Download as
Browse Code »

Commit 90f3cf8289000f9f49a5aab92b6d551e89fe3765

Authored by JoenioCosta
1 parent 68833fe4
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem192: filtering title and body of comments 

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1674 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 6 changed files with 44 additions and 40 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @90f3cf8
@@ -69,13 +69,12 @@ class ContentViewerController < PublicController @@ -69,13 +69,12 @@ class ContentViewerController < PublicController
69 69
70 private 70 private
71 71
  72 + require 'erb'
72 include ERB::Util 73 include ERB::Util
73 -  
74 def sanitize 74 def sanitize
75 if params[:comment] 75 if params[:comment]
76 - if params[:comment][:body]  
77 - params[:comment][:body] = html_escape(params[:comment][:body])  
78 - end 76 + params[:comment][:body] = html_escape(params[:comment][:body]) if params[:comment][:body]
  77 + params[:comment][:title] = html_escape(params[:comment][:title]) if params[:comment][:title]
79 end 78 end
80 end 79 end
81 80
lib/noosfero/core_ext/string.rb
  Diff comments   View file @90f3cf8
@@ -39,4 +39,5 @@ class String @@ -39,4 +39,5 @@ class String
39 def to_slug 39 def to_slug
40 transliterate.downcase.gsub(/^\d+/,'').gsub( /[^a-z0-9~\s:;+=_.-]/, '').gsub(/[\s:;+=_.-]+/, '-').gsub(/-$ | ^-/, '').to_s 40 transliterate.downcase.gsub(/^\d+/,'').gsub( /[^a-z0-9~\s:;+=_.-]/, '').gsub(/[\s:;+=_.-]+/, '-').gsub(/-$ | ^-/, '').to_s
41 end 41 end
  42 +
42 end 43 end
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @90f3cf8
@@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase @@ -195,4 +195,12 @@ class ContentViewerControllerTest < Test::Unit::TestCase
195 assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' } 195 assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' }
196 end 196 end
197 197
  198 + should 'filter html content from title' do
  199 + login_as @profile.identifier
  200 + page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
  201 + post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ],
  202 + :comment => { :title => "html <strong id='html_test_comment'>comment</strong>", :body => "this is a comment" }
  203 + assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' }
  204 + end
  205 +
198 end 206 end
test/unit/slug_test.rb
View file @68833fe
@@ -1,26 +0,0 @@ @@ -1,26 +0,0 @@
1 -require File.dirname(__FILE__) + '/../test_helper'  
2 -  
3 -# tests for String#to_slug core extension. See lib/noosfero/core_ext/string.rb  
4 -class SlugTest < Test::Unit::TestCase  
5 -  
6 - should 'keep only alphanum' do  
7 - assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug  
8 - end  
9 -  
10 - should 'turn punctuation into dashes' do  
11 - assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug  
12 - end  
13 -  
14 - should 'truncate dashes' do  
15 - assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug  
16 - end  
17 -  
18 - should 'turn spaces into dashes' do  
19 - assert_equal 'a-b', 'a b'.to_slug  
20 - end  
21 -  
22 - should 'not remove dots' do  
23 - assert_equal 'a.b', 'a.b'.to_slug  
24 - end  
25 -  
26 -end  
test/unit/string_core_ext_test.rb 0 → 100644
  Diff comments   View file @90f3cf8
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
  1 +require File.dirname(__FILE__) + '/../test_helper'
  2 +
  3 +# tests for String core extension. See lib/noosfero/core_ext/string.rb
  4 +class StringCoreExtTest < Test::Unit::TestCase
  5 +
  6 + # tests for String#to_slug
  7 + should 'keep only alphanum' do
  8 + assert_equal 'abc', 'abc!)@(*#&@!*#*)'.to_slug
  9 + end
  10 +
  11 + should 'turn punctuation into dashes' do
  12 + assert_equal 'a-b-c-d-e-f', 'a:b;c+d=e_f'.to_slug
  13 + end
  14 +
  15 + should 'truncate dashes' do
  16 + assert_equal 'a-b-c', 'a---b: c ;;;'.to_slug
  17 + end
  18 +
  19 + should 'turn spaces into dashes' do
  20 + assert_equal 'a-b', 'a b'.to_slug
  21 + end
  22 +
  23 + should 'not remove dots' do
  24 + assert_equal 'a.b', 'a.b'.to_slug
  25 + end
  26 +
  27 + # tests for String#transliterate
  28 + should 'transliterate' do
  29 + assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate
  30 + end
  31 +
  32 +end
test/unit/transliterations_test.rb
View file @68833fe
@@ -1,10 +0,0 @@ @@ -1,10 +0,0 @@
1 -require File.dirname(__FILE__) + '/../test_helper'  
2 -  
3 -class TransliterationsTest < Test::Unit::TestCase  
4 -  
5 - def test_should_transliterate  
6 - assert_equal 'eeeeEEOOoocaaaiIIiuuyYnN', 'éèëêÊËÖÔöôçäàâîÏÎïûüÿŸñÑ'.transliterate  
7 - end  
8 -  
9 -  
10 -end