From 839e0c57ddbf9f8d614881d9a6c38d21e523ee71 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Thu, 5 May 2016 15:51:55 -0300 Subject: [PATCH] html_safe: avoid escaping block titles when edit --- app/views/box_organizer/edit.html.erb | 2 +- test/integration/safe_strings_test.rb | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/views/box_organizer/edit.html.erb b/app/views/box_organizer/edit.html.erb index 65d2f51..fc64686 100644 --- a/app/views/box_organizer/edit.html.erb +++ b/app/views/box_organizer/edit.html.erb @@ -1,5 +1,5 @@
-

<%= _(@block.class.description) %>

+

<%= _(@block.class.description).html_safe %>

<%= form_tag(:action => 'save', :id => @block.id) do %> diff --git a/test/integration/safe_strings_test.rb b/test/integration/safe_strings_test.rb index 3c5c4de..84d42cf 100644 --- a/test/integration/safe_strings_test.rb +++ b/test/integration/safe_strings_test.rb @@ -2,6 +2,14 @@ require_relative "../test_helper" class SafeStringsTest < ActionDispatch::IntegrationTest + def setup + @user = create_user('safestring', :password => 'test', :password_confirmation => 'test') + @user.activate + @person = user.person + end + + attr_accessor :user, :person + should 'not escape link to admins on profile page' do person = fast_create Person community = fast_create Community @@ -135,4 +143,16 @@ class SafeStringsTest < ActionDispatch::IntegrationTest } end + should 'not escape block title when edit a block' do + class OtherBlock < Block + def self.description + _("

Other Block

") + end + end + login user.login, 'test' + block = OtherBlock.new + person.boxes.first.blocks << block + get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) + assert_select '.block-config-options .other-block' + end end -- libgit2 0.21.2