14519: Adds more table related tags to the whitelist

[arvados.git] / apps / workbench / app / helpers / application_helper.rb

diff --git a/apps/workbench/app/helpers/application_helper.rb b/apps/workbench/app/helpers/application_helper.rb
index cba0c6269638943a2eb0739569dc0403579be722..c4a801d68b0a645fe7c10de9cdee91f642ed4ab7 100644 (file)
--- a/apps/workbench/app/helpers/application_helper.rb
+++ b/apps/workbench/app/helpers/application_helper.rb
@@ -16,7 +16,8 @@ module ApplicationHelper
   end
 
   def render_markup(markup)
-    sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile))) if markup
+    allowed_tags = Rails::Html::Sanitizer.white_list_sanitizer.allowed_tags + %w(table tbody th tr td col colgroup caption thead tfoot)
+    sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile)), tags: allowed_tags) if markup
   end
 
   def human_readable_bytes_html(n)
@@ -43,13 +44,6 @@ module ApplicationHelper
     end
 
     return h(n)
-    #raw = n.to_s
-    #cooked = ''
-    #while raw.length > 3
-    #  cooked = ',' + raw[-3..-1] + cooked
-    #  raw = raw[0..-4]
-    #end
-    #cooked = raw + cooked
   end
 
   def resource_class_for_uuid(attrvalue, opts={})
@@ -680,9 +674,10 @@ module ApplicationHelper
   end
 
   # Keep locators are expected to be of the form \"...<pdh/file_path>\"
-  JSON_KEEP_LOCATOR_REGEXP = /(.*)(([0-9a-f]{32}\+\d+)(.*)\"(.*))/
+  JSON_KEEP_LOCATOR_REGEXP = /([0-9a-f]{32}\+\d+[^'"]*?)(?=['"]|\z|$)/
   def keep_locator_in_json str
-    JSON_KEEP_LOCATOR_REGEXP.match str
+    # Return a list of all matches
+    str.scan(JSON_KEEP_LOCATOR_REGEXP).flatten
   end
 
 private