contact_phone, :economic_activity, :foundation_year, :legal_form, :management_information, :name ], :on => 'validation' | 43 | + xss_terminate :only => [ :acronym, :address, :contact_person, :contact_phone, :economic_activity, :legal_form, :management_information, :name ], :on => 'validation' |
| 44 | 44 | ||
| 45 | def validate | 45 | def validate |
| 46 | if self.region && self.target | 46 | if self.region && self.target |
app/models/organization_info.rb
| @@ -5,9 +5,7 @@ class OrganizationInfo < ActiveRecord::Base | @@ -5,9 +5,7 @@ class OrganizationInfo < ActiveRecord::Base | ||
| 5 | 5 | ||
| 6 | validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |info| ! info.contact_email.nil? }) | 6 | validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |info| ! info.contact_email.nil? }) |
| 7 | 7 | ||
| 8 | - xss_terminate :only => [ :acronym, :contact_person, :contact_email, :foundation_year, :legal_form, :economic_activity, :management_information ] | ||
| 9 | - | ||
| 10 | - #xss_terminate :only => [ :acronym, :contact_person, :contact_phone, :economic_activity, :foundation_year, :legal_form, :management_information, :address, :name ] | 8 | + xss_terminate :only => [ :acronym, :contact_person, :contact_email, :legal_form, :economic_activity, :management_information ] |
| 11 | 9 | ||
| 12 | def summary | 10 | def summary |
| 13 | # FIXME diplays too few fields | 11 | # FIXME diplays too few fields |
app/models/text_article.rb
app/models/tiny_mce_article.rb
| @@ -7,4 +7,8 @@ class TinyMceArticle < TextArticle | @@ -7,4 +7,8 @@ class TinyMceArticle < TextArticle | ||
| 7 | def self.description | 7 | def self.description |
| 8 | _('Not accessible for visually impaired users.') | 8 | _('Not accessible for visually impaired users.') |
| 9 | end | 9 | end |
| 10 | + | ||
| 11 | + xss_terminate :except => [ :abstract, :body ] | ||
| 12 | + xss_terminate :only => [ :abstract, :body ], :with => 'white_list' | ||
| 13 | + | ||
| 10 | end | 14 | end |
test/functional/admin_controller_test.rb
| @@ -11,16 +11,9 @@ class AdminControllerTest < Test::Unit::TestCase | @@ -11,16 +11,9 @@ class AdminControllerTest < Test::Unit::TestCase | ||
| 11 | @response = ActionController::TestResponse.new | 11 | @response = ActionController::TestResponse.new |
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | - def test_local_files_reference | ||
| 15 | - assert_local_files_reference | ||
| 16 | - end | ||
| 17 | - | ||
| 18 | - def test_valid_xhtml | ||
| 19 | - assert_valid_xhtml | ||
| 20 | - end | ||
| 21 | - | ||
| 22 | # Replace this with your real tests. | 14 | # Replace this with your real tests. |
| 23 | def test_truth | 15 | def test_truth |
| 24 | assert true | 16 | assert true |
| 25 | end | 17 | end |
| 18 | + | ||
| 26 | end | 19 | end |
test/functional/catalog_controller_test.rb
| @@ -12,7 +12,8 @@ class CatalogControllerTest < Test::Unit::TestCase | @@ -12,7 +12,8 @@ class CatalogControllerTest < Test::Unit::TestCase | ||
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | def test_local_files_reference | 14 | def test_local_files_reference |
| 15 | - assert_local_files_reference | 15 | + user = create_user('user_test').person |
| 16 | + assert_local_files_reference :get, :index, :profile => user.identifier | ||
| 16 | end | 17 | end |
| 17 | 18 | ||
| 18 | def test_valid_xhtml | 19 | def test_valid_xhtml |
test/functional/cms_controller_test.rb
