Download as
Browse Code »

Commit 50c9c2971ed3ebc1041521900ea38caed524b4af

Authored by Antonio Terceiro
Committed by Joenio Costa
1 parent 65ee2d89
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Don't sanitize abstract and body in TextArticle 

Since TinyMCE already overrides this validation, the only effect of
these validations in the TextArticle class is severely breaking
TextileArticle markup.
Showing 2 changed files with 2 additions and 12 deletions   Show diff stats
app/models/text_article.rb
  Diff comments   View file @50c9c29
1 1 # a base class for all text article types.
2 2 class TextArticle < Article
3 3  
4   - xss_terminate :only => [ :name, :abstract, :body ], :on => 'validation'
  4 + xss_terminate :only => [ :name ], :on => 'validation'
5 5  
6 6 include Noosfero::TranslatableContent
7 7  
... ...
test/unit/text_article_test.rb
  Diff comments   View file @50c9c29
... ... @@ -20,23 +20,13 @@ class TextArticleTest &lt; Test::Unit::TestCase
20 20 assert_equal TextileArticle.find_by_contents('found'), TextArticle.find_by_contents('found')
21 21 end
22 22  
23   - should 'remove comments from TextArticle body' do
24   - person = create_user('testuser').person
25   - article = TextArticle.create!(:profile => person, :name => 'article', :body => "the <!-- comment --> article ...")
26   - assert_equal "the article ...", article.body
27   - end
28   -
29   - should 'escape malformed html tags' do
  23 + should 'remove HTML from name' do
30 24 person = create_user('testuser').person
31 25 article = TextArticle.new(:profile => person)
32 26 article.name = "<h1 Malformed >> html >>></a>< tag"
33   - article.abstract = "<h1 Malformed <<h1>>< html >< tag"
34   - article.body = "<h1><</h2< Malformed >> html >< tag"
35 27 article.valid?
36 28  
37 29 assert_no_match /[<>]/, article.name
38   - assert_no_match /[<>]/, article.abstract
39   - assert_no_match /[<>]/, article.body
40 30 end
41 31  
42 32 should 'be translatable' do
... ...