diff --git a/app/models/event.rb b/app/models/event.rb
index 8f22ca5..aaf28db 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -19,7 +19,7 @@ class Event < Article
maybe_add_http(self.setting[:link])
end
- xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
+ xss_terminate :only => [ :name, :body, :link, :address ], :with => 'white_list', :on => 'validation'
def initialize(*args)
super(*args)
diff --git a/test/unit/event_test.rb b/test/unit/event_test.rb
index 1df629e..03c44a0 100644
--- a/test/unit/event_test.rb
+++ b/test/unit/event_test.rb
@@ -155,6 +155,14 @@ class EventTest < ActiveSupport::TestCase
assert_no_tag_in_string e.body, :tag => 'script'
end
+ should 'filter HTML in name' do
+ profile = create_user('testuser').person
+ e = create(Event, :profile => profile, :name => 'a paragraph (valid)
"', :link => 'www.colivre.coop.br', :start_date => Date.today)
+
+ assert_tag_in_string e.name, :tag => 'p', :content => 'a paragraph (valid)'
+ assert_no_tag_in_string e.name, :tag => 'script'
+ end
+
should 'nil to link' do
e = Event.new
assert_nothing_raised TypeError do
--
libgit2 0.21.2