| @@ -20,7 +20,7 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -20,7 +20,7 @@ class CmsControllerTest < Test::Unit::TestCase | ||
| 20 | attr_reader :profile | 20 | attr_reader :profile |
| 21 | 21 | ||
| 22 | def test_local_files_reference | 22 | def test_local_files_reference |
| 23 | - assert_local_files_reference | 23 | + assert_local_files_reference :get, :index, :profile => profile.identifier |
| 24 | end | 24 | end |
| 25 | 25 | ||
| 26 | def test_valid_xhtml | 26 | def test_valid_xhtml |
| @@ -267,5 +267,40 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -267,5 +267,40 @@ class CmsControllerTest < Test::Unit::TestCase | ||
| 267 | assert_not_includes saved.categories, c2 | 267 | assert_not_includes saved.categories, c2 |
| 268 | assert_includes saved.categories, c3 | 268 | assert_includes saved.categories, c3 |
| 269 | end | 269 | end |
| 270 | + | ||
| 271 | + should 'filter html from textile article name' do | ||
| 272 | + post :new, :type => 'TextileArticle', :profile => profile.identifier, :article => { :name => 'a <strong>test</strong> article', :body => 'the text of the article ...' } | ||
| 273 | + assert_sanitized assigns(:article).name | ||
| 274 | + end | ||
| 275 | + | ||
| 276 | + should 'filter html from textile article abstract' do | ||
| 277 | + post :new, :type => 'TextileArticle', :profile => profile.identifier, :article => { :name => 'article', :abstract => '<strong>abstract</strong>', :body => 'the text of the article ...' } | ||
| 278 | + assert_sanitized assigns(:article).abstract | ||
| 279 | + end | ||
| 280 | + | ||
| 281 | + should 'filter html from textile article body' do | ||
| 282 | + post :new, :type => 'TextileArticle', :profile => profile.identifier, :article => { :name => 'article', :abstract => 'abstract', :body => 'the <b>text</b> of <a href=#>the</a> article ...' } | ||
| 283 | + assert_sanitized assigns(:article).body | ||
| 284 | + end | ||
| 285 | + | ||
| 286 | + should 'filter html with white_list from tiny mce article name' do | ||
| 287 | + post :new, :type => 'TinyMceArticle', :profile => profile.identifier, :article => { :name => "<strong>test</strong>", :body => 'the text of the article ...' } | ||
| 288 | + assert_equal "<strong>test</strong>", assigns(:article).name | ||
| 289 | + end | ||
| 290 | + | ||
| 291 | + should 'filter html with white_list from tiny mce article abstract' do | ||
| 292 | + post :new, :type => 'TinyMceArticle', :profile => profile.identifier, :article => { :name => 'article', :abstract => "<script>alert('test')</script> article", :body => 'the text of the article ...' } | ||
| 293 | + assert_equal " article", assigns(:article).abstract | ||
| 294 | + end | ||
| 295 | + | ||
| 296 | + should 'filter html with white_list from tiny mce article body' do | ||
| 297 | + post :new, :type => 'TinyMceArticle', :profile => profile.identifier, :article => { :name => 'article', :abstract => 'abstract', :body => "the <script>alert('text')</script> of article ..." } | ||
| 298 | + assert_equal "the of article ...", assigns(:article).body | ||
| 299 | + end | ||
| 300 | + | ||
| 301 | + should 'not filter html tags permitted from tiny mce article body' do | ||
| 302 | + post :new, :type => 'TinyMceArticle', :profile => profile.identifier, :article => { :name => 'article', :abstract => 'abstract', :body => "<b>the</b> <script>alert('text')</script> <strong>of</strong> article ..." } | ||
