Commit 498b30785a726f218df71342eaae4d195f74a2b3
1 parent
464b8a1c
Exists in
send_email_to_admins
and in
5 other branches
html_safe: fix author link in publishing info
Showing
2 changed files
with
9 additions
and
1 deletions
Show diff stats
app/views/content_viewer/_publishing_info.html.erb
| ... | ... | @@ -3,7 +3,7 @@ |
| 3 | 3 | <%= show_time(@page.published_at) %> |
| 4 | 4 | </span> |
| 5 | 5 | <span class="author"> |
| 6 | - <%= _(", by %s") % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %> | |
| 6 | + <%= _(", by %s").html_safe % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %> | |
| 7 | 7 | </span> |
| 8 | 8 | <% unless @no_comments %> |
| 9 | 9 | <span class="comments"> | ... | ... |
test/integration/safe_strings_test.rb
| ... | ... | @@ -92,4 +92,12 @@ class SafeStringsTest < ActionDispatch::IntegrationTest |
| 92 | 92 | get "/myprofile/marley" |
| 93 | 93 | assert_select ".pending-tasks ul li a" |
| 94 | 94 | end |
| 95 | + | |
| 96 | + should 'not escape author link in publishing info of article' do | |
| 97 | + create_user('jimi', :password => 'test', :password_confirmation => 'test').activate | |
| 98 | + person = Person['jimi'] | |
| 99 | + article = fast_create(Article, author_id: person.id, profile_id: person.id) | |
| 100 | + get url_for(article.view_url) | |
| 101 | + assert_select ".publishing-info .author a" | |
| 102 | + end | |
| 95 | 103 | end | ... | ... |