Download as
Browse Code »

Commit 50c9c2971ed3ebc1041521900ea38caed524b4af

Authored by Antonio Terceiro
Committed by Joenio Costa
1 parent 65ee2d89
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Don't sanitize abstract and body in TextArticle 

Since TinyMCE already overrides this validation, the only effect of
these validations in the TextArticle class is severely breaking
TextileArticle markup.
Showing 2 changed files with 2 additions and 12 deletions   Show diff stats
app/models/text_article.rb
  Diff comments   View file @50c9c29
1 # a base class for all text article types. 1 # a base class for all text article types.
2 class TextArticle < Article 2 class TextArticle < Article
3 3
4 - xss_terminate :only => [ :name, :abstract, :body ], :on => 'validation' 4 + xss_terminate :only => [ :name ], :on => 'validation'
5 5
6 include Noosfero::TranslatableContent 6 include Noosfero::TranslatableContent
7 7
test/unit/text_article_test.rb
  Diff comments   View file @50c9c29
@@ -20,23 +20,13 @@ class TextArticleTest &lt; Test::Unit::TestCase @@ -20,23 +20,13 @@ class TextArticleTest &lt; Test::Unit::TestCase
20 assert_equal TextileArticle.find_by_contents('found'), TextArticle.find_by_contents('found') 20 assert_equal TextileArticle.find_by_contents('found'), TextArticle.find_by_contents('found')
21 end 21 end
22 22
23 - should 'remove comments from TextArticle body' do  
24 - person = create_user('testuser').person  
25 - article = TextArticle.create!(:profile => person, :name => 'article', :body => "the <!-- comment --> article ...")  
26 - assert_equal "the article ...", article.body  
27 - end  
28 -  
29 - should 'escape malformed html tags' do 23 + should 'remove HTML from name' do
30 person = create_user('testuser').person 24 person = create_user('testuser').person
31 article = TextArticle.new(:profile => person) 25 article = TextArticle.new(:profile => person)
32 article.name = "<h1 Malformed >> html >>></a>< tag" 26 article.name = "<h1 Malformed >> html >>></a>< tag"
33 - article.abstract = "<h1 Malformed <<h1>>< html >< tag"  
34 - article.body = "<h1><</h2< Malformed >> html >< tag"  
35 article.valid? 27 article.valid?
36 28
37 assert_no_match /[<>]/, article.name 29 assert_no_match /[<>]/, article.name
38 - assert_no_match /[<>]/, article.abstract  
39 - assert_no_match /[<>]/, article.body  
40 end 30 end
41 31
42 should 'be translatable' do 32 should 'be translatable' do