From bed389b5ec5c09c67475e093e23325ecefbfb3fd Mon Sep 17 00:00:00 2001 From: Terentev Aleksey Date: Tue, 29 Aug 2023 17:13:06 +0500 Subject: [PATCH] feat: sanitize links in alt of img tag https://jira.railsc.ru/browse/PC4-29908 --- lib/string_tools.rb | 9 +++++++++ spec/string_tools_spec.rb | 12 ++++++++++++ 2 files changed, 21 insertions(+) diff --git a/lib/string_tools.rb b/lib/string_tools.rb index 30291da..175d981 100644 --- a/lib/string_tools.rb +++ b/lib/string_tools.rb @@ -199,6 +199,7 @@ def call(env) normalize_link node, 'href' when 'img' normalize_link node, 'src' + remove_links node, 'alt' end end @@ -210,6 +211,14 @@ def normalize_link(node, attr_name) rescue Addressable::URI::InvalidURIError node.swap node.children end + + def remove_links(node, attr_name) + return unless node[attr_name] + + node[attr_name] = node[attr_name].gsub(URI::DEFAULT_PARSER.make_regexp, '').squish + + node.remove_attribute(attr_name) if node[attr_name].empty? + end end class IframeNormalizer diff --git a/spec/string_tools_spec.rb b/spec/string_tools_spec.rb index 1d6b7f2..ff239fc 100644 --- a/spec/string_tools_spec.rb +++ b/spec/string_tools_spec.rb @@ -80,6 +80,18 @@ expect(sanitized_string).to eq('') end + it 'removes links in alt attribute of img tag' do + origin_str = 'http://test.test test https://test.test alt' + sanitized_string = described_class.sanitize(origin_str, 'img' => %w(scr alt)) + expect(sanitized_string).to eq('test alt') + end + + it 'removes alt attribute of img tag if empty value' do + origin_str = 'http://test.test' + sanitized_string = described_class.sanitize(origin_str, 'img' => %w(scr alt)) + expect(sanitized_string).to eq('') + end + context 'multiple invocations of the method' do it 'does not mess up default config' do origin_str = '

'