Commit 90f3cf8289000f9f49a5aab92b6d551e89fe3765
1 parent
68833fe4
Exists in
master
and in
23 other branches
ActionItem192: filtering title and body of comments
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1674 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
6 changed files
with
44 additions
and
40 deletions
Show diff stats
app/controllers/public/content_viewer_controller.rb
| @@ -69,13 +69,12 @@ class ContentViewerController < PublicController | @@ -69,13 +69,12 @@ class ContentViewerController < PublicController | ||
| 69 | 69 | ||
| 70 | private | 70 | private |
| 71 | 71 | ||
| 72 | + require 'erb' | ||
| 72 | include ERB::Util | 73 | include ERB::Util |
| 73 | - | ||
| 74 | def sanitize | 74 | def sanitize |
| 75 | if params[:comment] | 75 | if params[:comment] |
| 76 | - if params[:comment][:body] | ||
| 77 | - params[:comment][:body] = html_escape(params[:comment][:body]) | ||
| 78 | - end | 76 | + params[:comment][:body] = html_escape(params[:comment][:body]) if params[:comment][:body] |
| 77 | + params[:comment][:title] = html_escape(params[:comment][:title]) if params[:comment][:title] | ||
| 79 | end | 78 | end |
| 80 | end | 79 | end |
| 81 | 80 |
lib/noosfero/core_ext/string.rb
| @@ -39,4 +39,5 @@ class String | @@ -39,4 +39,5 @@ class String | ||
| 39 | def to_slug | 39 | def to_slug |
| 40 | transliterate.downcase.gsub(/^\d+/,'').gsub( /[^a-z0-9~\s:;+=_.-]/, '').gsub(/[\s:;+=_.-]+/, '-').gsub(/-$ | ^-/, '').to_s | 40 | transliterate.downcase.gsub(/^\d+/,'').gsub( /[^a-z0-9~\s:;+=_.-]/, '').gsub(/[\s:;+=_.-]+/, '-').gsub(/-$ | ^-/, '').to_s |
| 41 | end | 41 | end |
| 42 | + | ||
| 42 | end | 43 | end |
test/functional/content_viewer_controller_test.rb
| @@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
| 195 | assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } | 195 | assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } |
| 196 | end | 196 | end |
| 197 | 197 | ||
| 198 | + should 'filter html content from title' do | ||
| 199 | + login_as @profile.identifier | ||
| 200 | + page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') | ||
| 201 | + post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], | ||
| 202 | + :comment => { :title => "html <strong id='html_test_comment'>comment</strong>", :body => "this is a comment" } | ||
| 203 | + assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } | ||
| 204 | + end | ||
| 205 | + | ||
| 198 | end | 206 | end |
test/unit/slug_test.rb
| @@ -1,26 +0,0 @@ | @@ -1,26 +0,0 @@ | ||
| 1 | -require File.dirname(__FILE__) + '/../test_helper' | ||
| 2 | - | ||
| 3 | -# tests for String#to_slug core extension. See lib/noosfero/core_ext/string.rb | ||
| 4 | -class SlugTest < Test::Unit::TestCase | ||
| 5 | - | ||
| 6 | - should 'keep only alphanum' do | ||
| 7 | - assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug | ||
| 8 | - end | ||
| 9 | - | ||
| 10 | - should 'turn punctuation into dashes' do | ||
| 11 | - assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug | ||
| 12 | - end | ||
| 13 | - | ||
| 14 | - should 'truncate dashes' do | ||
| 15 | - assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug | ||
| 16 | - end | ||
| 17 | - | ||
| 18 | - should 'turn spaces into dashes' do | ||
| 19 | - assert_equal 'a-b', 'a b'.to_slug | ||
| 20 | - end | ||
| 21 | - | ||
| 22 | - should 'not remove dots' do | ||
| 23 | - assert_equal 'a.b', 'a.b'.to_slug | ||
| 24 | - end | ||
| 25 | - | ||
| 26 | -end |
| @@ -0,0 +1,32 @@ | @@ -0,0 +1,32 @@ | ||
| 1 | +require File.dirname(__FILE__) + '/../test_helper' | ||
| 2 | + | ||
| 3 | +# tests for String core extension. See lib/noosfero/core_ext/string.rb | ||
| 4 | +class StringCoreExtTest < Test::Unit::TestCase | ||
| 5 | + | ||
| 6 | + # tests for String#to_slug | ||
| 7 | + should 'keep only alphanum' do | ||
| 8 | + assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug | ||
| 9 | + end | ||
| 10 | + | ||
| 11 | + should 'turn punctuation into dashes' do | ||
| 12 | + assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug | ||
| 13 | + end | ||
| 14 | + | ||
| 15 | + should 'truncate dashes' do | ||
| 16 | + assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug | ||
| 17 | + end | ||
| 18 | + | ||
| 19 | + should 'turn spaces into dashes' do | ||
| 20 | + assert_equal 'a-b', 'a b'.to_slug | ||
| 21 | + end | ||
| 22 | + | ||
| 23 | + should 'not remove dots' do | ||
| 24 | + assert_equal 'a.b', 'a.b'.to_slug | ||
| 25 | + end | ||
| 26 | + | ||
| 27 | + # tests for String#transliterate | ||
| 28 | + should 'transliterate' do | ||
| 29 | + assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate | ||
| 30 | + end | ||
| 31 | + | ||
| 32 | +end |
test/unit/transliterations_test.rb