Commit 88e96a208a5f0f813dc8467552a8709b6d1258ce

Authored by JoenioCosta
1 parent 807a3009

ActionItem192: sanitizing article tags

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1732 3f533792-8f58-4932-b0fe-aaf55b0a4547
app/models/article.rb
1 1 class Article < ActiveRecord::Base
2 2  
  3 + # xss_terminate plugin can't sanitize array fields
  4 + before_save :sanitize_tag_list
  5 +
3 6 belongs_to :profile
4 7 validates_presence_of :profile_id, :name, :slug, :path
5 8  
... ... @@ -109,4 +112,11 @@ class Article &lt; ActiveRecord::Base
109 112 true
110 113 end
111 114  
  115 + private
  116 +
  117 + def sanitize_tag_list
  118 + sanitizer = HTML::FullSanitizer.new
  119 + self.tag_list.names.map!{|i| sanitizer.sanitize(i) }
  120 + end
  121 +
112 122 end
... ...
test/functional/cms_controller_test.rb
... ... @@ -303,4 +303,9 @@ class CmsControllerTest &lt; Test::Unit::TestCase
303 303 assert_equal "<b>the</b> <strong>of</strong> article ...", assigns(:article).body
304 304 end
305 305  
  306 + should 'sanitize tags' do
  307 + post :new, :type => 'TextileArticle', :profile => profile.identifier, :article => { :name => 'a test article', :body => 'the text of the article ...', :tag_list => 'tag1, <strong>tag2</strong>' }
  308 + assert_sanitized assigns(:article).tag_list.names.join(', ')
  309 + end
  310 +
306 311 end
... ...