Download as
Browse Code »

Commit f30fb2164bd28b162f6f9635918b4350e5579a37

Authored by Daniela Feitosa
Committed by Antonio Terceiro
1 parent 6ae03d55
Exists in master and in 23 other branches activate_plugin, api_fixies, api_tasks, article_blog_visualization_format, article_layout_refactoring, article_layout_temp, blog_page_bug, clone_article, communities_ratings, design_template, event_layout, fix_forum, fix_optional_fields, fix_suggest_article, folder_improvments, manage_organization, merge_deactive_and_ban, news_page, script_to_update, stable, template_mirror_block, tests, tests_fixies

ActionItem1216: unescaped html comment tags on articles 

* monkey patch in the plugin init
Showing 3 changed files with 20 additions and 3 deletions   Show diff stats
test/unit/text_article_test.rb
  Diff comments   View file @f30fb21
... ... @@ -19,5 +19,11 @@ class TextArticleTest < Test::Unit::TestCase
19 19 article = TextileArticle.create!(:name => 'found article test', :profile => person)
20 20 assert_equal TextileArticle.find_by_contents('found'), TextArticle.find_by_contents('found')
21 21 end
22   -
  22 +
  23 + should 'remove comments from TextArticle body' do
  24 + person = create_user('testuser').person
  25 + article = TextArticle.create!(:profile => person, :name => 'article', :body => "the <!-- comment --> article ...")
  26 + assert_equal "the article ...", article.body
  27 + end
  28 +
23 29 end
... ...
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @f30fb21
... ... @@ -35,8 +35,12 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
35 35 should 'not translate & to amp; over times' do
36 36 article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
37 37 assert article.save
38   - assert_no_match /&amp;amp;/, article.body
39   - assert_match /&amp;/, article.body
  38 + assert_no_match(/&amp;amp;/, article.body)
  39 + assert_match(/&amp;/, article.body)
40 40 end
41 41  
  42 + should 'not escape comments from tiny mce article body' do
  43 + article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...")
  44 + assert_equal "the <!-- comment --> article ...", article.body
  45 + end
42 46 end
... ...
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
  Diff comments   View file @f30fb21
... ... @@ -4,6 +4,13 @@
4 4 # this was solved in rails 2.2.1, then remove this patch when upgrade to it
5 5  
6 6 HTML::WhiteListSanitizer.module_eval do
  7 +
  8 + def sanitize_with_filter_comments(*args, &block)
  9 + text = sanitize_without_filter_comments(*args, &block)
  10 + text.gsub(/&lt;!--/, '<!--') if text
  11 + end
  12 + alias_method_chain :sanitize, :filter_comments
  13 +
7 14 # unescape before reescape to avoid:
8 15 # & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> &amp;amp;amp;amp; -> etc
9 16 protected
... ...