Commit fd1f7a52374687099f862db8378bed202798c4d7

Authored by Victor Costa
1 parent 0b5543b1

proposals_discussion: strip tags in custom body label

test/functional/cms_controller_test.rb 0 → 100644
... ... @@ -0,0 +1,33 @@
  1 +require File.dirname(__FILE__) + '/../test_helper'
  2 +
  3 +class CmsControllerTest < ActionController::TestCase
  4 +
  5 + def setup
  6 + @profile = fast_create(Community)
  7 +
  8 + @discussion = ProposalsDiscussionPlugin::Discussion.create!(:name => 'test', :profile => @profile)
  9 + @topic = ProposalsDiscussionPlugin::Topic.create!(:name => 'test', :profile => @profile, :parent => @discussion)
  10 + @proposal = ProposalsDiscussionPlugin::Proposal.create!(:name => 'test', :profile => @profile, :parent => @topic, :abstract => "Abstract", :body => "Proposal Body")
  11 +
  12 + user = create_user('testinguser')
  13 + @profile.add_admin(user.person)
  14 + login_as(user.login)
  15 + end
  16 +
  17 + attr_reader :profile, :proposal, :topic, :discussion
  18 +
  19 + should 'display custom body label when edit a proposal' do
  20 + discussion.custom_body_label = "My Custom Label"
  21 + discussion.save!
  22 + get :edit, :id => proposal.id, :profile => profile.identifier
  23 + assert_tag :tag => 'label', :attributes => {:class => 'formlabel'}, :content => 'My Custom Label'
  24 + end
  25 +
  26 + should 'escape html tags in custom body label' do
  27 + discussion.custom_body_label = "My Custom <script>Label</script>"
  28 + discussion.save!
  29 + get :edit, :id => proposal.id, :profile => profile.identifier
  30 + assert_tag :tag => 'label', :attributes => {:class => 'formlabel'}, :content => 'My Custom Label'
  31 + end
  32 +
  33 +end
... ...
test/functional/content_viewer_controller_test.rb 0 → 100644
... ... @@ -0,0 +1,21 @@
  1 +require File.dirname(__FILE__) + '/../test_helper'
  2 +
  3 +class ContentViewerControllerTest < ActionController::TestCase
  4 +
  5 + def setup
  6 + @profile = fast_create(Community)
  7 +
  8 + @discussion = ProposalsDiscussionPlugin::Discussion.create!(:name => 'test', :profile => @profile)
  9 + @topic = ProposalsDiscussionPlugin::Topic.create!(:name => 'test', :profile => @profile, :parent => @discussion)
  10 + @proposal = ProposalsDiscussionPlugin::Proposal.create!(:name => 'test', :profile => @profile, :parent => @topic, :abstract => "Abstract", :body => "Proposal Body")
  11 + end
  12 +
  13 + attr_reader :profile, :proposal, :topic, :discussion
  14 +
  15 + should 'display custom proposal page' do
  16 + get :view_page, proposal.url
  17 + assert_tag :tag => 'div', :attributes => {:class => 'content'}, :content => 'Abstract'
  18 + assert_tag :tag => 'div', :attributes => {:class => 'content'}, :content => 'Proposal Body'
  19 + end
  20 +
  21 +end
... ...
views/cms/proposals_discussion_plugin/_proposal.html.erb
... ... @@ -23,7 +23,7 @@
23 23  
24 24 <div class="body">
25 25 <% editor_type = 'mceEditor' %>
26   - <%= labelled_form_field(@article.topic.discussion.custom_body_label, text_area(:article, :body, :class => editor_type)) %>
  26 + <%= labelled_form_field(strip_tags(@article.topic.discussion.custom_body_label), text_area(:article, :body, :class => editor_type)) %>
27 27 </div>
28 28 </div>
29 29  
... ...