Download as
Browse Code »

Commit dc74d7816506eb283c3327e84da758c992c33e34

Authored by Victor Costa
1 parent 86688d49
Exists in staging and in 30 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

relevant_content: fix html escaping

Showing 2 changed files with 22 additions and 30 deletions   Show diff stats
plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
  Diff comments   View file @dc74d78
... ... @@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock < Block
29 29  
30 30 if self.show_most_read
31 31 docs = Article.most_accessed(owner, self.limit)
32   - if !docs.blank?
33   - subcontent = ""
34   - subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
35   - subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
36   - content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
37   - end
  32 + content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
38 33 end
39 34  
40 35 if self.show_most_commented
41 36 docs = Article.most_commented_relevant_content(owner, self.limit)
42   - if !docs.blank?
43   - subcontent = ""
44   - subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
45   - subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
46   - content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
47   - end
  37 + content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
48 38 end
49 39  
50 40 if owner.kind_of?(Environment)
... ... @@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock < Block
56 46 if env.plugin_enabled?('VotePlugin')
57 47 if self.show_most_liked
58 48 docs = Article.more_positive_votes(owner, self.limit)
59   - if !docs.blank?
60   - subcontent = ""
61   - subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
62   - subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
63   - content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
64   - end
  49 + content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
65 50 end
66 51 if self.show_most_disliked
67 52 docs = Article.more_negative_votes(owner, self.limit)
68   - if !docs.blank?
69   - subcontent = ""
70   - subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
71   - subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
72   - content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
73   - end
  53 + content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
74 54 end
75 55  
76 56 if self.show_most_voted
77 57 docs = Article.most_voted(owner, self.limit)
78   - if !docs.blank?
79   - subcontent = ""
80   - subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
81   - subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
82   - content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
83   - end
  58 + content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
84 59 end
85 60 end
86 61 return content.html_safe
... ... @@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock < Block
94 69 { :profile => [:article], :environment => [:article] }
95 70 end
96 71  
  72 + protected
  73 +
  74 + def subcontent(docs, title, html_class)
  75 + subcontent = safe_join([
  76 + content_tag(:span, title, class: "title #{html_class}"),
  77 + content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
  78 + ], "\n")
  79 + content_tag(:div, subcontent, :class=>"block #{html_class}")
  80 + end
  81 +
97 82 end
... ...
plugins/relevant_content/test/unit/relevant_content_block_test.rb
  Diff comments   View file @dc74d78
... ... @@ -77,4 +77,11 @@ class RelevantContentBlockTest < ActiveSupport::TestCase
77 77 assert_equal false, data.empty?
78 78 end
79 79  
  80 + should 'not escape html in block content' do
  81 + fast_create(Article, profile_id: profile.id, hits: 10)
  82 + box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
  83 + block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
  84 + Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
  85 + assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
  86 + end
80 87 end
... ...