Download as
Browse Code »

Commit db91caf20b163543e4a81a12e507a188f83b5a9d

Authored by Joenio Costa
1 parent d2753ec3
Exists in ratings_minor_fixes and in 4 other branches add_member_task_reject_details, fix_sign_up_form, organization_ratings_improvements, profile_api_improvements

not escape HTML on LinkListBlock edition

Showing 3 changed files with 17 additions and 5 deletions   Show diff stats
app/models/link_list_block.rb
  Diff comments   View file @db91caf
@@ -81,10 +81,8 @@ class LinkListBlock < Block @@ -81,10 +81,8 @@ class LinkListBlock < Block
81 end 81 end
82 end 82 end
83 83
84 - def icons_options  
85 - ICONS.map do |i|  
86 - "<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe  
87 - end 84 + def icons
  85 + ICONS
88 end 86 end
89 87
90 end 88 end
app/views/box_organizer/_icon_selector.html.erb
  Diff comments   View file @db91caf
@@ -2,6 +2,8 @@ @@ -2,6 +2,8 @@
2 <%= hidden_field_tag 'block[links][][icon]', icon %> 2 <%= hidden_field_tag 'block[links][][icon]', icon %>
3 <span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span> 3 <span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span>
4 <div class="icon-selector" style='display:none;'> 4 <div class="icon-selector" style='display:none;'>
5 - <%= @block.icons_options.join %> 5 + <% @block.icons.map do |i| %>
  6 + <%= content_tag('span', '', :title => i[1], :class => "icon-#{i[0]}", :onclick => "changeIcon(this, '#{i[0]}')") %>
  7 + <% end %>
6 </div> 8 </div>
7 </div> 9 </div>
test/integration/safe_strings_test.rb
  Diff comments   View file @db91caf
@@ -163,4 +163,16 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest @@ -163,4 +163,16 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
163 get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) 163 get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
164 assert_select '.block-config-options .image-data-line' 164 assert_select '.block-config-options .image-data-line'
165 end 165 end
  166 +
  167 + should 'not escape icons options editing link_list block' do
  168 + create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
  169 + profile = Person['jimi']
  170 + login 'jimi', 'test'
  171 + profile.blocks.each(&:destroy)
  172 + profile.boxes.first.blocks << LinkListBlock.new
  173 + block = profile.boxes.first.blocks.first
  174 + get "/myprofile/#{profile.identifier}/profile_design/edit/#{block.id}"
  175 + assert_select '.icon-selector .icon-edit'
  176 + end
  177 +
166 end 178 end