Commit 06e7258cfeafbd89df6c57798fb0d3f9ba37e416

Authored by Joenio Costa
2 parents a6d617ca 9cba9de7

Merge branch 'html-safe-blocks' into 'master'

html_safe: fix edition of some blocks



See merge request !900
app/helpers/block_helper.rb
... ... @@ -28,7 +28,7 @@ module BlockHelper
28 28 }</label></td>
29 29 <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td>
30 30 </tr>
31   - "
  31 + ".html_safe
32 32 end
33 33  
34 34 end
... ...
app/views/box_organizer/edit.html.erb
1 1 <div class="block-config-options <%= @block.class.name %>-options">
2   - <h2 class="title"><%= _(@block.class.description) %></h2>
  2 + <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
3 3  
4 4 <%= form_tag(:action => 'save', :id => @block.id) do %>
5 5  
... ...
test/integration/safe_strings_test.rb
... ... @@ -2,6 +2,14 @@ require_relative &quot;../test_helper&quot;
2 2  
3 3 class SafeStringsTest < ActionDispatch::IntegrationTest
4 4  
  5 + def setup
  6 + @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
  7 + @user.activate
  8 + @person = user.person
  9 + end
  10 +
  11 + attr_accessor :user, :person
  12 +
5 13 should 'not escape link to admins on profile page' do
6 14 person = fast_create Person
7 15 community = fast_create Community
... ... @@ -135,4 +143,24 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
135 143 }
136 144 end
137 145  
  146 + should 'not escape block title when edit a block' do
  147 + class OtherBlock < Block
  148 + def self.description
  149 + _("<p class='other-block'>Other Block</p>")
  150 + end
  151 + end
  152 + login user.login, 'test'
  153 + block = OtherBlock.new
  154 + person.boxes.first.blocks << block
  155 + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
  156 + assert_select '.block-config-options .other-block'
  157 + end
  158 +
  159 + should 'not escape edit settings in highlight block' do
  160 + login user.login, 'test'
  161 + block = HighlightsBlock.new
  162 + person.boxes.first.blocks << block
  163 + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
  164 + assert_select '.block-config-options .image-data-line'
  165 + end
138 166 end
... ...