should not parse html of body and abstract display content plugin

Leandro Santos
1 parent 847b2a09
Showing 3 changed files with 62 additions and 3 deletions Show diff stats
plugins/display_content/test/unit/display_content_block_test.rb
plugins/display_content/views/blocks/display_content/_document.slim
plugins/display_content/views/blocks/display_content/_section.slim
@@ -774,4 +774,63 @@ class DisplayContentBlockViewTest &lt; ActionView::TestCase
     assert render_block_content(block).index(en_article.name).present?
     assert_nil render_block_content(block).index(pt_article.name)
   end
+
+  should 'not escape abstract html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, abstract: "<p class='test-article-abstract'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-abstract' }
+  end
+
+  should 'not raise if abstract of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.abstract
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
+  should 'not escape body html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, body: "<p class='test-article-body'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'body', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-body' }
+  end
+
+  should 'not raise if body of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.body
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
 end
 li
   - unless item.folder? || item.class == RssFeed
     = render partial: 'blocks/display_content/section', collection: block.sections, locals: { block: block, item: item }
-    = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { |section| section[:value] == 'abstract' }, block: block }
 \ No newline at end of file
+    = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { |section| section[:value] == 'abstract' }, block: block }
@@ -8,10 +8,10 @@
       = link_to(h(item.title), item.url)
   - when 'abstract'
     div class='lead'
-      = item.abstract
+      = (item.abstract || '').html_safe
   - when 'body'
     div class='body'
-      = item.body
+      = (item.body || '').html_safe
   - when 'image'
     - unless item.image || item.image.public_filename
       div class='image'
...	...	@@ -774,4 +774,63 @@ class DisplayContentBlockViewTest < ActionView::TestCase
774	774	assert render_block_content(block).index(en_article.name).present?
775	775	assert_nil render_block_content(block).index(pt_article.name)
776	776	end
	777	+
	778	+ should 'not escape abstract html of articles' do
	779	+ profile = create_user('testuser').person
	780	+ a1 = fast_create(TextileArticle, abstract: "<p class='test-article-abstract'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
	781	+
	782	+ block = DisplayContentBlock.new
	783	+ block.sections = [{:value => 'abstract', :checked => true}]
	784	+ block.nodes = [a1.id]
	785	+ box = mock()
	786	+ block.stubs(:box).returns(box)
	787	+ box.stubs(:owner).returns(profile)
	788	+ assert_tag_in_string render_block_content(block), tag: 'p', attributes: { class: 'test-article-abstract' }
	789	+ end
	790	+
	791	+ should 'not raise if abstract of article is nil' do
	792	+ profile = create_user('testuser').person
	793	+ a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
	794	+
	795	+ block = DisplayContentBlock.new
	796	+ block.sections = [{:value => 'abstract', :checked => true}]
	797	+ block.nodes = [a1.id]
	798	+ box = mock()
	799	+ block.stubs(:box).returns(box)
	800	+ box.stubs(:owner).returns(profile)
	801	+ assert_nil a1.abstract
	802	+ assert_nothing_raised do
	803	+ render_block_content(block)
	804	+ end
	805	+ end
	806	+
	807	+ should 'not escape body html of articles' do
	808	+ profile = create_user('testuser').person
	809	+ a1 = fast_create(TextileArticle, body: "<p class='test-article-body'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
	810	+
	811	+ block = DisplayContentBlock.new
	812	+ block.sections = [{:value => 'body', :checked => true}]
	813	+ block.nodes = [a1.id]
	814	+ box = mock()
	815	+ block.stubs(:box).returns(box)
	816	+ box.stubs(:owner).returns(profile)
	817	+ assert_tag_in_string render_block_content(block), tag: 'p', attributes: { class: 'test-article-body' }
	818	+ end
	819	+
	820	+ should 'not raise if body of article is nil' do
	821	+ profile = create_user('testuser').person
	822	+ a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
	823	+
	824	+ block = DisplayContentBlock.new
	825	+ block.sections = [{:value => 'abstract', :checked => true}]
	826	+ block.nodes = [a1.id]
	827	+ box = mock()
	828	+ block.stubs(:box).returns(box)
	829	+ box.stubs(:owner).returns(profile)
	830	+ assert_nil a1.body
	831	+ assert_nothing_raised do
	832	+ render_block_content(block)
	833	+ end
	834	+ end
	835	+
777	836	end
...	...
1	1	li
2	2	- unless item.folder? \|\| item.class == RssFeed
3	3	= render partial: 'blocks/display_content/section', collection: block.sections, locals: { block: block, item: item }
4		- = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { \|section\| section[:value] == 'abstract' }, block: block }
5	4	\ No newline at end of file
	5	+ = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { \|section\| section[:value] == 'abstract' }, block: block }
...	...
...	...	@@ -8,10 +8,10 @@
8	8	= link_to(h(item.title), item.url)
9	9	- when 'abstract'
10	10	div class='lead'
11		- = item.abstract
	11	+ = (item.abstract \|\| '').html_safe
12	12	- when 'body'
13	13	div class='body'
14		- = item.body
	14	+ = (item.body \|\| '').html_safe
15	15	- when 'image'
16	16	- unless item.image \|\| item.image.public_filename
17	17	div class='image'
...	...