Download as
Browse Code »

Commit c054d8c62888a2fc0a1f29b86f75bcbab04604b5

Authored by Rodrigo Souto
2 parents b1e9dfaf 1df7a3b9
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge commit 'refs/merge-requests/299' of git://gitorious.org/noosfero/noosfero … 

…into merge-requests/299
Showing 2 changed files with 14 additions and 1 deletions   Show diff stats
app/helpers/block_helper.rb
  Diff comments   View file @c054d8c
... ... @@ -3,7 +3,7 @@ module BlockHelper
3 3 def block_title(title)
4 4 tag_class = 'block-title'
5 5 tag_class += ' empty' if title.empty?
6   - content_tag 'h3', content_tag('span', title), :class => tag_class
  6 + content_tag 'h3', content_tag('span', h(title)), :class => tag_class
7 7 end
8 8  
9 9 end
... ...
test/unit/block_helper_test.rb 0 → 100644
  Diff comments   View file @c054d8c
... ... @@ -0,0 +1,13 @@
  1 +require File.dirname(__FILE__) + '/../test_helper'
  2 +
  3 +class BlogHelperTest < ActiveSupport::TestCase
  4 +
  5 + include BlockHelper
  6 + include ActionView::Helpers::TagHelper
  7 +
  8 + should 'escape title html' do
  9 + assert_no_match /<b>/, block_title('<b>test</b>')
  10 + assert_match /&lt;b&gt;test&lt;\/b&gt;/, block_title('<b>test</b>')
  11 + end
  12 +
  13 +end
... ...