-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmarkdown_question_behavior.rb
73 lines (61 loc) · 2.77 KB
/
markdown_question_behavior.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# frozen_string_literal: true
##
# The {MarkdownQuestionBehavior} mixin module is for extracting
#
# @note Consider that the column `TEXT_` may not be the best named. We might want `TITLE` and
# `TEXT_`; however this format helps us stay closer to the other question types.
module MarkdownQuestionBehavior
extend ActiveSupport::Concern
included do
serialize :data, JSON
validates :data, presence: true
end
DATA_KEY_NAME = 'html'
class ImportCsvRow < Question::ImportCsvRow
# rubocop:disable Metrics/MethodLength
##
# This method will set the @text and @data for import. Most notably we're assuming that the
# input is multiple columns of Markdown. It will also strip the provided text fields of any
# HTML, then convert that text to markdown.
#
# @param row [CsvRow, Hash]
#
# @see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-strip_tags SanitizeHelper.strip_tags
def extract_answers_and_data_from(row)
@section_integers = []
row.headers.each do |header|
next unless header.upcase.start_with?("TEXT_")
@section_integers << Integer(header.sub("TEXT_", ""))
end
@section_integers.sort!
rows = []
rows << row.fetch('TEXT') if row.headers.include?("TEXT") && row['TEXT'].present?
# Why the double carriage return? Without that if we have "Text\n* Bullet" that will be
# converted to "<p>Text\n* Bullet</p>" But with the "\n\n" we end up with
# "<p>Text</p><ul><li>Bullet</li></ul>"; and multiple bullets also work.
@text = @section_integers.each_with_object(rows) do |integer, acc|
acc << row.fetch("TEXT_#{integer}")
end.join("\n\n")
# We need to ensure that we're not letting stray HTML make it's way into the application;
# without stripping tags this is a vector for Javascript injection.
@text = ApplicationController.helpers.strip_tags(@text)
# We're stripping the new line characters as those are not technically not-needed for storage
# nor transport.
html = Redcarpet::Markdown.new(Redcarpet::Render::HTML).render(@text).delete("\n")
@data = { DATA_KEY_NAME => html }
end
# rubocop:enable Metrics/MethodLength
def validate_well_formed_row
errors.add(:base, "expected one or more TEXT columns") unless row.key?("TEXT") || @section_integers.any?
end
end
##
# @return [NilClass] when we have not yet set the data.
# @return [String] HTML unsafe content (e.g. raw HTML that has not been verified as safe nor
# escaped.)
# @raise [KeyError] when the data does not have an 'html' key. This is indicative of a disconnect
# in the mapping of the imported data to the serialized form.
def html
data&.fetch(DATA_KEY_NAME)
end
end