Commit 06e7258cfeafbd89df6c57798fb0d3f9ba37e416
Exists in
ratings_minor_fixes
and in
4 other branches
Merge branch 'html-safe-blocks' into 'master'
html_safe: fix edition of some blocks See merge request !900
Showing
3 changed files
with
30 additions
and
2 deletions
Show diff stats
app/helpers/block_helper.rb
@@ -28,7 +28,7 @@ module BlockHelper | @@ -28,7 +28,7 @@ module BlockHelper | ||
28 | }</label></td> | 28 | }</label></td> |
29 | <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td> | 29 | <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td> |
30 | </tr> | 30 | </tr> |
31 | - " | 31 | + ".html_safe |
32 | end | 32 | end |
33 | 33 | ||
34 | end | 34 | end |
app/views/box_organizer/edit.html.erb
1 | <div class="block-config-options <%= @block.class.name %>-options"> | 1 | <div class="block-config-options <%= @block.class.name %>-options"> |
2 | - <h2 class="title"><%= _(@block.class.description) %></h2> | 2 | + <h2 class="title"><%= _(@block.class.description).html_safe %></h2> |
3 | 3 | ||
4 | <%= form_tag(:action => 'save', :id => @block.id) do %> | 4 | <%= form_tag(:action => 'save', :id => @block.id) do %> |
5 | 5 |
test/integration/safe_strings_test.rb
@@ -2,6 +2,14 @@ require_relative "../test_helper" | @@ -2,6 +2,14 @@ require_relative "../test_helper" | ||
2 | 2 | ||
3 | class SafeStringsTest < ActionDispatch::IntegrationTest | 3 | class SafeStringsTest < ActionDispatch::IntegrationTest |
4 | 4 | ||
5 | + def setup | ||
6 | + @user = create_user('safestring', :password => 'test', :password_confirmation => 'test') | ||
7 | + @user.activate | ||
8 | + @person = user.person | ||
9 | + end | ||
10 | + | ||
11 | + attr_accessor :user, :person | ||
12 | + | ||
5 | should 'not escape link to admins on profile page' do | 13 | should 'not escape link to admins on profile page' do |
6 | person = fast_create Person | 14 | person = fast_create Person |
7 | community = fast_create Community | 15 | community = fast_create Community |
@@ -135,4 +143,24 @@ class SafeStringsTest < ActionDispatch::IntegrationTest | @@ -135,4 +143,24 @@ class SafeStringsTest < ActionDispatch::IntegrationTest | ||
135 | } | 143 | } |
136 | end | 144 | end |
137 | 145 | ||
146 | + should 'not escape block title when edit a block' do | ||
147 | + class OtherBlock < Block | ||
148 | + def self.description | ||
149 | + _("<p class='other-block'>Other Block</p>") | ||
150 | + end | ||
151 | + end | ||
152 | + login user.login, 'test' | ||
153 | + block = OtherBlock.new | ||
154 | + person.boxes.first.blocks << block | ||
155 | + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) | ||
156 | + assert_select '.block-config-options .other-block' | ||
157 | + end | ||
158 | + | ||
159 | + should 'not escape edit settings in highlight block' do | ||
160 | + login user.login, 'test' | ||
161 | + block = HighlightsBlock.new | ||
162 | + person.boxes.first.blocks << block | ||
163 | + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) | ||
164 | + assert_select '.block-config-options .image-data-line' | ||
165 | + end | ||
138 | end | 166 | end |