Commit cb82652bc472737a3b87c8add7894b421690045d
Exists in
master
and in
29 other branches
Merge branch 'html-escape' into stable
Showing
12 changed files
with
54 additions
and
56 deletions
Show diff stats
app/helpers/application_helper.rb
| ... | ... | @@ -493,23 +493,24 @@ module ApplicationHelper |
| 493 | 493 | |
| 494 | 494 | def profile_cat_icons( profile ) |
| 495 | 495 | if profile.class == Enterprise |
| 496 | - icons = | |
| 497 | - profile.product_categories.map{ |c| c.size > 1 ? c[1] : nil }. | |
| 498 | - compact.uniq.map{ |c| | |
| 499 | - cat_name = c.gsub( /[-_\s,.;'"]+/, '_' ) | |
| 500 | - cat_icon = "/images/icons-cat/#{cat_name}.png" | |
| 501 | - if ! File.exists? RAILS_ROOT.to_s() + '/public/' + cat_icon | |
| 502 | - cat_icon = '/images/icons-cat/undefined.png' | |
| 503 | - end | |
| 504 | - content_tag 'span', | |
| 505 | - content_tag( 'span', c ), | |
| 506 | - :title => c, | |
| 507 | - :class => 'product-cat-icon cat_icon_' + cat_name, | |
| 508 | - :style => "background-image:url(#{cat_icon})" | |
| 509 | - }.join "\n" | |
| 510 | - content_tag 'div', | |
| 511 | - content_tag( 'span', _('Principal Product Categories'), :class => 'header' ) +"\n"+ icons, | |
| 512 | - :class => 'product-category-icons' | |
| 496 | + icons = profile.product_categories.map{ |c| c.size > 1 ? c[1] : nil }. | |
| 497 | + compact.uniq.map do |c| | |
| 498 | + cat_name = c.gsub( /[-_\s,.;'"]+/, '_' ) | |
| 499 | + cat_icon = "/images/icons-cat/#{cat_name}.png" | |
| 500 | + if ! File.exists? RAILS_ROOT.to_s() + '/public/' + cat_icon | |
| 501 | + cat_icon = '/images/icons-cat/undefined.png' | |
| 502 | + end | |
| 503 | + content_tag('span', | |
| 504 | + content_tag( 'span', c ), | |
| 505 | + :title => c, | |
| 506 | + :class => 'product-cat-icon cat_icon_' + cat_name, | |
| 507 | + :style => "background-image:url(#{cat_icon})" | |
| 508 | + ) | |
| 509 | + end.join("\n").html_safe | |
| 510 | + content_tag('div', | |
| 511 | + content_tag( 'span', _('Principal Product Categories'), :class => 'header' ) +"\n"+ icons, | |
| 512 | + :class => 'product-category-icons' | |
| 513 | + ) | |
| 513 | 514 | else |
| 514 | 515 | '' |
| 515 | 516 | end |
| ... | ... | @@ -633,10 +634,10 @@ module ApplicationHelper |
| 633 | 634 | # FIXME |
| 634 | 635 | ([toplevel] + toplevel.children_for_menu).each do |cat| |
| 635 | 636 | if cat.top_level? |
| 636 | - result << '<div class="categorie_box">' | |
| 637 | + result << '<div class="categorie_box">'.html_safe | |
| 637 | 638 | result << icon_button( :down, _('open'), '#', :onclick => 'open_close_cat(this); return false' ) |
| 638 | 639 | result << content_tag('h5', toplevel.name) |
| 639 | - result << '<div style="display:none"><ul class="categories">' | |
| 640 | + result << '<div style="display:none"><ul class="categories">'.html_safe | |
| 640 | 641 | else |
| 641 | 642 | checkbox_id = "#{object_name}_#{cat.full_name.downcase.gsub(/\s+|\//, '_')}" |
| 642 | 643 | result << content_tag('li', labelled_check_box( |
| ... | ... | @@ -647,7 +648,7 @@ module ApplicationHelper |
| 647 | 648 | :class => ( object.category_ids.include?(cat.id) ? 'cat_checked' : '' ) ) + "\n" |
| 648 | 649 | end |
