Commit 85fd17e19682916a087b505e3a9a9de0ecb68aad
1 parent
4775d93a
Exists in
master
and in
29 other branches
ActionItem192: filtering html input user from organization profile
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1677 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
2 changed files
with
40 additions
and
0 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| ... | ... | @@ -48,6 +48,11 @@ class ProfileEditorController < MyProfileController |
| 48 | 48 | def sanitize |
| 49 | 49 | if params[:info] |
| 50 | 50 | params[:info][:name] = html_escape(params[:info][:name]) if params[:info][:name] |
| 51 | + params[:info][:contact_person] = html_escape(params[:info][:contact_person]) if params[:info][:contact_person] | |
| 52 | + params[:info][:acronym] = html_escape(params[:info][:acronym]) if params[:info][:acronym] | |
| 53 | + params[:info][:legal_form] = html_escape(params[:info][:legal_form]) if params[:info][:legal_form] | |
| 54 | + params[:info][:economic_activity] = html_escape(params[:info][:economic_activity]) if params[:info][:economic_activity] | |
| 55 | + params[:info][:management_information] = html_escape(params[:info][:management_information]) if params[:info][:management_information] | |
| 51 | 56 | end |
| 52 | 57 | end |
| 53 | 58 | ... | ... |
test/functional/profile_editor_controller_test.rb
| ... | ... | @@ -99,4 +99,39 @@ class ProfileEditorControllerTest < Test::Unit::TestCase |
| 99 | 99 | assert_not_equal name, assigns(:profile).info.name |
| 100 | 100 | end |
| 101 | 101 | |
| 102 | + should 'filter html from contact_person to organization' do | |
| 103 | + org = Organization.create!(:name => 'test org', :identifier => 'testorg') | |
| 104 | + contact = "name <strong id='name_html_test'>with</strong> html" | |
| 105 | + post :edit, :profile => org.identifier, :info => { :contact_person => contact } | |
| 106 | + assert_not_equal contact, assigns(:profile).info.contact_person | |
| 107 | + end | |
| 108 | + | |
| 109 | + should 'filter html from acronym organization' do | |
| 110 | + org = Organization.create!(:name => 'test org', :identifier => 'testorg') | |
| 111 | + value = "name <strong id='name_html_test'>with</strong> html" | |
| 112 | + post :edit, :profile => org.identifier, :info => { :acronym => value } | |
| 113 | + assert_not_equal value, assigns(:profile).info.acronym | |
| 114 | + end | |
| 115 | + | |
| 116 | + should 'filter html from legal_form organization' do | |
| 117 | + org = Organization.create!(:name => 'test org', :identifier => 'testorg') | |
| 118 | + value = "name <strong id='name_html_test'>with</strong> html" | |
| 119 | + post :edit, :profile => org.identifier, :info => { :legal_form => value } | |
| 120 | + assert_not_equal value, assigns(:profile).info.legal_form | |
| 121 | + end | |
| 122 | + | |
| 123 | + should 'filter html from economic_activity organization' do | |
| 124 | + org = Organization.create!(:name => 'test org', :identifier => 'testorg') | |
| 125 | + value = "name <strong id='name_html_test'>with</strong> html" | |
| 126 | + post :edit, :profile => org.identifier, :info => { :economic_activity => value } | |
| 127 | + assert_not_equal value, assigns(:profile).info.economic_activity | |
| 128 | + end | |
| 129 | + | |
| 130 | + should 'filter html from management_information organization' do | |
| 131 | + org = Organization.create!(:name => 'test org', :identifier => 'testorg') | |
| 132 | + value = "name <strong id='name_html_test'>with</strong> html" | |
| 133 | + post :edit, :profile => org.identifier, :info => { :management_information => value } | |
| 134 | + assert_not_equal value, assigns(:profile).info.management_information | |
| 135 | + end | |
| 136 | + | |
| 102 | 137 | end | ... | ... |