CommunityTrack: avoid html parse in body and lead tracks and steps

Leandro Santos
1 parent 841f32a9
Showing 4 changed files with 4 additions and 4 deletions Show diff stats
plugins/community_track/views/blocks/_track.html.erb
plugins/community_track/views/content_viewer/_step_item.html.erb
plugins/community_track/views/content_viewer/step.html.erb
plugins/community_track/views/content_viewer/track.html.erb
@@ -5,7 +5,7 @@
     <div class="lead">
       <h3><%= link_to track.name, track.url %></h3>
       <div class="content">
-        <%= track.lead %>
+        <%= track.lead.html_safe %>
       </div>
     </div>
     <div class="steps">
@@ -10,7 +10,7 @@
         <%= status_description(step_item) %>
       </div>
       <div class="name"><span class="tool_icon button with-text icon-new icon-new<%= step_item.tool_class.icon_name if step_item.tool_class %>"></span>  <%= step_item.name %></div>
-      <div class="lead"><%= step_item.body %></div>
+      <div class="lead"><%= step_item.body.html_safe %></div>
       <div class="tools">
         <% if step_item.tool %>
           <%= _('Tool: ') %>
@@ -7,7 +7,7 @@
     </ul>
   </div>
   <div>
-    <%= step.body %>
+    <%= step.body.html_safe %>
   </div>
   <% if step.allow_create?(user) && !step.tool && step.tool_class %>
     <h3><%= _("Tool") %></h3>
@@ -3,7 +3,7 @@
 <%= form_tag({:controller => 'community_track_plugin_myprofile', :action => 'save_order', :track => track}) do %>
 <div id="track">
   <div>
-    <%= track.body %>
+    <%= track.body.html_safe %>
   </div>
   <h3><%= _("Steps") %></h3>
	@@ -5,7 +5,7 @@		@@ -5,7 +5,7 @@
5	<div class="lead">	5	<div class="lead">
6	<h3><%= link_to track.name, track.url %></h3>	6	<h3><%= link_to track.name, track.url %></h3>
7	<div class="content">	7	<div class="content">
8	- <%= track.lead %>	8	+ <%= track.lead.html_safe %>
9	</div>	9	</div>
10	</div>	10	</div>
11	<div class="steps">	11	<div class="steps">
	@@ -10,7 +10,7 @@		@@ -10,7 +10,7 @@
10	<%= status_description(step_item) %>	10	<%= status_description(step_item) %>
11	</div>	11	</div>
12	<div class="name"><span class="tool_icon button with-text icon-new icon-new<%= step_item.tool_class.icon_name if step_item.tool_class %>"></span> <%= step_item.name %></div>	12	<div class="name"><span class="tool_icon button with-text icon-new icon-new<%= step_item.tool_class.icon_name if step_item.tool_class %>"></span> <%= step_item.name %></div>
13	- <div class="lead"><%= step_item.body %></div>	13	+ <div class="lead"><%= step_item.body.html_safe %></div>
14	<div class="tools">	14	<div class="tools">
15	<% if step_item.tool %>	15	<% if step_item.tool %>
16	<%= _('Tool: ') %>	16	<%= _('Tool: ') %>
	@@ -7,7 +7,7 @@		@@ -7,7 +7,7 @@
7	</ul>	7	</ul>
8	</div>	8	</div>
9	<div>	9	<div>
10	- <%= step.body %>	10	+ <%= step.body.html_safe %>
11	</div>	11	</div>
12	<% if step.allow_create?(user) && !step.tool && step.tool_class %>	12	<% if step.allow_create?(user) && !step.tool && step.tool_class %>
13	<h3><%= _("Tool") %></h3>	13	<h3><%= _("Tool") %></h3>
	@@ -3,7 +3,7 @@		@@ -3,7 +3,7 @@
3	<%= form_tag({:controller => 'community_track_plugin_myprofile', :action => 'save_order', :track => track}) do %>	3	<%= form_tag({:controller => 'community_track_plugin_myprofile', :action => 'save_order', :track => track}) do %>
4	<div id="track">	4	<div id="track">
5	<div>	5	<div>
6	- <%= track.body %>	6	+ <%= track.body.html_safe %>
7	</div>	7	</div>
8		8
9	<h3><%= _("Steps") %></h3>	9	<h3><%= _("Steps") %></h3>