| 649 | 650 | end |
| 650 | - result << '</ul></div></div>' | |
| 651 | + result << '</ul></div></div>'.html_safe | |
| 651 | 652 | end |
| 652 | 653 | |
| 653 | 654 | content_tag('div', result) |
| ... | ... | @@ -787,10 +788,10 @@ module ApplicationHelper |
| 787 | 788 | :class => 'lineitem' + (line_item+=1).to_s() ) +"\n" |
| 788 | 789 | if line_item == line_size |
| 789 | 790 | line_item = 0 |
| 790 | - html += "<br />\n" | |
| 791 | + html += "<br />\n".html_safe | |
| 791 | 792 | end |
| 792 | 793 | } |
| 793 | - html += "<br />\n" if line_size == 0 || ( values.size % line_size ) > 0 | |
| 794 | + html += "<br />\n".html_safe if line_size == 0 || ( values.size % line_size ) > 0 | |
| 794 | 795 | column = object.class.columns_hash[method.to_s] |
| 795 | 796 | text = |
| 796 | 797 | ( column ? |
| ... | ... | @@ -977,7 +978,7 @@ module ApplicationHelper |
| 977 | 978 | end |
| 978 | 979 | |
| 979 | 980 | def link_to_email(email) |
| 980 | - javascript_tag('var array = ' + email.split('@').to_json + '; document.write("<a href=\'mailto:" + array.join("@") + "\'>" + array.join("@") + "</a>")') | |
| 981 | + javascript_tag('var array = ' + email.split('@').to_json + '; document.write("<a href=\'mailto:" + array.join("@") + "\'>" + array.join("@") + "</a>")'.html_safe) | |
| 981 | 982 | end |
| 982 | 983 | |
| 983 | 984 | def stylesheet(*args) |
| ... | ... | @@ -987,7 +988,7 @@ module ApplicationHelper |
| 987 | 988 | def article_to_html(article, options = {}) |
| 988 | 989 | options.merge!(:page => params[:npage]) |
| 989 | 990 | content = article.to_html(options) |
| 990 | - content = content.kind_of?(Proc) ? self.instance_eval(&content) : content | |
| 991 | + content = content.kind_of?(Proc) ? self.instance_eval(&content).html_safe : content.html_safe | |
| 991 | 992 | @plugins && @plugins.each do |plugin| |
| 992 | 993 | content = plugin.parse_content(content) |
| 993 | 994 | end |
| ... | ... | @@ -1003,7 +1004,7 @@ module ApplicationHelper |
| 1003 | 1004 | end |
| 1004 | 1005 | |
| 1005 | 1006 | def ui_icon(icon_class, extra_class = '') |
| 1006 | - "<span class='ui-icon #{icon_class} #{extra_class}' style='float:left; margin-right:7px;'></span>" | |
| 1007 | + "<span class='ui-icon #{icon_class} #{extra_class}' style='float:left; margin-right:7px;'></span>".html_safe | |
| 1007 | 1008 | end |
| 1008 | 1009 | |
| 1009 | 1010 | def ui_button(label, url, html_options = {}) |
| ... | ... | @@ -1035,13 +1036,13 @@ module ApplicationHelper |
| 1035 | 1036 | end |
| 1036 | 1037 | |
| 1037 | 1038 | def collapsed_item_icon |
| 1038 | - "<span class='ui-icon ui-icon-circlesmall-plus' style='float:left;'></span>" | |
| 1039 | + "<span class='ui-icon ui-icon-circlesmall-plus' style='float:left;'></span>".html_safe | |
| 1039 | 1040 | end |
| 1040 | 1041 | def expanded_item_icon |
| 1041 | - "<span class='ui-icon ui-icon-circlesmall-minus' style='float:left;'></span>" | |
| 1042 | + "<span class='ui-icon ui-icon-circlesmall-minus' style='float:left;'></span>".html_safe | |
| 1042 | 1043 | end |
| 1043 | 1044 | def leaf_item_icon |
| 1044 | - "<span class='ui-icon ui-icon-arrow-1-e' style='float:left;'></span>" | |
