Commit 90f3cf8289000f9f49a5aab92b6d551e89fe3765
1 parent
68833fe4
Exists in
master
and in
29 other branches
ActionItem192: filtering title and body of comments
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1674 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
6 changed files
with
44 additions
and
40 deletions
Show diff stats
app/controllers/public/content_viewer_controller.rb
| ... | ... | @@ -69,13 +69,12 @@ class ContentViewerController < PublicController |
| 69 | 69 | |
| 70 | 70 | private |
| 71 | 71 | |
| 72 | + require 'erb' | |
| 72 | 73 | include ERB::Util |
| 73 | - | |
| 74 | 74 | def sanitize |
| 75 | 75 | if params[:comment] |
| 76 | - if params[:comment][:body] | |
| 77 | - params[:comment][:body] = html_escape(params[:comment][:body]) | |
| 78 | - end | |
| 76 | + params[:comment][:body] = html_escape(params[:comment][:body]) if params[:comment][:body] | |
| 77 | + params[:comment][:title] = html_escape(params[:comment][:title]) if params[:comment][:title] | |
| 79 | 78 | end |
| 80 | 79 | end |
| 81 | 80 | ... | ... |
lib/noosfero/core_ext/string.rb
test/functional/content_viewer_controller_test.rb
| ... | ... | @@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 195 | 195 | assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } |
| 196 | 196 | end |
| 197 | 197 | |
| 198 | + should 'filter html content from title' do | |
| 199 | + login_as @profile.identifier | |
| 200 | + page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') | |
| 201 | + post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], | |
| 202 | + :comment => { :title => "html <strong id='html_test_comment'>comment</strong>", :body => "this is a comment" } | |
| 203 | + assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } | |
| 204 | + end | |
| 205 | + | |
| 198 | 206 | end | ... | ... |
test/unit/slug_test.rb
| ... | ... | @@ -1,26 +0,0 @@ |
| 1 | -require File.dirname(__FILE__) + '/../test_helper' | |
| 2 | - | |
| 3 | -# tests for String#to_slug core extension. See lib/noosfero/core_ext/string.rb | |
| 4 | -class SlugTest < Test::Unit::TestCase | |
| 5 | - | |
| 6 | - should 'keep only alphanum' do | |
| 7 | - assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug | |
| 8 | - end | |
| 9 | - | |
| 10 | - should 'turn punctuation into dashes' do | |
| 11 | - assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug | |
| 12 | - end | |
| 13 | - | |
| 14 | - should 'truncate dashes' do | |
| 15 | - assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug | |
| 16 | - end | |
| 17 | - | |
| 18 | - should 'turn spaces into dashes' do | |
| 19 | - assert_equal 'a-b', 'a b'.to_slug | |
| 20 | - end | |
| 21 | - | |
| 22 | - should 'not remove dots' do | |
| 23 | - assert_equal 'a.b', 'a.b'.to_slug | |
| 24 | - end | |
| 25 | - | |
| 26 | -end |
| ... | ... | @@ -0,0 +1,32 @@ |
| 1 | +require File.dirname(__FILE__) + '/../test_helper' | |
| 2 | + | |
| 3 | +# tests for String core extension. See lib/noosfero/core_ext/string.rb | |
| 4 | +class StringCoreExtTest < Test::Unit::TestCase | |
| 5 | + | |
| 6 | + # tests for String#to_slug | |
| 7 | + should 'keep only alphanum' do | |
| 8 | + assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug | |
| 9 | + end | |
| 10 | + | |
| 11 | + should 'turn punctuation into dashes' do | |
| 12 | + assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug | |
| 13 | + end | |
| 14 | + | |
| 15 | + should 'truncate dashes' do | |
| 16 | + assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug | |
| 17 | + end | |
| 18 | + | |
| 19 | + should 'turn spaces into dashes' do | |
| 20 | + assert_equal 'a-b', 'a b'.to_slug | |
| 21 | + end | |
| 22 | + | |
| 23 | + should 'not remove dots' do | |
| 24 | + assert_equal 'a.b', 'a.b'.to_slug | |
| 25 | + end | |
| 26 | + | |
| 27 | + # tests for String#transliterate | |
| 28 | + should 'transliterate' do | |
| 29 | + assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate | |
| 30 | + end | |
| 31 | + | |
| 32 | +end | ... | ... |
test/unit/transliterations_test.rb