| 303 | + assert_equal "<b>the</b> <strong>of</strong> article ...", assigns(:article).body | ||
| 304 | + end | ||
| 270 | 305 | ||
| 271 | end | 306 | end |
test/functional/consumed_products_controller_test.rb
| @@ -18,7 +18,7 @@ class ConsumedProductsControllerTest < Test::Unit::TestCase | @@ -18,7 +18,7 @@ class ConsumedProductsControllerTest < Test::Unit::TestCase | ||
| 18 | attr_reader :profile | 18 | attr_reader :profile |
| 19 | 19 | ||
| 20 | def test_local_files_reference | 20 | def test_local_files_reference |
| 21 | - assert_local_files_reference | 21 | + assert_local_files_reference :get, :index, :profile => profile.identifier |
| 22 | end | 22 | end |
| 23 | 23 | ||
| 24 | def test_valid_xhtml | 24 | def test_valid_xhtml |
test/functional/content_viewer_controller_test.rb
| @@ -18,7 +18,9 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -18,7 +18,9 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
| 18 | attr_reader :profile | 18 | attr_reader :profile |
| 19 | 19 | ||
| 20 | def test_local_files_reference | 20 | def test_local_files_reference |
| 21 | - assert_local_files_reference | 21 | + page = profile.articles.build(:name => 'test') |
| 22 | + page.save! | ||
| 23 | + assert_local_files_reference :get, :view_page, :profile => profile.identifier, :page => [ 'test' ] | ||
| 22 | end | 24 | end |
| 23 | 25 | ||
| 24 | def test_valid_xhtml | 26 | def test_valid_xhtml |
test/functional/enterprise_editor_controller_test.rb
| @@ -12,7 +12,8 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | @@ -12,7 +12,8 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | ||
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | def test_local_files_reference | 14 | def test_local_files_reference |
| 15 | - assert_local_files_reference | 15 | + user = create_user('test_user').person |
| 16 | + assert_local_files_reference :get, :index, :profile => user.identifier | ||
| 16 | end | 17 | end |
| 17 | 18 | ||
| 18 | def test_valid_xhtml | 19 | def test_valid_xhtml |
test/functional/enterprise_registration_controller_test.rb
| @@ -119,11 +119,6 @@ all_fixtures | @@ -119,11 +119,6 @@ all_fixtures | ||
| 119 | assert_sanitized assigns(:create_enterprise).acronym | 119 | assert_sanitized assigns(:create_enterprise).acronym |
| 120 | end | 120 | end |
| 121 | 121 | ||
| 122 | - should 'filter html from foundation_year' do | ||
| 123 | - post :index, :create_enterprise => { 'name' => 'name', 'identifier' => 'mynew', :foundation_year => '<b>foundation_year</b>' } | ||
| 124 | - assert_sanitized assigns(:create_enterprise).foundation_year | ||
| 125 | - end | ||
| 126 | - | ||
| 127 | should 'filter html from legal_form' do | 122 | should 'filter html from legal_form' do |
| 128 | post :index, :create_enterprise => { 'name' => 'name', 'identifier' => 'mynew', :legal_form => '<b>legal_form</b>' } | 123 | post :index, :create_enterprise => { 'name' => 'name', 'identifier' => 'mynew', :legal_form => '<b>legal_form</b>' } |
| 129 | assert_sanitized assigns(:create_enterprise).legal_form | 124 | assert_sanitized assigns(:create_enterprise).legal_form |
test/functional/enterprise_validation_test.rb
| @@ -20,7 +20,7 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase | @@ -20,7 +20,7 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase | ||
| 20 | end | 20 | end |
| 21 | 21 | ||
| 22 | def test_local_files_reference | 22 | def test_local_files_reference |
