sanitize html

gdonald · Dec 30, 2023 · bda187d · bda187d
1 parent d671ca0
commit bda187d
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 2 deletions.
diff --git a/.rspec b/.rspec
@@ -1,2 +1,3 @@
 --require spec_helper
+--order rand
 --color
diff --git a/Gemfile b/Gemfile
@@ -25,6 +25,7 @@ gem 'rack', '~> 3.0.8'
 gem 'rails', '~> 7.1.0'
 gem 'rbnacl', '~> 7.1.1'
 gem 'redis', '~> 5.0.7'
+gem 'sanitize', '~> 6.1.0'
 gem 'sassc-rails', '~> 2.1.2'
 gem 'sidekiq', '~> 7.2.0'
 gem 'sidekiq-cron', '~> 1.12.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -376,6 +376,9 @@ GEM
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
+    sanitize (6.1.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
     sassc (2.4.0)
       ffi (~> 1.9)
     sassc-rails (2.1.2)
@@ -489,6 +492,7 @@ DEPENDENCIES
   rubocop-rails
   rubocop-rake
   rubocop-rspec
+  sanitize (~> 6.1.0)
   sassc-rails (~> 2.1.2)
   selenium-webdriver
   shoulda-matchers (~> 6.0.0)

diff --git a/app/services/html_service.rb b/app/services/html_service.rb
@@ -25,7 +25,7 @@ def blurb
       elem ||= doc.search(tag).first
     end
 
-    elem.to_s.gsub(/<.*?>/, '').strip
+    Sanitize.fragment(elem.to_s).strip
   end
 
   def content
@@ -50,7 +50,7 @@ def remove_stop_words(words)
   end
 
   def remove_html_tags(text)
-    text.gsub(/<.*?>/, '').gsub("\n", ' ').gsub("\r", '').gsub(/\s+/, ' ').strip
+    Sanitize.fragment(text).gsub("\n", ' ').gsub("\r", '').gsub(/\s+/, ' ').strip
   end
 
   def find_hrefs