Commit 49bd5d133390638d080a9b89c7d2e3652e4b356a
1 parent
dc74d781
Exists in
staging
and in
1 other branch
display_content: fix html escaping of block content
Showing
2 changed files
with
14 additions
and
1 deletions
Show diff stats
plugins/display_content/lib/display_content_block.rb
| ... | ... | @@ -156,7 +156,7 @@ class DisplayContentBlock < Block |
| 156 | 156 | when 'title' |
| 157 | 157 | content_sections += (block.display_section?(section) ? (content_tag('div', link_to(h(item.title), item.url), :class => 'title') ) : '') |
| 158 | 158 | when 'abstract' |
| 159 | - content_sections += (block.display_section?(section) ? (content_tag('div', item.abstract , :class => 'lead')) : '' ) | |
| 159 | + content_sections += (block.display_section?(section) ? (content_tag('div', (item.abstract || "").html_safe, :class => 'lead')) : '' ) | |
| 160 | 160 | if block.display_section?(section) |
| 161 | 161 | read_more_section = content_tag('div', link_to(_('Read more'), item.url), :class => 'read_more') |
| 162 | 162 | end | ... | ... |
plugins/display_content/test/unit/display_content_block_test.rb
| ... | ... | @@ -766,4 +766,17 @@ class DisplayContentBlockTest < ActiveSupport::TestCase |
| 766 | 766 | assert instance_eval(&block.content).index(en_article.name).present? |
| 767 | 767 | assert_nil instance_eval(&block.content).index(pt_article.name) |
| 768 | 768 | end |
| 769 | + | |
| 770 | + should 'not escape html in block content' do | |
| 771 | + profile = create_user('testuser').person | |
| 772 | + a1 = fast_create(TextileArticle, abstract: "<p class='test-article-abstract'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current) | |
| 773 | + | |
| 774 | + block = DisplayContentBlock.new | |
| 775 | + block.sections = [{:value => 'abstract', :checked => true}] | |
| 776 | + block.nodes = [a1.id] | |
| 777 | + box = mock() | |
| 778 | + block.stubs(:box).returns(box) | |
| 779 | + box.stubs(:owner).returns(profile) | |
| 780 | + assert_tag_in_string instance_eval(&block.content), tag: 'p', attributes: { class: 'test-article-abstract' } | |
| 781 | + end | |
| 769 | 782 | end | ... | ... |