| 23 | - assert_local_files_reference | 23 | + assert_local_files_reference :get, :index, :profile => 'ze' |
| 24 | end | 24 | end |
| 25 | 25 | ||
| 26 | def test_valid_xhtml | 26 | def test_valid_xhtml |
test/functional/manage_products_controller_test.rb
| @@ -16,7 +16,7 @@ class ManageProductsControllerTest < Test::Unit::TestCase | @@ -16,7 +16,7 @@ class ManageProductsControllerTest < Test::Unit::TestCase | ||
| 16 | end | 16 | end |
| 17 | 17 | ||
| 18 | def test_local_files_reference | 18 | def test_local_files_reference |
| 19 | - assert_local_files_reference | 19 | + assert_local_files_reference :get, :index, :profile => 'test_user' |
| 20 | end | 20 | end |
| 21 | 21 | ||
| 22 | def test_valid_xhtml | 22 | def test_valid_xhtml |
test/functional/memberships_controller_test.rb
| @@ -17,7 +17,7 @@ class MembershipsControllerTest < Test::Unit::TestCase | @@ -17,7 +17,7 @@ class MembershipsControllerTest < Test::Unit::TestCase | ||
| 17 | attr_reader :profile | 17 | attr_reader :profile |
| 18 | 18 | ||
| 19 | def test_local_files_reference | 19 | def test_local_files_reference |
| 20 | - assert_local_files_reference | 20 | + assert_local_files_reference :get, :index, :profile => profile.identifier |
| 21 | end | 21 | end |
| 22 | 22 | ||
| 23 | def test_valid_xhtml | 23 | def test_valid_xhtml |
test/functional/my_profile_controller_test.rb
| @@ -21,7 +21,10 @@ class MyProfileControllerTest < Test::Unit::TestCase | @@ -21,7 +21,10 @@ class MyProfileControllerTest < Test::Unit::TestCase | ||
| 21 | end | 21 | end |
| 22 | 22 | ||
| 23 | def test_local_files_reference | 23 | def test_local_files_reference |
| 24 | - assert_local_files_reference | 24 | + @controller = OnlyForPersonTestController.new |
| 25 | + user = create_user('test_user').person | ||
| 26 | + assert_local_files_reference :get, :index, :profile => user.identifier | ||
| 27 | + #get :index, :profile => user.identifier | ||
| 25 | end | 28 | end |
| 26 | 29 | ||
| 27 | def test_valid_xhtml | 30 | def test_valid_xhtml |
test/functional/profile_design_controller_test.rb
| @@ -63,7 +63,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase | @@ -63,7 +63,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase | ||
| 63 | end | 63 | end |
| 64 | 64 | ||
| 65 | def test_local_files_reference | 65 | def test_local_files_reference |
| 66 | - assert_local_files_reference | 66 | + assert_local_files_reference :get, :index, :profile => 'ze' |
| 67 | end | 67 | end |
| 68 | 68 | ||
| 69 | def test_valid_xhtml | 69 | def test_valid_xhtml |
test/functional/profile_editor_controller_test.rb
| @@ -15,7 +15,7 @@ class ProfileEditorControllerTest < Test::Unit::TestCase | @@ -15,7 +15,7 @@ class ProfileEditorControllerTest < Test::Unit::TestCase | ||
| 15 | end | 15 | end |
| 16 | 16 | ||
| 17 | def test_local_files_reference | 17 | def test_local_files_reference |
| 18 | - assert_local_files_reference | 18 | + assert_local_files_reference :get, :index, :profile => 'ze' |
| 19 | end | 19 | end |
| 20 | 20 | ||
| 21 | def test_valid_xhtml | 21 | def test_valid_xhtml |
test/functional/profile_members_controller_test.rb
| @@ -12,7 +12,8 @@ class ProfileMembersControllerTest < Test::Unit::TestCase | @@ -12,7 +12,8 @@ class ProfileMembersControllerTest < Test::Unit::TestCase | ||
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | def test_local_files_reference | 14 | def test_local_files_reference |
| 15 | - assert_local_files_reference | 15 | + user = create_user('test_user').person |
