Download as
Browse Code »

Commit 963fc12347c3b5dbb1fc40bfd1cb0d0b6ffdb06e

Authored by Victor Costa
1 parent 9cc7056d
Exists in staging and in 31 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

html_safe: avoid escape task information string

Showing 2 changed files with 9 additions and 1 deletions   Show diff stats
app/views/profile_editor/_pending_tasks.html.erb
  Diff comments   View file @963fc12
... ... @@ -4,7 +4,7 @@
4 4 <div class='pending-tasks'>
5 5 <h2><%= _('You have pending requests') %></h2>
6 6 <ul>
7   - <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %>
  7 + <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task).html_safe)}) %>
8 8 </ul>
9 9 <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
10 10 </div>
... ...
test/integration/safe_strings_test.rb
  Diff comments   View file @963fc12
... ... @@ -84,4 +84,12 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
84 84 }
85 85 end
86 86  
  87 + should 'not escape task information on manage profile' do
  88 + create_user('marley', :password => 'test', :password_confirmation => 'test').activate
  89 + person = Person['marley']
  90 + task = create(Task, :requestor => person, :target => person)
  91 + login 'marley', 'test'
  92 + get "/myprofile/marley"
  93 + assert_select ".pending-tasks ul li a"
  94 + end
87 95 end
... ...