| 1045 | + "<span class='ui-icon ui-icon-arrow-1-e' style='float:left;'></span>".html_safe | |
| 1045 | 1046 | end |
| 1046 | 1047 | |
| 1047 | 1048 | def display_category_menu(block, categories, root = true) |
| ... | ... | @@ -1300,9 +1301,7 @@ module ApplicationHelper |
| 1300 | 1301 | titles = tabs.inject(''){ |result, tab| result << content_tag(:li, link_to(tab[:title], '#'+tab[:id]), :class => 'tab') } |
| 1301 | 1302 | contents = tabs.inject(''){ |result, tab| result << content_tag(:div, tab[:content], :id => tab[:id]) } |
| 1302 | 1303 | |
| 1303 | - content_tag :div, :class => 'ui-tabs' do | |
| 1304 | - content_tag(:ul, titles) + contents | |
| 1305 | - end | |
| 1304 | + content_tag(:div, content_tag(:ul, titles) + raw(contents), :class => 'ui-tabs') | |
| 1306 | 1305 | end |
| 1307 | 1306 | |
| 1308 | 1307 | def jquery_token_input_messages_json(hintText = _('Type in an keyword'), noResultsText = _('No results'), searchingText = _('Searching...')) | ... | ... |
app/helpers/profile_editor_helper.rb
| ... | ... | @@ -136,7 +136,7 @@ module ProfileEditorHelper |
| 136 | 136 | concat( |
| 137 | 137 | content_tag( |
| 138 | 138 | 'div', |
| 139 | - capture(&block) + '<br style="clear:left;"/> ', | |
| 139 | + capture(&block) + content_tag('br', '', :style => 'clear: left'), | |
| 140 | 140 | :class => 'control-panel') |
| 141 | 141 | ) |
| 142 | 142 | end | ... | ... |
app/helpers/tags_helper.rb
app/models/article_block.rb
| ... | ... | @@ -12,7 +12,7 @@ class ArticleBlock < Block |
| 12 | 12 | block = self |
| 13 | 13 | lambda do |
| 14 | 14 | block_title(block.title) + |
| 15 | - (block.article ? article_to_html(block.article, :gallery_view => false) : _('Article not selected yet.')) | |
| 15 | + (block.article ? article_to_html(block.article, :gallery_view => false).html_safe : _('Article not selected yet.')) | |
| 16 | 16 | end |
| 17 | 17 | end |
| 18 | 18 | ... | ... |
app/models/feed_reader_block.rb
| ... | ... | @@ -47,11 +47,11 @@ class FeedReaderBlock < Block |
| 47 | 47 | |
| 48 | 48 | def formatted_feed_content |
| 49 | 49 | if error_message.blank? |
| 50 | - "<ul>\n" + | |
| 51 | - self.feed_items[0..(limit-1)].map{ |item| "<li><a href='#{item[:link]}'>#{item[:title]}</a></li>" }.join("\n") + | |
| 52 | - "</ul>" | |
| 50 | + "<ul>\n".html_safe + | |
| 51 | + self.feed_items[0..(limit-1)].map{ |item| "<li><a href='#{item[:link]}'>#{item[:title]}</a></li>" }.join("\n").html_safe + | |
| 52 | + "</ul>".html_safe | |
| 53 | 53 | else |
| 54 | - '<p>' + error_message + '</p>' | |
| 54 | + "<p>#{error_message}</p>".html_safe | |
| 55 | 55 | end |
| 56 | 56 | end |
| 57 | 57 | ... | ... |
app/models/link_list_block.rb
| ... | ... | @@ -80,7 +80,7 @@ class LinkListBlock < Block |
| 80 | 80 | |
| 81 | 81 | def icons_options |
| 82 | 82 | ICONS.map do |i| |
| 83 | - "<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>" | |
| 83 | + "<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe | |
| 84 | 84 | end |
| 85 | 85 | end |
| 86 | 86 | ... | ... |
app/models/profile_list_block.rb
| ... | ... | @@ -49,13 +49,12 @@ class ProfileListBlock < Block |
| 49 | 49 | send(:profile_image_link, item, :minor ) |
| 50 | 50 | }.join("\n ") |
| 51 | 51 | if list.empty? |
