Download as
Browse Code »

Commit 963fc12347c3b5dbb1fc40bfd1cb0d0b6ffdb06e

Authored by Victor Costa
1 parent 9cc7056d
Exists in send_email_to_admins and in 5 other branches add_member_task_reject_details, fix_sign_up_form, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes

html_safe: avoid escape task information string

Showing 2 changed files with 9 additions and 1 deletions   Show diff stats
app/views/profile_editor/_pending_tasks.html.erb
  Diff comments   View file @963fc12
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
4 <div class='pending-tasks'> 4 <div class='pending-tasks'>
5 <h2><%= _('You have pending requests') %></h2> 5 <h2><%= _('You have pending requests') %></h2>
6 <ul> 6 <ul>
7 - <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %> 7 + <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task).html_safe)}) %>
8 </ul> 8 </ul>
9 <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %> 9 <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
10 </div> 10 </div>
test/integration/safe_strings_test.rb
  Diff comments   View file @963fc12
@@ -84,4 +84,12 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest @@ -84,4 +84,12 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
84 } 84 }
85 end 85 end
86 86
  87 + should 'not escape task information on manage profile' do
  88 + create_user('marley', :password => 'test', :password_confirmation => 'test').activate
  89 + person = Person['marley']
  90 + task = create(Task, :requestor => person, :target => person)
  91 + login 'marley', 'test'
  92 + get "/myprofile/marley"
  93 + assert_select ".pending-tasks ul li a"
  94 + end
87 end 95 end