From: Tom Hughes <tom@compton.nu>
Date: Sat, 6 Mar 2010 15:38:13 +0000 (+0000)
Subject: Use a better HTML sanitizer that makes sure the HTML is well formed and
X-Git-Tag: live~6346^2~49
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/94f19ce3b32d70c499893f8ffb9592a9f0a54f7a

Use a better HTML sanitizer that makes sure the HTML is well formed and
can add rel="nofollow" to links.
---

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 7a4953f0f..2ed50216f 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,10 @@
 module ApplicationHelper
   require 'rexml/document'
 
+  def sanitize(text)
+    Sanitize.clean(text, Sanitize::Config::OSM)
+  end
+
   def htmlize(text)
     return linkify(sanitize(simple_format(text)))
   end
diff --git a/config/environment.rb b/config/environment.rb
index ba5241a21..539af83b2 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -53,6 +53,7 @@ Rails::Initializer.run do |config|
   config.gem 'oauth', :version => '>= 0.3.6'
   config.gem 'httpclient'
   config.gem 'SystemTimer', :version => '>= 1.1.3', :lib => 'system_timer'
+  config.gem 'sanitize'
 
   # Only load the plugins named here, in the order given. By default, all plugins
   # in vendor/plugins are loaded in alphabetical order.
diff --git a/config/initializers/sanitize.rb b/config/initializers/sanitize.rb
new file mode 100644
index 000000000..7360e2701
--- /dev/null
+++ b/config/initializers/sanitize.rb
@@ -0,0 +1,3 @@
+Sanitize::Config::OSM = Sanitize::Config::RELAXED.dup
+
+Sanitize::Config::OSM[:add_attributes] = { 'a' => { 'rel' => 'nofollow' } }