| 52 | - list = '<div class="common-profile-list-block-none">'+ _('None') +'</div>' | |
| 52 | + list = content_tag 'div', _('None'), :class => 'common-profile-list-block-none' | |
| 53 | 53 | else |
| 54 | 54 | list = content_tag 'ul', nl +' '+ list + nl |
| 55 | 55 | end |
| 56 | 56 | block_title(title) + nl + |
| 57 | - '<div class="common-profile-list-block">' + | |
| 58 | - nl + list + nl + '<br style="clear:both" /></div>' | |
| 57 | + content_tag('div', nl + list + nl + content_tag('br', '', :style => 'clear:both')) | |
| 59 | 58 | end |
| 60 | 59 | end |
| 61 | 60 | ... | ... |
app/models/tags_block.rb
| ... | ... | @@ -30,11 +30,11 @@ class TagsBlock < Block |
| 30 | 30 | end |
| 31 | 31 | |
| 32 | 32 | block_title(title) + |
| 33 | - "\n<div class='tag_cloud'>\n"+ | |
| 33 | + "\n<div class='tag_cloud'>\n".html_safe+ | |
| 34 | 34 | tag_cloud( tags, :id, |
| 35 | 35 | owner.public_profile_url.merge(:controller => 'profile', :action => 'tags'), |
| 36 | 36 | :max_size => 16, :min_size => 9 ) + |
| 37 | - "\n</div><!-- end class='tag_cloud' -->\n"; | |
| 37 | + "\n</div><!-- end class='tag_cloud' -->\n".html_safe | |
| 38 | 38 | end |
| 39 | 39 | |
| 40 | 40 | def footer | ... | ... |
app/models/uploaded_file.rb
| ... | ... | @@ -113,7 +113,7 @@ class UploadedFile < Article |
| 113 | 113 | |
| 114 | 114 | content_tag( |
| 115 | 115 | 'div', |
| 116 | - link_to_previous + content_tag('span', _('image %d of %d'), :class => 'total-of-images') % [current_index + 1, total_of_images] + link_to_next, | |
| 116 | + link_to_previous + (content_tag('span', _('image %d of %d'), :class => 'total-of-images') % [current_index + 1, total_of_images]).html_safe + link_to_next, | |
| 117 | 117 | :class => 'gallery-navigation' |
| 118 | 118 | ) |
| 119 | 119 | end.to_s + | ... | ... |
app/views/box_organizer/_highlights_block.rhtml
| ... | ... | @@ -5,7 +5,7 @@ |
| 5 | 5 | <% for image in @block.images do %> |
| 6 | 6 | <tr> |
| 7 | 7 | <td> |
| 8 | - <%= select_tag 'block[images][][image_id]', content_tag(:option) + option_groups_from_collection_for_select(@block.folder_choices, :images, :name, :id, :name, image[:image_id].to_i), :style => "width: 100px" %></p> | |
| 8 | + <%= select_tag 'block[images][][image_id]', content_tag(:option) + option_groups_from_collection_for_select(@block.folder_choices, :images, :name, :id, :name, image[:image_id].to_i).html_safe, :style => "width: 100px" %></p> | |
| 9 | 9 | </td> |
| 10 | 10 | <td><%= text_field_tag 'block[images][][address]', image[:address], :class => 'highlight-address', :size => 10 %></td> |
| 11 | 11 | <td><%= text_field_tag 'block[images][][position]', image[:position], :class => 'highlight-position', :size => 3 %></td> |
| ... | ... | @@ -17,7 +17,7 @@ |
| 17 | 17 | |
| 18 | 18 | <%= link_to_function(_('New highlight'), nil, :class => 'button icon-add with-text') do |page| |
| 19 | 19 | page.insert_html :bottom, 'highlights', content_tag('tr', |
| 20 | - content_tag('td', select_tag('block[images][][image_id]', content_tag(:option) + option_groups_from_collection_for_select(@block.folder_choices, :images, :name, :id, :name), :style => "width: 100px")) + | |
