diff --git a/app/models/article.rb b/app/models/article.rb index adc97b4..dd05ac8 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -26,7 +26,7 @@ class Article < ActiveRecord::Base article.published_at = article.created_at if article.published_at.nil? end - xss_terminate :only => [ :name ], :on => 'validation' + xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list' named_scope :in_category, lambda { |category| {:include => 'categories', :conditions => { 'categories.id' => category.id }} diff --git a/app/models/tiny_mce_article.rb b/app/models/tiny_mce_article.rb index 491852a..bd13290 100644 --- a/app/models/tiny_mce_article.rb +++ b/app/models/tiny_mce_article.rb @@ -8,9 +8,9 @@ class TinyMceArticle < TextArticle _('Not accessible for visually impaired users.') end - xss_terminate :except => [ :abstract, :body ] + xss_terminate :only => [ ] - xss_terminate :only => [ :abstract, :body ], :with => 'white_list', :on => 'validation' + xss_terminate :only => [ :name, :abstract, :body ], :with => 'white_list', :on => 'validation' include WhiteListFilter filter_iframes :abstract, :body, :whitelist => lambda { profile && profile.environment && profile.environment.trusted_sites_for_iframe } diff --git a/test/unit/article_test.rb b/test/unit/article_test.rb index 9f18cc6..45d3783 100644 --- a/test/unit/article_test.rb +++ b/test/unit/article_test.rb @@ -862,7 +862,24 @@ class ArticleTest < Test::Unit::TestCase article.name = "