Class: SafeHtml

Inherits:

ActiveModel::Validator

• Object
• ActiveModel::Validator
• SafeHtml

Defined in:

app/validators/safe_html.rb

Constant Summary

ALLOWED_IMAGE_HOSTS =

[
  # URLs for the local environment
  URI.parse(Plek.new.website_root).host, # eg www.preview.alphagov.co.uk
  URI.parse(Plek.new.asset_root).host,   # eg assets-origin.preview.alphagov.co.uk

  # Hardcode production URLs so that content copied from production is valid
  'www.gov.uk',
  'assets.digital.cabinet-office.gov.uk'
]

Instance Method Summary

• #check_string(record, field_name, string) ⇒ Object
• #check_struct(record, field_name, value) ⇒ Object
• #validate(record) ⇒ Object

Instance Method Details

#check_string(record, field_name, string) ⇒ Object

# File 'app/validators/safe_html.rb', line 32

def check_string(record, field_name, string)
  unless Govspeak::Document.new(string).valid?(allowed_image_hosts: ALLOWED_IMAGE_HOSTS)
    error = "cannot include invalid Govspeak, invalid HTML, any JavaScript or images hosted on sites except for #{ALLOWED_IMAGE_HOSTS.join(', ')}"
    record.errors.add(field_name, error)
  end
end

#check_struct(record, field_name, value) ⇒ Object

# File 'app/validators/safe_html.rb', line 22

def check_struct(record, field_name, value)
  if value.respond_to?(:values) # e.g. Hash
    value.values.each { |entry| check_struct(record, field_name, entry) }
  elsif value.respond_to?(:each) # e.g. Array
    value.each { |entry| check_struct(record, field_name, entry) }
  elsif value.is_a?(String)
    check_string(record, field_name, value)
  end
end

#validate(record) ⇒ Object

# File 'app/validators/safe_html.rb', line 15

def validate(record)
  record.changes.each do |field_name, (old_value, new_value)|
    next unless record.class::GOVSPEAK_FIELDS.include?(field_name.to_sym)
    check_struct(record, field_name, new_value)
  end
end