Commit 025f806d0aa51a3b46979cb4fa2a75f3c2a40435
Exists in
staging
and in
30 other branches
Merge branch 'html-safe-article' into 'master'
html_safe: fix escape of article body and abstract See merge request !896
Showing
2 changed files
with
2 additions
and
21 deletions
Show diff stats
app/controllers/my_profile/cms_controller.rb
... | ... | @@ -103,8 +103,6 @@ class CmsController < MyProfileController |
103 | 103 | end |
104 | 104 | end |
105 | 105 | end |
106 | - | |
107 | - escape_fields @article | |
108 | 106 | end |
109 | 107 | |
110 | 108 | def new |
... | ... | @@ -174,9 +172,6 @@ class CmsController < MyProfileController |
174 | 172 | return |
175 | 173 | end |
176 | 174 | end |
177 | - | |
178 | - escape_fields @article | |
179 | - | |
180 | 175 | render :action => 'edit' |
181 | 176 | end |
182 | 177 | |
... | ... | @@ -518,10 +513,4 @@ class CmsController < MyProfileController |
518 | 513 | end |
519 | 514 | end |
520 | 515 | |
521 | - def escape_fields article | |
522 | - unless article.kind_of?(RssFeed) | |
523 | - @escaped_body = CGI::escapeHTML(article.body || '') | |
524 | - @escaped_abstract = CGI::escapeHTML(article.abstract || '') | |
525 | - end | |
526 | - end | |
527 | 516 | end | ... | ... |
app/views/shared/_lead_and_body.html.erb
... | ... | @@ -23,11 +23,7 @@ |
23 | 23 | <% if f %> |
24 | 24 | <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %> |
25 | 25 | <% else %> |
26 | - <% if @article.kind_of?(Article) %> | |
27 | - <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %> | |
28 | - <% else %> | |
29 | - <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %> | |
30 | - <% end %> | |
26 | + <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %> | |
31 | 27 | <% end %> |
32 | 28 | </div> |
33 | 29 | <div style="margin-top: 10px;"> |
... | ... | @@ -35,11 +31,7 @@ |
35 | 31 | <% if f %> |
36 | 32 | <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %> |
37 | 33 | <% else %> |
38 | - <% if @article.kind_of?(Article) %> | |
39 | - <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %> | |
40 | - <% else %> | |
41 | - <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %> | |
42 | - <% end %> | |
34 | + <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %> | |
43 | 35 | <% end %> |
44 | 36 | </div> |
45 | 37 | ... | ... |