relevant_content: fix html escaping

Victor Costa
1 parent 86688d49
Showing 2 changed files with 22 additions and 30 deletions Show diff stats
plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
plugins/relevant_content/test/unit/relevant_content_block_test.rb
@@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
  
     if self.show_most_read
       docs = Article.most_accessed(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
-      end
+      content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
     end
  
     if self.show_most_commented
       docs = Article.most_commented_relevant_content(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
-      end
+      content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
     end
  
     if owner.kind_of?(Environment)
@@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
     if env.plugin_enabled?('VotePlugin')
       if self.show_most_liked
         docs = Article.more_positive_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
-        end
+        content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
       end
       if self.show_most_disliked
         docs = Article.more_negative_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
-        end
+        content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
       end
  
       if self.show_most_voted
         docs = Article.most_voted(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
-        end
+        content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
       end
     end
     return content.html_safe
@@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
       { :profile => [:article], :environment => [:article] }
   end
  
+  protected
+
+  def subcontent(docs, title, html_class)
+    subcontent = safe_join([
+      content_tag(:span, title, class: "title #{html_class}"),
+      content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
+    ], "\n")
+    content_tag(:div, subcontent, :class=>"block #{html_class}")
+  end
+
 end
@@ -77,4 +77,11 @@ class RelevantContentBlockTest &lt; ActiveSupport::TestCase
     assert_equal false, data.empty?
   end
  
+  should 'not escape html in block content' do
+    fast_create(Article, profile_id: profile.id, hits: 10)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
+    block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+    Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
+    assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
+  end
 end
...	...	@@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock < Block
29	29
30	30	if self.show_most_read
31	31	docs = Article.most_accessed(owner, self.limit)
32		- if !docs.blank?
33		- subcontent = ""
34		- subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
35		- subcontent += content_tag(:ul, docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
36		- content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
37		- end
	32	+ content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
38	33	end
39	34
40	35	if self.show_most_commented
41	36	docs = Article.most_commented_relevant_content(owner, self.limit)
42		- if !docs.blank?
43		- subcontent = ""
44		- subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
45		- subcontent += content_tag(:ul, docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
46		- content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
47		- end
	37	+ content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
48	38	end
49	39
50	40	if owner.kind_of?(Environment)
...	...	@@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock < Block
56	46	if env.plugin_enabled?('VotePlugin')
57	47	if self.show_most_liked
58	48	docs = Article.more_positive_votes(owner, self.limit)
59		- if !docs.blank?
60		- subcontent = ""
61		- subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
62		- subcontent += content_tag(:ul, docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
63		- content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
64		- end
	49	+ content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
65	50	end
66	51	if self.show_most_disliked
67	52	docs = Article.more_negative_votes(owner, self.limit)
68		- if !docs.blank?
69		- subcontent = ""
70		- subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
71		- subcontent += content_tag(:ul, docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
72		- content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
73		- end
	53	+ content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
74	54	end
75	55
76	56	if self.show_most_voted
77	57	docs = Article.most_voted(owner, self.limit)
78		- if !docs.blank?
79		- subcontent = ""
80		- subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
81		- subcontent += content_tag(:ul, docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
82		- content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
83		- end
	58	+ content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
84	59	end
85	60	end
86	61	return content.html_safe
...	...	@@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock < Block
94	69	{ :profile => [:article], :environment => [:article] }
95	70	end
96	71
	72	+ protected
	73	+
	74	+ def subcontent(docs, title, html_class)
	75	+ subcontent = safe_join([
	76	+ content_tag(:span, title, class: "title #{html_class}"),
	77	+ content_tag(:ul, safe_join(docs.map {\|item\| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
	78	+ ], "\n")
	79	+ content_tag(:div, subcontent, :class=>"block #{html_class}")
	80	+ end
	81	+
97	82	end
...	...
...	...	@@ -77,4 +77,11 @@ class RelevantContentBlockTest < ActiveSupport::TestCase
77	77	assert_equal false, data.empty?
78	78	end
79	79
	80	+ should 'not escape html in block content' do
	81	+ fast_create(Article, profile_id: profile.id, hits: 10)
	82	+ box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
	83	+ block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
	84	+ Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
	85	+ assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
	86	+ end
80	87	end
...	...