RubygemsResearch

Sha256: 482a2ba26e63f53ab6674937a7041131c4c099464a32b03b3f934d0230f6091f

Contents?: true

Size: 1.36 KB

Versions: 76

Compression:

Stored size: 1.36 KB

require "govspeak"
require "plek"

class SafeHtml < ActiveModel::Validator
  ALLOWED_IMAGE_HOSTS = [
    # URLs for the local environment
    URI.parse(Plek.new.website_root).host, # eg www.preview.alphagov.co.uk
    URI.parse(Plek.new.asset_root).host,   # eg assets-origin.preview.alphagov.co.uk

    # Hardcode production URLs so that content copied from production is valid
    'www.gov.uk',
    'assets.digital.cabinet-office.gov.uk'
  ]

  def validate(record)
    record.changes.each do |field_name, (old_value, new_value)|
      next unless record.class::GOVSPEAK_FIELDS.include?(field_name.to_sym)
      check_struct(record, field_name, new_value)
    end
  end

  def check_struct(record, field_name, value)
    if value.respond_to?(:values) # e.g. Hash
      value.values.each { |entry| check_struct(record, field_name, entry) }
    elsif value.respond_to?(:each) # e.g. Array
      value.each { |entry| check_struct(record, field_name, entry) }
    elsif value.is_a?(String)
      check_string(record, field_name, value)
    end
  end

  def check_string(record, field_name, string)
    unless Govspeak::Document.new(string).valid?(allowed_image_hosts: ALLOWED_IMAGE_HOSTS)
      error = "cannot include invalid Govspeak, invalid HTML, any JavaScript or images hosted on sites except for #{ALLOWED_IMAGE_HOSTS.join(', ')}"
      record.errors.add(field_name, error)
    end
  end
end

Version data entries

76 entries across 76 versions & 1 rubygems

Version	Path
govuk_content_models-47.0.0	app/validators/safe_html.rb
govuk_content_models-46.0.1	app/validators/safe_html.rb
govuk_content_models-46.0.0	app/validators/safe_html.rb
govuk_content_models-45.0.0	app/validators/safe_html.rb
govuk_content_models-44.4.0	app/validators/safe_html.rb
govuk_content_models-44.3.0	app/validators/safe_html.rb
govuk_content_models-44.2.1	app/validators/safe_html.rb
govuk_content_models-44.2.0	app/validators/safe_html.rb
govuk_content_models-44.1.0	app/validators/safe_html.rb
govuk_content_models-44.0.1	app/validators/safe_html.rb
govuk_content_models-44.0.0	app/validators/safe_html.rb
govuk_content_models-43.2.0	app/validators/safe_html.rb
govuk_content_models-43.1.0	app/validators/safe_html.rb
govuk_content_models-43.0.1	app/validators/safe_html.rb
govuk_content_models-43.0.0	app/validators/safe_html.rb
govuk_content_models-42.1.0	app/validators/safe_html.rb
govuk_content_models-42.0.1	app/validators/safe_html.rb
govuk_content_models-42.0.0	app/validators/safe_html.rb
govuk_content_models-41.1.1	app/validators/safe_html.rb
govuk_content_models-41.1.0	app/validators/safe_html.rb