From 1d6051d08b5268a30122a6ca9ea04f6a03544737 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 15 Nov 2011 09:46:33 +0000 Subject: [PATCH] Make linkify preserve HTML safety --- app/helpers/application_helper.rb | 16 ++++++++++++++-- app/views/diary_entry/_diary_entry.html.erb | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 8073c2583..b77ac8721 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -6,11 +6,23 @@ module ApplicationHelper end def htmlize(text) - return linkify(sanitize(simple_format(text))) + logger.info "text safety is #{text.html_safe?}" + r = simple_format(text) + logger.info "formatted text safety is #{r.html_safe?}" + r = sanitize(r) + logger.info "sanitised text safety is #{r.html_safe?}" + r = linkify(r) + logger.info "linkified text safety is #{r.html_safe?}" + return r +# return linkify(sanitize(simple_format(text))) end def linkify(text) - return Rinku.auto_link(text, :urls, tag_options(:rel => "nofollow")) + if text.html_safe? + Rinku.auto_link(text, :urls, tag_options(:rel => "nofollow")).html_safe + else + Rinku.auto_link(text, :urls, tag_options(:rel => "nofollow")) + end end def html_escape_unicode(text) diff --git a/app/views/diary_entry/_diary_entry.html.erb b/app/views/diary_entry/_diary_entry.html.erb index 6ab7aaf48..dc09ed957 100644 --- a/app/views/diary_entry/_diary_entry.html.erb +++ b/app/views/diary_entry/_diary_entry.html.erb @@ -1,7 +1,7 @@ <%= link_to h(diary_entry.title), :action => 'view', :display_name => diary_entry.user.display_name, :id => diary_entry.id %>
- <%= raw(htmlize(diary_entry.body)) %> + <%= htmlize(diary_entry.body) %>
<% if diary_entry.latitude and diary_entry.longitude %> -- 2.43.2