diff --git a/Gemfile b/Gemfile index 1104711a..20d39d38 100644 --- a/Gemfile +++ b/Gemfile @@ -49,6 +49,7 @@ gem 'acme-client', { } gem 'http' gem 'htmlentities' +gem 'rinku' platform :mri, :rbx do gem 'magic' # sudo apt-get install file, For OSX: brew install libmagic diff --git a/Gemfile.lock b/Gemfile.lock index 968bb56e..0fa7d2cf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -182,6 +182,7 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) + rinku (2.0.0) rmagick (2.15.4) ruby-progressbar (1.7.5) rye (0.9.13) @@ -318,6 +319,7 @@ DEPENDENCIES redis redis-namespace rest-client + rinku rmagick ruby-debug rye diff --git a/app_helpers.rb b/app_helpers.rb index 5be31b90..706addf1 100644 --- a/app_helpers.rb +++ b/app_helpers.rb @@ -132,3 +132,7 @@ def email_not_validated? current_site && current_site.parent? && !current_site.is_education && !current_site.email_confirmed && !current_site.supporter? end + +def sanitize_comment(text) + Rinku.auto_link Sanitize.fragment(text), :all, 'target="_blank" rel="nofollow"' +end diff --git a/views/_news.erb b/views/_news.erb index 856bf8d9..e70eb807 100644 --- a/views/_news.erb +++ b/views/_news.erb @@ -110,7 +110,7 @@ <%= comment.created_at.ago %> -

<%= comment.message %>

+

<%== sanitize_comment comment.message %>

<% comment_likes_count = comment.comment_likes_dataset.count %> diff --git a/views/_news_profile_comment.erb b/views/_news_profile_comment.erb index 24b32d7f..cc556d92 100644 --- a/views/_news_profile_comment.erb +++ b/views/_news_profile_comment.erb @@ -22,5 +22,5 @@
-
<%= profile_comment.message %>
+
<%== sanitize_comment profile_comment.message %>