From b96e16b3dfd713f880ed860cc206ecb419e8c9c7 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Wed, 4 May 2016 19:59:07 -0300
Subject: [PATCH] html_safe: fix escape of article body and abstract

---
 app/controllers/my_profile/cms_controller.rb | 11 -----------
 app/views/shared/_lead_and_body.html.erb     | 12 ++----------
 2 files changed, 2 insertions(+), 21 deletions(-)

diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb
index 9ae0e3e..8620ba2 100644
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -103,8 +103,6 @@ class CmsController < MyProfileController
         end
       end
     end
-
-    escape_fields @article
   end
 
   def new
@@ -174,9 +172,6 @@ class CmsController < MyProfileController
         return
       end
     end
-
-    escape_fields @article
-
     render :action => 'edit'
   end
 
@@ -518,10 +513,4 @@ class CmsController < MyProfileController
     end
   end
 
-  def escape_fields article
-    unless article.kind_of?(RssFeed)
-      @escaped_body = CGI::escapeHTML(article.body || '')
-      @escaped_abstract = CGI::escapeHTML(article.abstract || '')
-    end
-  end
 end
diff --git a/app/views/shared/_lead_and_body.html.erb b/app/views/shared/_lead_and_body.html.erb
index 3650684..805c1db 100644
--- a/app/views/shared/_lead_and_body.html.erb
+++ b/app/views/shared/_lead_and_body.html.erb
@@ -23,11 +23,7 @@
   <% if f %>
     <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %>
   <% else %>
-    <% if @article.kind_of?(Article) %>
-      <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %>
-    <% else %>
-      <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
-    <% end %>
+    <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
   <% end %>
 </div>
 <div style="margin-top: 10px;">
@@ -35,11 +31,7 @@
   <% if f %>
     <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %>
   <% else %>
-    <% if @article.kind_of?(Article) %>
-      <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %>
-    <% else %>
-      <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
-    <% end %>
+    <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
   <% end %>
 </div>
 
--
libgit2 0.21.2