Download as
Browse Code »

Commit 21196194015176edd4061a3b1381222b8daae818

Authored by Joenio Costa
Committed by Antonio Terceiro
1 parent 2b38e038
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem1176: (again) Links in WYSIWYG keep changing & to &amp in each edition

Showing 3 changed files with 34 additions and 17 deletions   Show diff stats
app/views/shared/tiny_mce.rhtml
  Diff comments   View file @2119619
@@ -24,7 +24,7 @@ tinyMCE.init({ @@ -24,7 +24,7 @@ tinyMCE.init({
24 apply_source_formatting : true, 24 apply_source_formatting : true,
25 content_css: '/stylesheets/tinymce.css', 25 content_css: '/stylesheets/tinymce.css',
26 language: <%= tinymce_language.inspect %>, 26 language: <%= tinymce_language.inspect %>,
27 - cleanup_callback : "customCleanup" 27 + entity_encoding: 'raw'
28 }); 28 });
29 29
30 function convertWord(type, content) { 30 function convertWord(type, content) {
@@ -43,16 +43,4 @@ function convertWord(type, content) { @@ -43,16 +43,4 @@ function convertWord(type, content) {
43 return content; 43 return content;
44 } 44 }
45 45
46 -function customCleanup(type, value) {  
47 - switch (type) {  
48 - case "get_from_editor":  
49 - value = value.replace(/&amp;amp;/g,"&amp;");  
50 - break;  
51 - case "insert_to_editor":  
52 - value = value.replace(/&amp;amp;/g,"&amp;");  
53 - break;  
54 - }  
55 - return value;  
56 -}  
57 -  
58 </script> 46 </script>
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @2119619
@@ -4,7 +4,9 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase @@ -4,7 +4,9 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
4 4
5 def setup 5 def setup
6 Article.rebuild_index 6 Article.rebuild_index
  7 + @profile = create_user('zezinho').person
7 end 8 end
  9 + attr_reader :profile
8 10
9 # this test can be removed when we get real tests for TinyMceArticle 11 # this test can be removed when we get real tests for TinyMceArticle
10 should 'be an article' do 12 should 'be an article' do
@@ -20,16 +22,21 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase @@ -20,16 +22,21 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
20 end 22 end
21 23
22 should 'be found when searching for articles by query' do 24 should 'be found when searching for articles by query' do
23 - ze = create_user('zezinho').person  
24 - tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => ze) 25 + tma = TinyMceArticle.create!(:name => 'test tinymce article', :body => '---', :profile => profile)
25 assert_includes TinyMceArticle.find_by_contents('article'), tma 26 assert_includes TinyMceArticle.find_by_contents('article'), tma
26 assert_includes Article.find_by_contents('article'), tma 27 assert_includes Article.find_by_contents('article'), tma
27 end 28 end
28 29
29 should 'not sanitize target attribute' do 30 should 'not sanitize target attribute' do
30 - ze = create_user('zezinho').person  
31 - article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => ze) 31 + article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile)
32 assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} 32 assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
33 end 33 end
34 34
  35 + should 'not translate & to amp; over times' do
  36 + article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
  37 + assert article.save
  38 + assert_no_match /&amp;amp;/, article.body
  39 + assert_match /&amp;/, article.body
  40 + end
  41 +
35 end 42 end
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb 0 → 100644
  Diff comments   View file @2119619
@@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
  1 +# monkey patch to fix WhiteListSanitizer bug
  2 +# http://apidock.com/rails/HTML/WhiteListSanitizer/process_attributes_for
  3 +#
  4 +# this was solved in rails 2.2.1, then remove this patch when upgrade to it
  5 +
  6 +HTML::WhiteListSanitizer.module_eval do
  7 + # unescape before reescape to avoid:
  8 + # & -> &amp; -> &amp;amp; -> &amp;amp;amp; -> &amp;amp;amp;amp; -> etc
  9 + protected
  10 + def process_attributes_for(node, options)
  11 + return unless node.attributes
  12 + node.attributes.keys.each do |attr_name|
  13 + value = node.attributes[attr_name].to_s
  14 +
  15 + if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
  16 + node.attributes.delete(attr_name)
  17 + else
  18 + node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
  19 + end
  20 + end
  21 + end
  22 +end