fix: allow a tag in various admin text

This commit is contained in:
simon lehericey 2023-02-03 15:17:12 +01:00 committed by mfo
parent 4f0f221e46
commit a1487e9923
7 changed files with 25 additions and 9 deletions

View file

@ -7,4 +7,4 @@
= render EditableChamp::ChampLabelContentComponent.new champ: @champ, seen_at: @seen_at = render EditableChamp::ChampLabelContentComponent.new champ: @champ, seen_at: @seen_at
- if @champ.description.present? - if @champ.description.present?
.notice{ id: @champ.describedby_id }= string_to_html(@champ.description) .notice{ id: @champ.describedby_id }= string_to_html(@champ.description, allow_a: true)

View file

@ -2,7 +2,7 @@
- if @champ.block? - if @champ.block?
%h3.header-subsection= @champ.libelle %h3.header-subsection= @champ.libelle
- if @champ.description.present? - if @champ.description.present?
%p.notice= string_to_html(@champ.description, false) %p.notice= string_to_html(@champ.description, false, allow_a: true)
- elsif has_label?(@champ) - elsif has_label?(@champ)
= render EditableChamp::ChampLabelComponent.new form: @form, champ: @champ, seen_at: @seen_at = render EditableChamp::ChampLabelComponent.new form: @form, champ: @champ, seen_at: @seen_at

View file

@ -1,7 +1,7 @@
= render Dsfr::CalloutComponent.new(title: @champ.libelle, extra_class_names: ['fr-mb-2w', 'fr-callout--blue-cumulus']) do |c| = render Dsfr::CalloutComponent.new(title: @champ.libelle, extra_class_names: ['fr-mb-2w', 'fr-callout--blue-cumulus']) do |c|
- c.with_body do - c.with_body do
= string_to_html(@champ.description) = string_to_html(@champ.description, allow_a: true)
- if @champ.collapsible_explanation_enabled? && @champ.collapsible_explanation_text.present? - if @champ.collapsible_explanation_enabled? && @champ.collapsible_explanation_text.present?
%div %div

View file

@ -8,7 +8,7 @@
= @form.label :secondary_value, for: "#{@champ.input_id}-secondary" do = @form.label :secondary_value, for: "#{@champ.input_id}-secondary" do
- sanitize((@champ.drop_down_secondary_libelle.presence || "Valeur secondaire dépendant de la première") + (@champ.type_de_champ.mandatory? ? tag.span(' *', class: 'mandatory') : '')) - sanitize((@champ.drop_down_secondary_libelle.presence || "Valeur secondaire dépendant de la première") + (@champ.type_de_champ.mandatory? ? tag.span(' *', class: 'mandatory') : ''))
- if @champ.drop_down_secondary_description.present? - if @champ.drop_down_secondary_description.present?
.notice{ id: "#{@champ.describedby_id}-secondary" }= string_to_html(@champ.drop_down_secondary_description) .notice{ id: "#{@champ.describedby_id}-secondary" }= string_to_html(@champ.drop_down_secondary_description, allow_a: true)
= @form.select :secondary_value, = @form.select :secondary_value,
@champ.secondary_options[@champ.primary_value], @champ.secondary_options[@champ.primary_value],
{}, {},

View file

@ -1,8 +1,15 @@
module StringToHtmlHelper module StringToHtmlHelper
def string_to_html(str, wrapper_tag = 'p') def string_to_html(str, wrapper_tag = 'p', allow_a: false)
return nil if str.blank? return nil if str.blank?
html_formatted = simple_format(str, {}, { wrapper_tag: wrapper_tag }) html_formatted = simple_format(str, {}, { wrapper_tag: wrapper_tag })
with_links = Anchored::Linker.auto_link(html_formatted, target: '_blank', rel: 'noopener') with_links = Anchored::Linker.auto_link(html_formatted, target: '_blank', rel: 'noopener')
sanitize(with_links, attributes: ['target', 'rel', 'href'])
tags = if allow_a
Rails.configuration.action_view.sanitized_allowed_tags + ['a']
else
Rails.configuration.action_view.sanitized_allowed_tags
end
sanitize(with_links, tags:, attributes: ['target', 'rel', 'href'])
end end
end end

View file

@ -23,5 +23,5 @@
.procedure-description .procedure-description
.procedure-description-body.read-more-enabled.read-more-collapsed .procedure-description-body.read-more-enabled.read-more-collapsed
= h string_to_html(procedure.description) = h string_to_html(procedure.description, allow_a: true)
= button_tag "Afficher la description complète", class: 'button read-more-button' = button_tag "Afficher la description complète", class: 'button read-more-button'

View file

@ -1,6 +1,7 @@
RSpec.describe StringToHtmlHelper, type: :helper do RSpec.describe StringToHtmlHelper, type: :helper do
describe "#string_to_html" do describe "#string_to_html" do
subject { string_to_html(description) } let(:allow_a) { false }
subject { string_to_html(description, allow_a:) }
context "with some simple texte" do context "with some simple texte" do
let(:description) { "1er ligne \n 2ieme ligne" } let(:description) { "1er ligne \n 2ieme ligne" }
@ -11,9 +12,17 @@ RSpec.describe StringToHtmlHelper, type: :helper do
context "with a link" do context "with a link" do
context "using an authorized scheme" do context "using an authorized scheme" do
let(:description) { "Cliquez sur https://d-s.fr pour continuer." } let(:description) { "Cliquez sur https://d-s.fr pour continuer." }
context 'with a tag authorized' do
let(:allow_a) { true }
it { is_expected.to eq("<p>Cliquez sur <a href=\"https://d-s.fr\" target=\"_blank\" rel=\"noopener\">https://d-s.fr</a> pour continuer.</p>") } it { is_expected.to eq("<p>Cliquez sur <a href=\"https://d-s.fr\" target=\"_blank\" rel=\"noopener\">https://d-s.fr</a> pour continuer.</p>") }
end end
context 'without a tag' do
it { is_expected.to eq("<p>Cliquez sur https://d-s.fr pour continuer.</p>") }
end
end
context "using a non-authorized scheme" do context "using a non-authorized scheme" do
let(:description) { "Cliquez sur file://etc/password pour continuer." } let(:description) { "Cliquez sur file://etc/password pour continuer." }
it { is_expected.to eq("<p>Cliquez sur file://etc/password pour continuer.</p>") } it { is_expected.to eq("<p>Cliquez sur file://etc/password pour continuer.</p>") }