Sha256: ebe80af77421fe107390f41ea8b20a1ac3221bc0500e402ec374290f2d8c9b5f
Contents?: true
Size: 1.29 KB
Versions: 9
Compression:
Stored size: 1.29 KB
Contents
require "govspeak"
require "plek"
class SafeHtml < ActiveModel::Validator
ALLOWED_IMAGE_HOSTS = [
# URLs for the local environment
URI.parse(Plek.new.website_root).host, # eg www.preview.alphagov.co.uk
URI.parse(Plek.new.asset_root).host, # eg assets-origin.preview.alphagov.co.uk
# Hardcode production URLs so that content copied from production is valid
'www.gov.uk',
'assets.digital.cabinet-office.gov.uk'
]
def validate(record)
record.changes.each do |field_name, (old_value, new_value)|
check_struct(record, field_name, new_value)
end
end
def check_struct(record, field_name, value)
if value.respond_to?(:values) # e.g. Hash
value.values.each { |entry| check_struct(record, field_name, entry) }
elsif value.respond_to?(:each) # e.g. Array
value.each { |entry| check_struct(record, field_name, entry) }
elsif value.is_a?(String)
check_string(record, field_name, value)
end
end
def check_string(record, field_name, string)
unless Govspeak::Document.new(string).valid?(allowed_image_hosts: ALLOWED_IMAGE_HOSTS)
error = "cannot include invalid Govspeak, invalid HTML, any JavaScript or images hosted on sites except for #{ALLOWED_IMAGE_HOSTS.join(', ')}"
record.errors.add(field_name, error)
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems