Contents

# = DecodeHtmlEntitiesHack
#
# Loofah encodes HTML entities in every string that gets passed through it.
# This includes things like the friendly ampersand which we don't want to be HTML
# encoded in our database, so we need to decode the things that it changes.
#
# This should be included in models that use xss_foliate somewhere _after_ the xss_folidate call.
#
# This is, as the name of the module suggests, a giant hack. At some point, it should
# be removed after the issue is resolved in the underlying library:
# https://github.com/flavorjones/loofah/issues/20#issuecomment-1751538
#
# Warning: this effectively renders loofah's "escape" scrubbing mode useless by
# undoing everything it does. Don't use that mode.
#
module Calagator

module DecodeHtmlEntitiesHack
  def self.included(base)
    base.set_callback(:validate, :before, :decode_html_entities)
  end

  def decode_html_entities
    self.attributes.each do |field, value|
      decoded_content = HTMLEntities.new.decode(value)
      if decoded_content.present? && !(decoded_content == value)
        self.send("#{field}=", decoded_content)
      end
    end
  end
end

end

Version data entries

13 entries across 13 versions & 2 rubygems

Version	Path
calagator-1.0.0	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.9	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.8	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.7	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.6	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.5	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.3	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.2	lib/calagator/decode_html_entities_hack.rb
grokus-1.0.0.1	lib/calagator/decode_html_entities_hack.rb
calagator-1.0.0.rc3	lib/calagator/decode_html_entities_hack.rb
calagator-1.0.0.rc2	lib/calagator/decode_html_entities_hack.rb
calagator-1.0.0.rc1	lib/calagator/decode_html_entities_hack.rb
calagator-0.0.1.pre1	lib/calagator/decode_html_entities_hack.rb