Rails - Sanitize Redactor Rails

StackOverflow https://stackoverflow.com/questions/16409244

  •  14-04-2022
  •  | 
  •  

Frage

For my application, I have create projects and blogupdates. Blogupdates can be created for each project. I have used redactor rails as the rich text editor. It posts fine.

But oer response to my question HERE, it is mentioned that I should sanitize this. So I followed the recommendation, and after following the sanitization process, I get the following error below.

Question: Does somebody know what I need to do to fix this so that sanitize works?

NameError in BlogupdatesController#create
undefined local variable or method `orig_text' for #<BlogupdatesController:0x007f9186570700>
app/controllers/blogupdates_controller.rb:68:in `sanitize_redactor'
app/controllers/blogupdates_controller.rb:14:in `create'

blogupdates_controller.rb

class BlogupdatesController < ApplicationController
  # used for sanitization user's input
  REDACTOR_TAGS = %w(code span div label a br p b i del strike u img video audio
              iframe object embed param blockquote mark cite small ul ol li
              hr dl dt dd sup sub big pre code figure figcaption strong em
              table tr td th tbody thead tfoot h1 h2 h3 h4 h5 h6)
  REDACTOR_ATTRIBUTES = %w(href)

  before_filter :authenticate_user! 

  def create
    @project = Project.find(params[:project_id])

    params[:blogupdate][:content] = sanitize_redactor(params[:blogupdate][:content])

    @blogupdate = @project.blogupdates.create!(params[:blogupdate])

    if @blogupdate.save
      redirect_to blogs_project_path(@project), notice: "Blog entry created."
    end   
  end

  private

  def sanitize_redactor(orig_input)
    stripped = view_context.strip_tags(orig_text)
    if stripped.present? # this prevents from creating empty comments
      view_context.sanitize(orig_text, tags: REDACTOR_TAGS, attributes: REDACTOR_ATTRIBUTES)
    else
      nil
    end
  end

end
War es hilfreich?

Lösung

Answer is to fix the item below as follows:

def sanitize_redactor(orig_input)
  stripped = view_context.strip_tags(orig_input)
  if stripped.present? # this prevents from creating empty comments
    view_context.sanitize(orig_input, tags: REDACTOR_TAGS, attributes: REDACTOR_ATTRIBUTES)
  else
    nil
  end
end
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top