add html escape to truncate_err_message helper, also fix typo in helper name

lest
1 parent 51acf14c
Showing 3 changed files with 15 additions and 3 deletions Show diff stats
app/helpers/errs_helper.rb
app/views/errs/_table.html.haml
spec/helpers/errs_helper_spec.rb
@@ -7,10 +7,10 @@ module ErrsHelper
     Errbit::Config.confirm_resolve_err === false ? nil : 'Seriously?'
   end
-  def trucated_err_message(problem)
+  def truncated_err_message(problem)
     unless (msg = problem.message).blank?
       # Truncate & insert invisible chars so that firefox can emulate 'word-wrap: break-word' CSS rule
-      truncate(msg, :length => 300).scan(/.{1,5}/).join("&#8203;").html_safe
+      truncate(msg, :length => 300).scan(/.{1,5}/).map { |s| h(s) }.join("&#8203;").html_safe
     end
   end
 end
@@ -24,7 +24,7 @@
             - else
               %span.environment= link_to problem.environment, app_path(problem.app, :environment => problem.environment)
           %td.message
-            = link_to trucated_err_message(problem), app_err_path(problem.app, problem)
+            = link_to truncated_err_message(problem), app_err_path(problem.app, problem)
             %em= problem.where
             - if problem.comments_count > 0
               - comment = problem.comments.last
@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+describe ErrsHelper do
+  describe '#truncated_err_message' do
+    it 'is html safe' do
+      problem = double('problem', :message => '#<NoMethodError: ...>')
+      truncated = helper.truncated_err_message(problem)
+      truncated.should be_html_safe
+      truncated.should_not include('<', '>')
+    end
+  end
+end
	@@ -7,10 +7,10 @@ module ErrsHelper		@@ -7,10 +7,10 @@ module ErrsHelper
7	Errbit::Config.confirm_resolve_err === false ? nil : 'Seriously?'	7	Errbit::Config.confirm_resolve_err === false ? nil : 'Seriously?'
8	end	8	end
9		9
10	- def trucated_err_message(problem)	10	+ def truncated_err_message(problem)
11	unless (msg = problem.message).blank?	11	unless (msg = problem.message).blank?
12	# Truncate & insert invisible chars so that firefox can emulate 'word-wrap: break-word' CSS rule	12	# Truncate & insert invisible chars so that firefox can emulate 'word-wrap: break-word' CSS rule
13	- truncate(msg, :length => 300).scan(/.{1,5}/).join("").html_safe	13	+ truncate(msg, :length => 300).scan(/.{1,5}/).map { \|s\| h(s) }.join("").html_safe
14	end	14	end
15	end	15	end
16	end	16	end
	@@ -24,7 +24,7 @@		@@ -24,7 +24,7 @@
24	- else	24	- else
25	%span.environment= link_to problem.environment, app_path(problem.app, :environment => problem.environment)	25	%span.environment= link_to problem.environment, app_path(problem.app, :environment => problem.environment)
26	%td.message	26	%td.message
27	- = link_to trucated_err_message(problem), app_err_path(problem.app, problem)	27	+ = link_to truncated_err_message(problem), app_err_path(problem.app, problem)
28	%em= problem.where	28	%em= problem.where
29	- if problem.comments_count > 0	29	- if problem.comments_count > 0
30	- comment = problem.comments.last	30	- comment = problem.comments.last
@@ -0,0 +1,12 @@		@@ -0,0 +1,12 @@
	1	+require 'spec_helper'
	2	+
	3	+describe ErrsHelper do
	4	+ describe '#truncated_err_message' do
	5	+ it 'is html safe' do
	6	+ problem = double('problem', :message => '#<NoMethodError: ...>')
	7	+ truncated = helper.truncated_err_message(problem)
	8	+ truncated.should be_html_safe
	9	+ truncated.should_not include('<', '>')
	10	+ end
	11	+ end
	12	+end