Commit 21196194015176edd4061a3b1381222b8daae818
Committed by
Antonio Terceiro
Antonio Terceiro
1 parent
2b38e038
Exists in
master
and in
23 other branches
ActionItem1176: (again) Links in WYSIWYG keep changing & to & in each edition
Showing
3 changed files
with
34 additions
and
17 deletions
Show diff stats
app/views/shared/tiny_mce.rhtml
| @@ -24,7 +24,7 @@ tinyMCE.init({ | @@ -24,7 +24,7 @@ tinyMCE.init({ | ||
| 24 | apply_source_formatting : true, | 24 | apply_source_formatting : true, |
| 25 | content_css: '/stylesheets/tinymce.css', | 25 | content_css: '/stylesheets/tinymce.css', |
| 26 | language: <%= tinymce_language.inspect %>, | 26 | language: <%= tinymce_language.inspect %>, |
| 27 | - cleanup_callback : "customCleanup" | 27 | + entity_encoding: 'raw' |
| 28 | }); | 28 | }); |
| 29 | 29 | ||
| 30 | function convertWord(type, content) { | 30 | function convertWord(type, content) { |
| @@ -43,16 +43,4 @@ function convertWord(type, content) { | @@ -43,16 +43,4 @@ function convertWord(type, content) { | ||
| 43 | return content; | 43 | return content; |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | -function customCleanup(type, value) { | ||
| 47 | - switch (type) { | ||
| 48 | - case "get_from_editor": | ||
| 49 | - value = value.replace(/&amp;/g,"&"); | ||
| 50 | - break; | ||
| 51 | - case "insert_to_editor": | ||
| 52 | - value = value.replace(/&amp;/g,"&"); | ||
| 53 | - break; | ||
| 54 | - } | ||
| 55 | - return value; | ||
| 56 | -} | ||
| 57 | - | ||
| 58 | </script> | 46 | </script> |
test/unit/tiny_mce_article_test.rb
| @@ -4,7 +4,9 @@ class TinyMceArticleTest < Test::Unit::TestCase | @@ -4,7 +4,9 @@ class TinyMceArticleTest < Test::Unit::TestCase | ||
| 4 | 4 | ||
| 5 | def setup | 5 | def setup |
| 6 | Article.rebuild_index | 6 | Article.rebuild_index |
| 7 | + @profile = create_user('zezinho').person | ||
| 7 | end | 8 | end |
| 9 | + attr_reader :profile | ||
| 8 | 10 | ||
| 9 | # this test can be removed when we get real tests for TinyMceArticle | 11 | # this test can be removed when we get real tests for TinyMceArticle |
| 10 | should 'be an article' do | 12 | should 'be an article' do |
| @@ -20,16 +22,21 @@ class TinyMceArticleTest < Test::Unit::TestCase | @@ -20,16 +22,21 @@ class TinyMceArticleTest < Test::Unit::TestCase | ||
| 20 | end | 22 | end |
| 21 | 23 | ||
| 22 | should 'be found when searching for articles by query' do | 24 | should 'be found when searching for articles by query' do |
| 23 | - ze = create_user('zezinho').person | ||
| 24 | - tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => ze) | 25 | + tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => profile) |
| 25 | assert_includes TinyMceArticle.find_by_contents('article'), tma | 26 | assert_includes TinyMceArticle.find_by_contents('article'), tma |
| 26 | assert_includes Article.find_by_contents('article'), tma | 27 | assert_includes Article.find_by_contents('article'), tma |
| 27 | end | 28 | end |
| 28 | 29 | ||
| 29 | should 'not sanitize target attribute' do | 30 | should 'not sanitize target attribute' do |
| 30 | - ze = create_user('zezinho').person | ||
| 31 | - article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => ze) | 31 | + article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile) |
| 32 | assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} | 32 | assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} |
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | + should 'not translate & to amp; over times' do | ||
| 36 | + article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value¶m2=value'>link</a>", :profile => profile) | ||
| 37 | + assert article.save | ||
| 38 | + assert_no_match /&amp;/, article.body | ||
| 39 | + assert_match /&/, article.body | ||
| 40 | + end | ||
| 41 | + | ||
| 35 | end | 42 | end |
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
0 → 100644
| @@ -0,0 +1,22 @@ | @@ -0,0 +1,22 @@ | ||
| 1 | +# monkey patch to fix WhiteListSanitizer bug | ||
| 2 | +# http://apidock.com/rails/HTML/WhiteListSanitizer/process_attributes_for | ||
| 3 | +# | ||
| 4 | +# this was solved in rails 2.2.1, then remove this patch when upgrade to it | ||
| 5 | + | ||
| 6 | +HTML::WhiteListSanitizer.module_eval do | ||
| 7 | + # unescape before reescape to avoid: | ||
| 8 | + # & -> & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> etc | ||
| 9 | + protected | ||
| 10 | + def process_attributes_for(node, options) | ||
| 11 | + return unless node.attributes | ||
| 12 | + node.attributes.keys.each do |attr_name| | ||
| 13 | + value = node.attributes[attr_name].to_s | ||
| 14 | + | ||
| 15 | + if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value) | ||
| 16 | + node.attributes.delete(attr_name) | ||
| 17 | + else | ||
| 18 | + node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value)) | ||
| 19 | + end | ||
| 20 | + end | ||
| 21 | + end | ||
| 22 | +end |