| 16 | + assert_local_files_reference :get, :index, :profile => user.identifier | ||
| 16 | end | 17 | end |
| 17 | 18 | ||
| 18 | def test_valid_xhtml | 19 | def test_valid_xhtml |
test/functional/public_controller_test.rb
| @@ -12,14 +12,6 @@ class PublicControllerTest < Test::Unit::TestCase | @@ -12,14 +12,6 @@ class PublicControllerTest < Test::Unit::TestCase | ||
| 12 | @response = ActionController::TestResponse.new | 12 | @response = ActionController::TestResponse.new |
| 13 | end | 13 | end |
| 14 | 14 | ||
| 15 | - def test_local_files_reference | ||
| 16 | - assert_local_files_reference | ||
| 17 | - end | ||
| 18 | - | ||
| 19 | - def test_valid_xhtml | ||
| 20 | - assert_valid_xhtml | ||
| 21 | - end | ||
| 22 | - | ||
| 23 | # Replace this with your real tests. | 15 | # Replace this with your real tests. |
| 24 | def test_truth | 16 | def test_truth |
| 25 | assert true | 17 | assert true |
test/functional/system_controller_test.rb
| @@ -11,14 +11,6 @@ class SystemControllerTest < Test::Unit::TestCase | @@ -11,14 +11,6 @@ class SystemControllerTest < Test::Unit::TestCase | ||
| 11 | @response = ActionController::TestResponse.new | 11 | @response = ActionController::TestResponse.new |
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | - def test_local_files_reference | ||
| 15 | - assert_local_files_reference | ||
| 16 | - end | ||
| 17 | - | ||
| 18 | - def test_valid_xhtml | ||
| 19 | - assert_valid_xhtml | ||
| 20 | - end | ||
| 21 | - | ||
| 22 | # Replace this with your real tests. | 14 | # Replace this with your real tests. |
| 23 | def test_truth | 15 | def test_truth |
| 24 | assert true | 16 | assert true |
vendor/plugins/xss_terminate/lib/xss_terminate.rb
| @@ -15,65 +15,78 @@ module XssTerminate | @@ -15,65 +15,78 @@ module XssTerminate | ||
| 15 | module ClassMethods | 15 | module ClassMethods |
| 16 | 16 | ||
| 17 | def xss_terminate(options = {}) | 17 | def xss_terminate(options = {}) |
| 18 | + options[:with] ||= 'full' | ||
| 19 | + filter_with = 'sanitize_fields_with_' + options[:with] | ||
| 18 | # :on is util when before_filter dont work for model | 20 | # :on is util when before_filter dont work for model |
| 19 | case options[:on] | 21 | case options[:on] |
| 20 | when 'create' | 22 | when 'create' |
| 21 | - before_create :sanitize_fields | 23 | + before_create filter_with |
| 22 | when 'validation' | 24 | when 'validation' |
| 23 | - before_validation :sanitize_fields | 25 | + before_validation filter_with |
| 24 | else | 26 | else |
| 25 | - before_save :sanitize_fields | 27 | + before_save filter_with |
| 26 | end | 28 | end |
| 27 | - | ||
| 28 | - sanitizer = case options[:with] | ||
| 29 | - when 'html5lib' | ||
| 30 | - HTML5libSanitize.new | ||
| 31 | - when 'white_list' | ||
| 32 | - RailsSanitize.white_list_sanitizer | ||
| 33 | - else | ||
| 34 | - RailsSanitize.full_sanitizer | ||
| 35 | - end | ||
| 36 | - | ||
| 37 | - write_inheritable_attribute(:xss_terminate_options, { | 29 | + write_inheritable_attribute("xss_terminate_#{options[:with]}_options".to_sym, { |
| 38 | :except => (options[:except] || []), | 30 | :except => (options[:except] || []), |
| 39 | - :only => (options[:only] || options[:sanitize] || []), | ||
| 40 | - :sanitizer => sanitizer, | ||
| 41 | - | ||
| 42 | - :html5lib_sanitize => (options[:html5lib_sanitize] || []) | 31 | + :only => (options[:only] || options[:sanitize] || []) |
