Download as
Browse Code »

Commit 839e0c57ddbf9f8d614881d9a6c38d21e523ee71

Authored by Victor Costa
1 parent 1ec026e9
Exists in ratings_minor_fixes and in 4 other branches add_member_task_reject_details, fix_sign_up_form, organization_ratings_improvements, profile_api_improvements

html_safe: avoid escaping block titles when edit

Showing 2 changed files with 21 additions and 1 deletions   Show diff stats
app/views/box_organizer/edit.html.erb
  Diff comments   View file @839e0c5
1 1 <div class="block-config-options <%= @block.class.name %>-options">
2   - <h2 class="title"><%= _(@block.class.description) %></h2>
  2 + <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
3 3  
4 4 <%= form_tag(:action => 'save', :id => @block.id) do %>
5 5  
... ...
test/integration/safe_strings_test.rb
  Diff comments   View file @839e0c5
... ... @@ -2,6 +2,14 @@ require_relative &quot;../test_helper&quot;
2 2  
3 3 class SafeStringsTest < ActionDispatch::IntegrationTest
4 4  
  5 + def setup
  6 + @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
  7 + @user.activate
  8 + @person = user.person
  9 + end
  10 +
  11 + attr_accessor :user, :person
  12 +
5 13 should 'not escape link to admins on profile page' do
6 14 person = fast_create Person
7 15 community = fast_create Community
... ... @@ -135,4 +143,16 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
135 143 }
136 144 end
137 145  
  146 + should 'not escape block title when edit a block' do
  147 + class OtherBlock < Block
  148 + def self.description
  149 + _("<p class='other-block'>Other Block</p>")
  150 + end
  151 + end
  152 + login user.login, 'test'
  153 + block = OtherBlock.new
  154 + person.boxes.first.blocks << block
  155 + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
  156 + assert_select '.block-config-options .other-block'
  157 + end
138 158 end
... ...