ActionItem192: filtering html input user from organization profile

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1677 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem192: filtering html input user from organization profile
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1677 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 4775d93a
Showing 2 changed files with 40 additions and 0 deletions Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
test/functional/profile_editor_controller_test.rb
@@ -48,6 +48,11 @@ class ProfileEditorController &lt; MyProfileController
   def sanitize
     if params[:info]
       params[:info][:name] = html_escape(params[:info][:name]) if params[:info][:name]
+      params[:info][:contact_person] = html_escape(params[:info][:contact_person]) if params[:info][:contact_person]
+      params[:info][:acronym] = html_escape(params[:info][:acronym]) if params[:info][:acronym]
+      params[:info][:legal_form] = html_escape(params[:info][:legal_form]) if params[:info][:legal_form]
+      params[:info][:economic_activity] = html_escape(params[:info][:economic_activity]) if params[:info][:economic_activity]
+      params[:info][:management_information] = html_escape(params[:info][:management_information]) if params[:info][:management_information]
     end
   end
@@ -99,4 +99,39 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
     assert_not_equal name, assigns(:profile).info.name
   end
+  should 'filter html from contact_person to organization' do
+    org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+    contact = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => org.identifier, :info => { :contact_person => contact }
+    assert_not_equal contact, assigns(:profile).info.contact_person
+  end
+
+  should 'filter html from acronym organization' do
+    org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+    value = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => org.identifier, :info => { :acronym => value }
+    assert_not_equal value, assigns(:profile).info.acronym
+  end
+
+  should 'filter html from legal_form organization' do
+    org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+    value = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => org.identifier, :info => { :legal_form => value }
+    assert_not_equal value, assigns(:profile).info.legal_form
+  end
+
+  should 'filter html from economic_activity organization' do
+    org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+    value = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => org.identifier, :info => { :economic_activity => value }
+    assert_not_equal value, assigns(:profile).info.economic_activity
+  end
+
+  should 'filter html from management_information organization' do
+    org = Organization.create!(:name => 'test org', :identifier => 'testorg')
+    value = "name <strong id='name_html_test'>with</strong> html"
+    post :edit, :profile => org.identifier, :info => { :management_information => value }
+    assert_not_equal value, assigns(:profile).info.management_information
+  end
+
 end
	@@ -99,4 +99,39 @@ class ProfileEditorControllerTest < Test::Unit::TestCase		@@ -99,4 +99,39 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
99	assert_not_equal name, assigns(:profile).info.name	99	assert_not_equal name, assigns(:profile).info.name
100	end	100	end
101		101
		102	+ should 'filter html from contact_person to organization' do
		103	+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
		104	+ contact = "name <strong id='name_html_test'>with</strong> html"
		105	+ post :edit, :profile => org.identifier, :info => { :contact_person => contact }
		106	+ assert_not_equal contact, assigns(:profile).info.contact_person
		107	+ end
		108	+
		109	+ should 'filter html from acronym organization' do
		110	+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
		111	+ value = "name <strong id='name_html_test'>with</strong> html"
		112	+ post :edit, :profile => org.identifier, :info => { :acronym => value }
		113	+ assert_not_equal value, assigns(:profile).info.acronym
		114	+ end
		115	+
		116	+ should 'filter html from legal_form organization' do
		117	+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
		118	+ value = "name <strong id='name_html_test'>with</strong> html"
		119	+ post :edit, :profile => org.identifier, :info => { :legal_form => value }
		120	+ assert_not_equal value, assigns(:profile).info.legal_form
		121	+ end
		122	+
		123	+ should 'filter html from economic_activity organization' do
		124	+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
		125	+ value = "name <strong id='name_html_test'>with</strong> html"
		126	+ post :edit, :profile => org.identifier, :info => { :economic_activity => value }
		127	+ assert_not_equal value, assigns(:profile).info.economic_activity
		128	+ end
		129	+
		130	+ should 'filter html from management_information organization' do
		131	+ org = Organization.create!(:name => 'test org', :identifier => 'testorg')
		132	+ value = "name <strong id='name_html_test'>with</strong> html"
		133	+ post :edit, :profile => org.identifier, :info => { :management_information => value }
		134	+ assert_not_equal value, assigns(:profile).info.management_information
		135	+ end
		136	+
102	end	137	end