diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb index 961ce59..6920ca4 100644 --- a/app/controllers/public/content_viewer_controller.rb +++ b/app/controllers/public/content_viewer_controller.rb @@ -69,13 +69,12 @@ class ContentViewerController < PublicController private + require 'erb' include ERB::Util - def sanitize if params[:comment] - if params[:comment][:body] - params[:comment][:body] = html_escape(params[:comment][:body]) - end + params[:comment][:body] = html_escape(params[:comment][:body]) if params[:comment][:body] + params[:comment][:title] = html_escape(params[:comment][:title]) if params[:comment][:title] end end diff --git a/lib/noosfero/core_ext/string.rb b/lib/noosfero/core_ext/string.rb index 38305d5..01bb3d4 100644 --- a/lib/noosfero/core_ext/string.rb +++ b/lib/noosfero/core_ext/string.rb @@ -39,4 +39,5 @@ class String def to_slug transliterate.downcase.gsub(/^\d+/,'').gsub( /[^a-z0-9~\s:;+=_.-]/, '').gsub(/[\s:;+=_.-]+/, '-').gsub(/-$ | ^-/, '').to_s end + end diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 87638f0..43904a4 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } end + should 'filter html content from title' do + login_as @profile.identifier + page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') + post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], + :comment => { :title => "html comment", :body => "this is a comment" } + assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } + end + end diff --git a/test/unit/slug_test.rb b/test/unit/slug_test.rb deleted file mode 100644 index 85197ef..0000000 --- a/test/unit/slug_test.rb +++ /dev/null @@ -1,26 +0,0 @@ -require File.dirname(__FILE__) + '/../test_helper' - -# tests for String#to_slug core extension. See lib/noosfero/core_ext/string.rb -class SlugTest < Test::Unit::TestCase - - should 'keep only alphanum' do - assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug - end - - should 'turn punctuation into dashes' do - assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug - end - - should 'truncate dashes' do - assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug - end - - should 'turn spaces into dashes' do - assert_equal 'a-b', 'a b'.to_slug - end - - should 'not remove dots' do - assert_equal 'a.b', 'a.b'.to_slug - end - -end diff --git a/test/unit/string_core_ext_test.rb b/test/unit/string_core_ext_test.rb new file mode 100644 index 0000000..f4b80e5 --- /dev/null +++ b/test/unit/string_core_ext_test.rb @@ -0,0 +1,32 @@ +require File.dirname(__FILE__) + '/../test_helper' + +# tests for String core extension. See lib/noosfero/core_ext/string.rb +class StringCoreExtTest < Test::Unit::TestCase + + # tests for String#to_slug + should 'keep only alphanum' do + assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug + end + + should 'turn punctuation into dashes' do + assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug + end + + should 'truncate dashes' do + assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug + end + + should 'turn spaces into dashes' do + assert_equal 'a-b', 'a b'.to_slug + end + + should 'not remove dots' do + assert_equal 'a.b', 'a.b'.to_slug + end + + # tests for String#transliterate + should 'transliterate' do + assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate + end + +end diff --git a/test/unit/transliterations_test.rb b/test/unit/transliterations_test.rb deleted file mode 100644 index 808ee1c..0000000 --- a/test/unit/transliterations_test.rb +++ /dev/null @@ -1,10 +0,0 @@ -require File.dirname(__FILE__) + '/../test_helper' - -class TransliterationsTest < Test::Unit::TestCase - - def test_should_transliterate - assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate - end - - -end -- libgit2 0.21.2