| 43 | }) | 32 | }) |
| 44 | - | ||
| 45 | - class_inheritable_reader :xss_terminate_options | ||
| 46 | - | 33 | + class_inheritable_reader "xss_terminate_#{options[:with]}_options".to_sym |
| 47 | include XssTerminate::InstanceMethods | 34 | include XssTerminate::InstanceMethods |
| 48 | end | 35 | end |
| 36 | + | ||
| 49 | end | 37 | end |
| 50 | 38 | ||
| 51 | module InstanceMethods | 39 | module InstanceMethods |
| 52 | 40 | ||
| 53 | - def sanitize_fields | 41 | + def sanitize_field(sanitizer, field, serialized = false) |
| 42 | + field = field.to_sym | ||
| 43 | + if serialized | ||
| 44 | + puts field | ||
| 45 | + self[field].each_key { |key| | ||
| 46 | + key = key.to_sym | ||
| 47 | + self[field][key] = sanitizer.sanitize(self[field][key]) | ||
| 48 | + } | ||
| 49 | + else | ||
| 50 | + if self[field] | ||
| 51 | + self[field] = sanitizer.sanitize(self[field]) | ||
| 52 | + else | ||
| 53 | + self.send("#{field}=", sanitizer.sanitize(self.send("#{field}"))) | ||
| 54 | + end | ||
| 55 | + end | ||
| 56 | + end | ||
| 54 | 57 | ||
| 55 | - columns = self.class.columns.select{ |i| i.type == :string || i.type == :text }.map{ |i| i.name } | 58 | + def sanitize_columns(with = :full) |
| 56 | columns_serialized = self.class.serialized_attributes.keys | 59 | columns_serialized = self.class.serialized_attributes.keys |
| 60 | + only = eval "xss_terminate_#{with}_options[:only]" | ||
| 61 | + except = eval "xss_terminate_#{with}_options[:except]" | ||
| 62 | + unless except.empty? | ||
| 63 | + only.delete_if{ |i| except.include?( i.to_sym ) } | ||
| 64 | + end | ||
| 65 | + return only, columns_serialized | ||
| 66 | + end | ||
| 57 | 67 | ||
| 58 | - if !xss_terminate_options[:only].empty? | ||
| 59 | - columns = columns.select{ |i| xss_terminate_options[:only].include?( i.to_sym ) } | ||
| 60 | - elsif !xss_terminate_options[:except].empty? | ||
| 61 | - columns.delete_if{ |i| xss_terminate_options[:except].include?( i.to_sym ) } | 68 | + def sanitize_fields_with_full |
| 69 | + sanitizer = RailsSanitize.full_sanitizer | ||
| 70 | + columns, columns_serialized = sanitize_columns(:full) | ||
| 71 | + columns.each do |column| | ||
| 72 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) | ||
| 62 | end | 73 | end |
| 74 | + end | ||
| 63 | 75 | ||
| 76 | + def sanitize_fields_with_white_list | ||
| 77 | + sanitizer = RailsSanitize.white_list_sanitizer | ||
| 78 | + columns, columns_serialized = sanitize_columns(:white_list) | ||
| 64 | columns.each do |column| | 79 | columns.each do |column| |
| 65 | - field = column.to_sym | ||
| 66 | - if columns_serialized.include?(column) | ||
| 67 | - next unless self[field] | ||
| 68 | - self[field].each_key { |key| | ||
| 69 | - key = key.to_sym | ||
| 70 | - self[field][key] = xss_terminate_options[:sanitizer].sanitize(self[field][key]) | ||
| 71 | - } | ||
| 72 | - else | ||
| 73 | - self[field] = xss_terminate_options[:sanitizer].sanitize(self[field]) | ||
| 74 | - end | 80 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) |
| 75 | end | 81 | end |
| 82 | + end | ||
| 76 | 83 | ||
| 84 | + def sanitize_fields_with_html5lib | ||
| 85 | + sanitizer = HTML5libSanitize.new | ||
| 86 | + columns = sanitize_columns(:html5lib) | ||
| 87 | + columns.each do |column| | ||
| 88 | + sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) | ||
| 89 | + end | ||
| 77 | end | 90 | end |
| 78 | 91 | ||
| 79 | end | 92 | end |