From dc74d7816506eb283c3327e84da758c992c33e34 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Thu, 5 May 2016 17:48:54 -0300
Subject: [PATCH] relevant_content: fix html escaping

---
 plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb | 45 +++++++++++++++------------------------------
 plugins/relevant_content/test/unit/relevant_content_block_test.rb              |  7 +++++++
 2 files changed, 22 insertions(+), 30 deletions(-)

diff --git a/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb b/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
index bfa02ce..7380fe0 100644
--- a/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
+++ b/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
@@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock < Block
 
     if self.show_most_read
       docs = Article.most_accessed(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
-      end
+      content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
     end
 
     if self.show_most_commented
       docs = Article.most_commented_relevant_content(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
-      end
+      content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
     end
 
     if owner.kind_of?(Environment)
@@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock < Block
     if env.plugin_enabled?('VotePlugin')
       if self.show_most_liked
         docs = Article.more_positive_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
-        end
+        content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
       end
       if self.show_most_disliked
         docs = Article.more_negative_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
-        end
+        content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
       end
 
       if self.show_most_voted
         docs = Article.most_voted(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
-        end
+        content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
       end
     end
     return content.html_safe
@@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock < Block
       { :profile => [:article], :environment => [:article] }
   end
 
+  protected
+
+  def subcontent(docs, title, html_class)
+    subcontent = safe_join([
+      content_tag(:span, title, class: "title #{html_class}"),
+      content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
+    ], "\n")
+    content_tag(:div, subcontent, :class=>"block #{html_class}")
+  end
+
 end
diff --git a/plugins/relevant_content/test/unit/relevant_content_block_test.rb b/plugins/relevant_content/test/unit/relevant_content_block_test.rb
index 920cbce..dc93f38 100644
--- a/plugins/relevant_content/test/unit/relevant_content_block_test.rb
+++ b/plugins/relevant_content/test/unit/relevant_content_block_test.rb
@@ -77,4 +77,11 @@ class RelevantContentBlockTest < ActiveSupport::TestCase
     assert_equal false, data.empty?
   end
 
+  should 'not escape html in block content' do
+    fast_create(Article, profile_id: profile.id, hits: 10)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
+    block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+    Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
+    assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
+  end
 end
--
libgit2 0.21.2