Merge branch 'html-safe-fixes' into 'master'

Html safe fixes 1. html_safe: not escape tinymce macros 1. html_safe: fix author link in publishing info See merge request !894

Merge branch 'html-safe-fixes' into 'master'
Html safe fixes 1. html_safe: not escape tinymce macros 1. html_safe: fix author link in publishing info See merge request !894
Leandro Santos
2 parents 464b8a1c e9e5d31d
Showing 3 changed files with 27 additions and 2 deletions Show diff stats
app/helpers/macros_helper.rb
app/views/content_viewer/_publishing_info.html.erb
test/integration/safe_strings_test.rb
@@ -32,7 +32,7 @@ module MacrosHelper
           }
         });
       }"
-    end
+    end.html_safe
   end
  
   def include_macro_js_files
@@ -3,7 +3,7 @@
     <%= show_time(@page.published_at) %>
   </span>
   <span class="author">
-    <%= _(", by %s") % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
+    <%= _(", by %s").html_safe % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
   </span>
 <% unless @no_comments %>
   <span class="comments">
@@ -92,4 +92,29 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
     get "/myprofile/marley"
     assert_select ".pending-tasks ul li a"
   end
+
+  should 'not escape author link in publishing info of article' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    person = Person['jimi']
+    article = fast_create(Article, author_id: person.id, profile_id: person.id)
+    get url_for(article.view_url)
+    assert_select ".publishing-info .author a"
+  end
+
+  should 'not escape tinymce macros when create article' do
+    class Plugin1 < Noosfero::Plugin
+    end
+    class Plugin1::Macro < Noosfero::Plugin::Macro
+      def self.configuration
+        {params: {}}
+      end
+    end
+    Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([SafeStringsTest::Plugin1.new])
+
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    person = Person['jimi']
+    login 'jimi', 'test'
+    get "/myprofile/jimi/cms/new?type=TinyMceArticle"
+    assert_no_match /title: &quot;Safestringstest::plugin1::macro&quot/, response.body
+  end
 end
...	...	@@ -32,7 +32,7 @@ module MacrosHelper
32	32	}
33	33	});
34	34	}"
35		- end
	35	+ end.html_safe
36	36	end
37	37
38	38	def include_macro_js_files
...	...
...	...	@@ -3,7 +3,7 @@
3	3	<%= show_time(@page.published_at) %>
4	4	</span>
5	5	<span class="author">
6		- <%= _(", by %s") % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
	6	+ <%= _(", by %s").html_safe % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
7	7	</span>
8	8	<% unless @no_comments %>
9	9	<span class="comments">
...	...
...	...	@@ -92,4 +92,29 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
92	92	get "/myprofile/marley"
93	93	assert_select ".pending-tasks ul li a"
94	94	end
	95	+
	96	+ should 'not escape author link in publishing info of article' do
	97	+ create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
	98	+ person = Person['jimi']
	99	+ article = fast_create(Article, author_id: person.id, profile_id: person.id)
	100	+ get url_for(article.view_url)
	101	+ assert_select ".publishing-info .author a"
	102	+ end
	103	+
	104	+ should 'not escape tinymce macros when create article' do
	105	+ class Plugin1 < Noosfero::Plugin
	106	+ end
	107	+ class Plugin1::Macro < Noosfero::Plugin::Macro
	108	+ def self.configuration
	109	+ {params: {}}
	110	+ end
	111	+ end
	112	+ Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([SafeStringsTest::Plugin1.new])
	113	+
	114	+ create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
	115	+ person = Person['jimi']
	116	+ login 'jimi', 'test'
	117	+ get "/myprofile/jimi/cms/new?type=TinyMceArticle"
	118	+ assert_no_match /title: "Safestringstest::plugin1::macro&quot/, response.body
	119	+ end
95	120	end
...	...