diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb
index b6b6728..262f7ea 100644
--- a/app/controllers/my_profile/profile_editor_controller.rb
+++ b/app/controllers/my_profile/profile_editor_controller.rb
@@ -48,6 +48,11 @@ class ProfileEditorController < MyProfileController
def sanitize
if params[:info]
params[:info][:name] = html_escape(params[:info][:name]) if params[:info][:name]
+ params[:info][:contact_person] = html_escape(params[:info][:contact_person]) if params[:info][:contact_person]
+ params[:info][:acronym] = html_escape(params[:info][:acronym]) if params[:info][:acronym]
+ params[:info][:legal_form] = html_escape(params[:info][:legal_form]) if params[:info][:legal_form]
+ params[:info][:economic_activity] = html_escape(params[:info][:economic_activity]) if params[:info][:economic_activity]
+ params[:info][:management_information] = html_escape(params[:info][:management_information]) if params[:info][:management_information]
end
end
diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb
index 92dfb24..ed5398c 100644
--- a/test/functional/profile_editor_controller_test.rb
+++ b/test/functional/profile_editor_controller_test.rb
@@ -99,4 +99,39 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
assert_not_equal name, assigns(:profile).info.name
end
+ should 'filter html from contact_person to organization' do
+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+ contact = "name with html"
+ post :edit, :profile => org.identifier, :info => { :contact_person => contact }
+ assert_not_equal contact, assigns(:profile).info.contact_person
+ end
+
+ should 'filter html from acronym organization' do
+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+ value = "name with html"
+ post :edit, :profile => org.identifier, :info => { :acronym => value }
+ assert_not_equal value, assigns(:profile).info.acronym
+ end
+
+ should 'filter html from legal_form organization' do
+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+ value = "name with html"
+ post :edit, :profile => org.identifier, :info => { :legal_form => value }
+ assert_not_equal value, assigns(:profile).info.legal_form
+ end
+
+ should 'filter html from economic_activity organization' do
+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+ value = "name with html"
+ post :edit, :profile => org.identifier, :info => { :economic_activity => value }
+ assert_not_equal value, assigns(:profile).info.economic_activity
+ end
+
+ should 'filter html from management_information organization' do
+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+ value = "name with html"
+ post :edit, :profile => org.identifier, :info => { :management_information => value }
+ assert_not_equal value, assigns(:profile).info.management_information
+ end
+
end
--
libgit2 0.21.2