Commit e936b0ae7847f8ff3468d544011c81605050c5b4
1 parent
efe01800
Exists in
master
and in
22 other branches
Allow 'rowspan' and 'colspan' in Noosfero's contents
thanks Braulio!
Showing
2 changed files
with
12 additions
and
3 deletions
Show diff stats
config/application.rb
| @@ -20,7 +20,7 @@ module Noosfero | @@ -20,7 +20,7 @@ module Noosfero | ||
| 20 | require 'noosfero/plugin' | 20 | require 'noosfero/plugin' |
| 21 | 21 | ||
| 22 | # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper | 22 | # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper |
| 23 | - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay' | 23 | + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay', 'colspan', 'rowspan' |
| 24 | 24 | ||
| 25 | # Adds custom tags to the Set of allowed html tags for the #sanitize helper | 25 | # Adds custom tags to the Set of allowed html tags for the #sanitize helper |
| 26 | config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source' | 26 | config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source' |
test/unit/tiny_mce_article_test.rb
| @@ -8,7 +8,7 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -8,7 +8,7 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
| 8 | @profile = create_user('zezinho').person | 8 | @profile = create_user('zezinho').person |
| 9 | end | 9 | end |
| 10 | attr_reader :profile | 10 | attr_reader :profile |
| 11 | - | 11 | + |
| 12 | # this test can be removed when we get real tests for TinyMceArticle | 12 | # this test can be removed when we get real tests for TinyMceArticle |
| 13 | should 'be an article' do | 13 | should 'be an article' do |
| 14 | assert_subclass TextArticle, TinyMceArticle | 14 | assert_subclass TextArticle, TinyMceArticle |
| @@ -210,7 +210,7 @@ end | @@ -210,7 +210,7 @@ end | ||
| 210 | assert_equal true, a.notifiable? | 210 | assert_equal true, a.notifiable? |
| 211 | assert_equal true, a.advertise? | 211 | assert_equal true, a.advertise? |
| 212 | assert_equal true, a.is_trackable? | 212 | assert_equal true, a.is_trackable? |
| 213 | - | 213 | + |
| 214 | a.published=false | 214 | a.published=false |
| 215 | assert_equal false, a.published? | 215 | assert_equal false, a.published? |
| 216 | assert_equal false, a.is_trackable? | 216 | assert_equal false, a.is_trackable? |
| @@ -237,4 +237,13 @@ end | @@ -237,4 +237,13 @@ end | ||
| 237 | assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'} | 237 | assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'} |
| 238 | end | 238 | end |
| 239 | 239 | ||
| 240 | + should 'not sanitize colspan and rowspan attributes' do | ||
| 241 | + article = TinyMceArticle.create!(:name => 'table with colspan and rowspan', | ||
| 242 | + :body => "<table colspan='2' rowspan='3'><tr></tr></table>", | ||
| 243 | + :profile => profile | ||
| 244 | + ) | ||
| 245 | + assert_tag_in_string article.body, :tag => 'table', | ||
| 246 | + :attributes => { :colspan => 2, :rowspan => 3 } | ||
| 247 | + end | ||
| 248 | + | ||
| 240 | end | 249 | end |