Commit 05010771c5baabe0d384494b5a35be535d62beea
1 parent
27b6a398
Exists in
send_email_to_admins
and in
5 other branches
fix html escape of activity lead
Showing
2 changed files
with
19 additions
and
1 deletions
Show diff stats
app/views/profile/_create_article.html.erb
| ... | ... | @@ -9,7 +9,7 @@ |
| 9 | 9 | <div class='profile-activity-lead'> |
| 10 | 10 | <div class='article-name'><%= link_to(activity.params['name'], activity.params['url']) %></div> |
| 11 | 11 | <span title='<%= activity.target.class.short_description %>' class='profile-activity-icon icon-new icon-new<%= activity.target.class.icon_name %>'></span> |
| 12 | - <%= image_tag(activity.params['first_image']) unless activity.params['first_image'].blank? %><%= strip_tags(truncate(activity.params['lead'], :length => 1000, :ommision => '...')).gsub(/(\xC2\xA0|\s)+/, ' ').gsub(/^\s+/, '') unless activity.params['lead'].blank? %> <small><%= link_to(_('See more'), activity.params['url']) unless activity.get_lead.blank? %></small> | |
| 12 | + <%= image_tag(activity.params['first_image']) unless activity.params['first_image'].blank? %><%= strip_tags(truncate(activity.params['lead'].html_safe, :length => 1000, :ommision => '...')).gsub(/(\xC2\xA0|\s)+/, ' ').gsub(/^\s+/, '') unless activity.params['lead'].blank? %><small><%= link_to(_('See more'), activity.params['url']) unless activity.get_lead.blank? %></small> | |
| 13 | 13 | </div> |
| 14 | 14 | <%= content_tag(:p, link_to(_('See complete forum'), activity.get_url), :class => 'see-forum') if activity.target.is_a?(Forum) %> |
| 15 | 15 | <p class='profile-activity-time'><%= time_ago_in_words(activity.created_at) %></p> | ... | ... |
test/integration/safe_strings_test.rb
| ... | ... | @@ -117,4 +117,22 @@ class SafeStringsTest < ActionDispatch::IntegrationTest |
| 117 | 117 | get "/myprofile/jimi/cms/new?type=TinyMceArticle" |
| 118 | 118 | assert_no_match /title: "Safestringstest::plugin1::macro"/, response.body |
| 119 | 119 | end |
| 120 | + | |
| 121 | + should 'not escape short_description of articles in activities' do | |
| 122 | + user = create_user('marley', :password => 'test', :password_confirmation => 'test') | |
| 123 | + user.activate | |
| 124 | + profile = user.person | |
| 125 | + login 'marley', 'test' | |
| 126 | + | |
| 127 | + expected_content = 'something' | |
| 128 | + html_content = "<p>#{expected_content}</p>" | |
| 129 | + article = TinyMceArticle.create!(:profile => profile, :name => 'An Article about Free Software', :body => html_content) | |
| 130 | + ActionTracker::Record.destroy_all | |
| 131 | + activity = create(ActionTracker::Record, :user_id => profile.id, :user_type => 'Profile', :verb => 'create_article', :target_id => article.id, :target_type => 'Article', :params => {'name' => article.name, 'url' => article.url, 'lead' => article.lead, 'first_image' => article.first_image}) | |
| 132 | + get "/profile/marley" | |
| 133 | + assert_tag 'li', :attributes => {:id => "profile-activity-item-#{activity.id}"}, :descendant => { | |
| 134 | + :tag => 'div', :content => "\n " + expected_content, :attributes => {:class => 'profile-activity-lead'} | |
| 135 | + } | |
| 136 | + end | |
| 137 | + | |
| 120 | 138 | end | ... | ... |