Commit 839e0c57ddbf9f8d614881d9a6c38d21e523ee71
1 parent
1ec026e9
Exists in
ratings_minor_fixes
and in
4 other branches
html_safe: avoid escaping block titles when edit
Showing
2 changed files
with
21 additions
and
1 deletions
Show diff stats
app/views/box_organizer/edit.html.erb
test/integration/safe_strings_test.rb
... | ... | @@ -2,6 +2,14 @@ require_relative "../test_helper" |
2 | 2 | |
3 | 3 | class SafeStringsTest < ActionDispatch::IntegrationTest |
4 | 4 | |
5 | + def setup | |
6 | + @user = create_user('safestring', :password => 'test', :password_confirmation => 'test') | |
7 | + @user.activate | |
8 | + @person = user.person | |
9 | + end | |
10 | + | |
11 | + attr_accessor :user, :person | |
12 | + | |
5 | 13 | should 'not escape link to admins on profile page' do |
6 | 14 | person = fast_create Person |
7 | 15 | community = fast_create Community |
... | ... | @@ -135,4 +143,16 @@ class SafeStringsTest < ActionDispatch::IntegrationTest |
135 | 143 | } |
136 | 144 | end |
137 | 145 | |
146 | + should 'not escape block title when edit a block' do | |
147 | + class OtherBlock < Block | |
148 | + def self.description | |
149 | + _("<p class='other-block'>Other Block</p>") | |
150 | + end | |
151 | + end | |
152 | + login user.login, 'test' | |
153 | + block = OtherBlock.new | |
154 | + person.boxes.first.blocks << block | |
155 | + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) | |
156 | + assert_select '.block-config-options .other-block' | |
157 | + end | |
138 | 158 | end | ... | ... |