Download as
Browse Code »

Commit 025f806d0aa51a3b46979cb4fa2a75f3c2a40435

Authored by Victor Costa
2 parents ea29ebc4 b96e16b3
Exists in staging and in 30 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

Merge branch 'html-safe-article' into 'master' 

html_safe: fix escape of article body and abstract



See merge request !896
Showing 2 changed files with 2 additions and 21 deletions   Show diff stats
app/controllers/my_profile/cms_controller.rb
  Diff comments   View file @025f806
... ... @@ -103,8 +103,6 @@ class CmsController < MyProfileController
103 103 end
104 104 end
105 105 end
106   -
107   - escape_fields @article
108 106 end
109 107  
110 108 def new
... ... @@ -174,9 +172,6 @@ class CmsController < MyProfileController
174 172 return
175 173 end
176 174 end
177   -
178   - escape_fields @article
179   -
180 175 render :action => 'edit'
181 176 end
182 177  
... ... @@ -518,10 +513,4 @@ class CmsController < MyProfileController
518 513 end
519 514 end
520 515  
521   - def escape_fields article
522   - unless article.kind_of?(RssFeed)
523   - @escaped_body = CGI::escapeHTML(article.body || '')
524   - @escaped_abstract = CGI::escapeHTML(article.abstract || '')
525   - end
526   - end
527 516 end
... ...
app/views/shared/_lead_and_body.html.erb
  Diff comments   View file @025f806
... ... @@ -23,11 +23,7 @@
23 23 <% if f %>
24 24 <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %>
25 25 <% else %>
26   - <% if @article.kind_of?(Article) %>
27   - <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %>
28   - <% else %>
29   - <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
30   - <% end %>
  26 + <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
31 27 <% end %>
32 28 </div>
33 29 <div style="margin-top: 10px;">
... ... @@ -35,11 +31,7 @@
35 31 <% if f %>
36 32 <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %>
37 33 <% else %>
38   - <% if @article.kind_of?(Article) %>
39   - <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %>
40   - <% else %>
41   - <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
42   - <% end %>
  34 + <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
43 35 <% end %>
44 36 </div>
45 37  
... ...