DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

fix: MonAvisEmbed custom validation

Browse source
This commit is contained in:
Nicolas Cavigneaux 2023-03-15 17:23:19 +01:00 committed by Colin Darie
parent 61c3ff54d5
commit 01e0276f53
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/validators/mon_avis_embed_validator.rb
View file

@ -3,7 +3,7 @@ class MonAvisEmbedValidator < ActiveModel::Validator
# We need to ensure the embed code is not any random string in order to avoid injections
r = Regexp.new('<a href="https://monavis|voxusagers.numerique.gouv.fr/Demarches/\d+.*key=[[:alnum:]]+.*">\s*<img src="https://monavis|voxusagers.numerique.gouv.fr/(monavis-)?static/bouton-blanc|bleu.png|svg" alt="Je donne mon avis" (title="Je donne mon avis sur cette démarche" )?/>\s*</a>', Regexp::MULTILINE)
if record.monavis_embed.present? && !r.match?(record.monavis_embed)
record.errors[:base] << "Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme."
record.errors.add :base, :invalid, message: "Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme."
end
end
end