From fd1f7a52374687099f862db8378bed202798c4d7 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Tue, 3 Feb 2015 10:50:00 -0300 Subject: [PATCH] proposals_discussion: strip tags in custom body label --- test/functional/cms_controller_test.rb | 33 +++++++++++++++++++++++++++++++++ test/functional/content_viewer_controller_test.rb | 21 +++++++++++++++++++++ views/cms/proposals_discussion_plugin/_proposal.html.erb | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 test/functional/cms_controller_test.rb create mode 100644 test/functional/content_viewer_controller_test.rb diff --git a/test/functional/cms_controller_test.rb b/test/functional/cms_controller_test.rb new file mode 100644 index 0000000..a798792 --- /dev/null +++ b/test/functional/cms_controller_test.rb @@ -0,0 +1,33 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class CmsControllerTest < ActionController::TestCase + + def setup + @profile = fast_create(Community) + + @discussion = ProposalsDiscussionPlugin::Discussion.create!(:name => 'test', :profile => @profile) + @topic = ProposalsDiscussionPlugin::Topic.create!(:name => 'test', :profile => @profile, :parent => @discussion) + @proposal = ProposalsDiscussionPlugin::Proposal.create!(:name => 'test', :profile => @profile, :parent => @topic, :abstract => "Abstract", :body => "Proposal Body") + + user = create_user('testinguser') + @profile.add_admin(user.person) + login_as(user.login) + end + + attr_reader :profile, :proposal, :topic, :discussion + + should 'display custom body label when edit a proposal' do + discussion.custom_body_label = "My Custom Label" + discussion.save! + get :edit, :id => proposal.id, :profile => profile.identifier + assert_tag :tag => 'label', :attributes => {:class => 'formlabel'}, :content => 'My Custom Label' + end + + should 'escape html tags in custom body label' do + discussion.custom_body_label = "My Custom " + discussion.save! + get :edit, :id => proposal.id, :profile => profile.identifier + assert_tag :tag => 'label', :attributes => {:class => 'formlabel'}, :content => 'My Custom Label' + end + +end diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb new file mode 100644 index 0000000..78cb446 --- /dev/null +++ b/test/functional/content_viewer_controller_test.rb @@ -0,0 +1,21 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class ContentViewerControllerTest < ActionController::TestCase + + def setup + @profile = fast_create(Community) + + @discussion = ProposalsDiscussionPlugin::Discussion.create!(:name => 'test', :profile => @profile) + @topic = ProposalsDiscussionPlugin::Topic.create!(:name => 'test', :profile => @profile, :parent => @discussion) + @proposal = ProposalsDiscussionPlugin::Proposal.create!(:name => 'test', :profile => @profile, :parent => @topic, :abstract => "Abstract", :body => "Proposal Body") + end + + attr_reader :profile, :proposal, :topic, :discussion + + should 'display custom proposal page' do + get :view_page, proposal.url + assert_tag :tag => 'div', :attributes => {:class => 'content'}, :content => 'Abstract' + assert_tag :tag => 'div', :attributes => {:class => 'content'}, :content => 'Proposal Body' + end + +end diff --git a/views/cms/proposals_discussion_plugin/_proposal.html.erb b/views/cms/proposals_discussion_plugin/_proposal.html.erb index b71dbb6..524ce58 100644 --- a/views/cms/proposals_discussion_plugin/_proposal.html.erb +++ b/views/cms/proposals_discussion_plugin/_proposal.html.erb @@ -23,7 +23,7 @@
<% editor_type = 'mceEditor' %> - <%= labelled_form_field(@article.topic.discussion.custom_body_label, text_area(:article, :body, :class => editor_type)) %> + <%= labelled_form_field(strip_tags(@article.topic.discussion.custom_body_label), text_area(:article, :body, :class => editor_type)) %>
-- libgit2 0.21.2