Merge branch 'html-safe-blocks' into 'master'

html_safe: fix edition of some blocks See merge request !900

Merge branch 'html-safe-blocks' into 'master'
html_safe: fix edition of some blocks See merge request !900
Joenio Costa
2 parents a6d617ca 9cba9de7
Showing 3 changed files with 30 additions and 2 deletions Show diff stats
app/helpers/block_helper.rb
app/views/box_organizer/edit.html.erb
test/integration/safe_strings_test.rb
@@ -28,7 +28,7 @@ module BlockHelper
       }</label></td>
       <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td>
     </tr>
-    "
+    ".html_safe
   end
  
 end
 <div class="block-config-options <%= @block.class.name %>-options">
-  <h2 class="title"><%= _(@block.class.description) %></h2>
+  <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
  
   <%= form_tag(:action => 'save', :id => @block.id) do %>
  
@@ -2,6 +2,14 @@ require_relative &quot;../test_helper&quot;
  
 class SafeStringsTest < ActionDispatch::IntegrationTest
  
+  def setup
+    @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
+    @user.activate
+    @person = user.person
+  end
+
+  attr_accessor :user, :person
+
   should 'not escape link to admins on profile page' do
     person = fast_create Person
     community = fast_create Community
@@ -135,4 +143,24 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
     }
   end
  
+  should 'not escape block title when edit a block' do
+    class OtherBlock < Block
+      def self.description
+        _("<p class='other-block'>Other Block</p>")
+      end
+    end
+    login user.login, 'test'
+    block = OtherBlock.new
+    person.boxes.first.blocks << block
+    get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+    assert_select '.block-config-options .other-block'
+  end
+
+  should 'not escape edit settings in highlight block' do
+    login user.login, 'test'
+    block = HighlightsBlock.new
+    person.boxes.first.blocks << block
+    get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+    assert_select '.block-config-options .image-data-line'
+  end
 end
...	...	@@ -28,7 +28,7 @@ module BlockHelper
28	28	}</label></td>
29	29	<td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td>
30	30	</tr>
31		- "
	31	+ ".html_safe
32	32	end
33	33
34	34	end
...	...
1	1	<div class="block-config-options <%= @block.class.name %>-options">
2		- <h2 class="title"><%= _(@block.class.description) %></h2>
	2	+ <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
3	3
4	4	<%= form_tag(:action => 'save', :id => @block.id) do %>
5	5
...	...
...	...	@@ -2,6 +2,14 @@ require_relative "../test_helper"
2	2
3	3	class SafeStringsTest < ActionDispatch::IntegrationTest
4	4
	5	+ def setup
	6	+ @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
	7	+ @user.activate
	8	+ @person = user.person
	9	+ end
	10	+
	11	+ attr_accessor :user, :person
	12	+
5	13	should 'not escape link to admins on profile page' do
6	14	person = fast_create Person
7	15	community = fast_create Community
...	...	@@ -135,4 +143,24 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
135	143	}
136	144	end
137	145
	146	+ should 'not escape block title when edit a block' do
	147	+ class OtherBlock < Block
	148	+ def self.description
	149	+ _("<p class='other-block'>Other Block</p>")
	150	+ end
	151	+ end
	152	+ login user.login, 'test'
	153	+ block = OtherBlock.new
	154	+ person.boxes.first.blocks << block
	155	+ get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
	156	+ assert_select '.block-config-options .other-block'
	157	+ end
	158	+
	159	+ should 'not escape edit settings in highlight block' do
	160	+ login user.login, 'test'
	161	+ block = HighlightsBlock.new
	162	+ person.boxes.first.blocks << block
	163	+ get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
	164	+ assert_select '.block-config-options .image-data-line'
	165	+ end
138	166	end
...	...