| 20 | + content_tag('td', select_tag('block[images][][image_id]', content_tag(:option) + option_groups_from_collection_for_select(@block.folder_choices, :images, :name, :id, :name).html_safe, :style => "width: 100px")) + | |
| 21 | 21 | content_tag('td', text_field_tag('block[images][][address]', nil, :class => 'highlight-address', :size => 10)) + |
| 22 | 22 | content_tag('td', text_field_tag('block[images][][position]', nil, :class => 'highlight-position', :size => 3)) + |
| 23 | 23 | content_tag('td', text_field_tag('block[images][][title]', nil, :class => 'highlight-position', :size => 10)) | ... | ... |
app/views/favorite_enterprises/index.rhtml
| ... | ... | @@ -5,7 +5,7 @@ |
| 5 | 5 | <ul class="profile-list"> |
| 6 | 6 | <% @favorite_enterprises.each do |enterprise| %> |
| 7 | 7 | <li> |
| 8 | - <%= link_to_profile profile_image(enterprise) + '<br/>' + enterprise.name, | |
| 8 | + <%= link_to_profile profile_image(enterprise) + '<br/>'.html_safe + enterprise.name, | |
| 9 | 9 | enterprise.identifier, :class => 'profile-link' %> |
| 10 | 10 | <%# profile_image_link enterprise, :portrait, 'div' %> |
| 11 | 11 | <div class="controll"> | ... | ... |
app/views/themes/index.rhtml
| ... | ... | @@ -11,17 +11,17 @@ |
| 11 | 11 | base_content = image_tag( |
| 12 | 12 | "/designs/templates/#{template.id}/thumbnail.png", |
| 13 | 13 | :alt => _('The "%s" template')) + |
| 14 | - '<div class="opt-info">' + | |
| 14 | + '<div class="opt-info">'.html_safe + | |
| 15 | 15 | content_tag('strong', template.id, :class => 'name') + |
| 16 | - ' <br/> ' | |
| 16 | + ' <br/> '.html_safe | |
| 17 | 17 | |
| 18 | 18 | if @current_template == template.id # selected |
| 19 | 19 | content_tag( 'div', |
| 20 | - base_content + content_tag('big', _('(current)') ) +'</div>', | |
| 20 | + base_content + content_tag('big', _('(current)') ) +'</div>'.html_safe, | |
| 21 | 21 | :class => 'template-opt list-opt selected') |
| 22 | 22 | else # Not selected |
| 23 | 23 | link_to( |
| 24 | - base_content +'</div>', | |
| 24 | + base_content +'</div>'.html_safe, | |
| 25 | 25 | { :action => 'set_layout_template', :id => template.id }, |
| 26 | 26 | :class => 'template-opt list-opt') |
| 27 | 27 | end |
| ... | ... | @@ -48,17 +48,17 @@ |
| 48 | 48 | base_content = image_tag( |
| 49 | 49 | "/designs/themes/#{theme.id}/preview.png", |
| 50 | 50 | :alt => (_('The "%s" theme.') % theme.name)) + |
| 51 | - '<div class="opt-info">' + | |
| 51 | + '<div class="opt-info">'.html_safe + | |
| 52 | 52 | content_tag('strong', theme.name, :class => 'name') + |
| 53 | - ' <br/> ' | |
| 53 | + ' <br/> '.html_safe | |
| 54 | 54 | |
| 55 | 55 | if theme.id == @current_theme # selected |
| 56 | 56 | content_tag( 'div', |
| 57 | - base_content + content_tag('big', _('(current)') ) +'</div>', | |
| 57 | + base_content + content_tag('big', _('(current)') ) +'</div>'.html_safe, | |
| 58 | 58 | :class => 'theme-opt list-opt selected') |
| 59 | 59 | else # Not selected |
| 60 | 60 | link_to( |
| 61 | - base_content + '</div>', | |
| 61 | + base_content + '</div>'.html_safe, | |
| 62 | 62 | { :action => 'set', :id => theme.id }, |
| 63 | 63 | :class => 'theme-opt list-opt') |
| 64 | 64 | end | ... | ... |