Class: Storytime::Snippet
- Inherits:
-
ActiveRecord::Base
- Object
- ActiveRecord::Base
- Storytime::Snippet
- Includes:
- ScopedToSite
- Defined in:
- app/models/storytime/snippet.rb
Instance Method Summary collapse
-
#sanitize_content ⇒ Object
Snippet content is rendered with
rawin the front-end (see app/views/storytime/snippets/_snippet.html.erb), so it must be scrubbed on write with the same allow-list used for Post/Page content.
Instance Method Details
#sanitize_content ⇒ Object
Snippet content is rendered with raw in the front-end (see
app/views/storytime/snippets/_snippet.html.erb), so it must be scrubbed
on write with the same allow-list used for Post/Page content. Otherwise
an editor could store arbitrary HTML/JS (stored XSS).
15 16 17 18 |
# File 'app/models/storytime/snippet.rb', line 15 def sanitize_content return if Storytime.post_sanitizer.blank? || content.blank? self.content = Storytime.post_sanitizer.call(content) end |