Download as
Browse Code »

Commit 025f806d0aa51a3b46979cb4fa2a75f3c2a40435

Authored by Victor Costa
2 parents ea29ebc4 b96e16b3
Exists in staging and in 30 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

Merge branch 'html-safe-article' into 'master' 

html_safe: fix escape of article body and abstract



See merge request !896
Showing 2 changed files with 2 additions and 21 deletions   Show diff stats
app/controllers/my_profile/cms_controller.rb
  Diff comments   View file @025f806
@@ -103,8 +103,6 @@ class CmsController < MyProfileController @@ -103,8 +103,6 @@ class CmsController < MyProfileController
103 end 103 end
104 end 104 end
105 end 105 end
106 -  
107 - escape_fields @article  
108 end 106 end
109 107
110 def new 108 def new
@@ -174,9 +172,6 @@ class CmsController < MyProfileController @@ -174,9 +172,6 @@ class CmsController < MyProfileController
174 return 172 return
175 end 173 end
176 end 174 end
177 -  
178 - escape_fields @article  
179 -  
180 render :action => 'edit' 175 render :action => 'edit'
181 end 176 end
182 177
@@ -518,10 +513,4 @@ class CmsController < MyProfileController @@ -518,10 +513,4 @@ class CmsController < MyProfileController
518 end 513 end
519 end 514 end
520 515
521 - def escape_fields article  
522 - unless article.kind_of?(RssFeed)  
523 - @escaped_body = CGI::escapeHTML(article.body || '')  
524 - @escaped_abstract = CGI::escapeHTML(article.abstract || '')  
525 - end  
526 - end  
527 end 516 end
app/views/shared/_lead_and_body.html.erb
  Diff comments   View file @025f806
@@ -23,11 +23,7 @@ @@ -23,11 +23,7 @@
23 <% if f %> 23 <% if f %>
24 <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %> 24 <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %>
25 <% else %> 25 <% else %>
26 - <% if @article.kind_of?(Article) %>  
27 - <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %>  
28 - <% else %>  
29 - <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>  
30 - <% end %> 26 + <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
31 <% end %> 27 <% end %>
32 </div> 28 </div>
33 <div style="margin-top: 10px;"> 29 <div style="margin-top: 10px;">
@@ -35,11 +31,7 @@ @@ -35,11 +31,7 @@
35 <% if f %> 31 <% if f %>
36 <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %> 32 <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %>
37 <% else %> 33 <% else %>
38 - <% if @article.kind_of?(Article) %>  
39 - <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %>  
40 - <% else %>  
41 - <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>  
42 - <% end %> 34 + <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
43 <% end %> 35 <% end %>
44 </div> 36 </div>
45 37