Download as
Browse Code »

Commit e936b0ae7847f8ff3468d544011c81605050c5b4

Authored by Joenio Costa
1 parent efe01800
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Allow 'rowspan' and 'colspan' in Noosfero's contents 

thanks Braulio!
Showing 2 changed files with 12 additions and 3 deletions   Show diff stats
config/application.rb
  Diff comments   View file @e936b0a
... ... @@ -20,7 +20,7 @@ module Noosfero
20 20 require 'noosfero/plugin'
21 21  
22 22 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
23   - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay'
  23 + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target', 'codebase', 'archive', 'classid', 'code', 'flashvars', 'scrolling', 'frameborder', 'controls', 'autoplay', 'colspan', 'rowspan'
24 24  
25 25 # Adds custom tags to the Set of allowed html tags for the #sanitize helper
26 26 config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param', 'table', 'tr', 'th', 'td', 'applet', 'comment', 'iframe', 'audio', 'video', 'source'
... ...
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @e936b0a
... ... @@ -8,7 +8,7 @@ class TinyMceArticleTest < ActiveSupport::TestCase
8 8 @profile = create_user('zezinho').person
9 9 end
10 10 attr_reader :profile
11   -
  11 +
12 12 # this test can be removed when we get real tests for TinyMceArticle
13 13 should 'be an article' do
14 14 assert_subclass TextArticle, TinyMceArticle
... ... @@ -210,7 +210,7 @@ end
210 210 assert_equal true, a.notifiable?
211 211 assert_equal true, a.advertise?
212 212 assert_equal true, a.is_trackable?
213   -
  213 +
214 214 a.published=false
215 215 assert_equal false, a.published?
216 216 assert_equal false, a.is_trackable?
... ... @@ -237,4 +237,13 @@ end
237 237 assert_tag_in_string article.body, :tag => 'source', :attributes => {:src => 'http://example.ogv', :type => 'video/ogg'}
238 238 end
239 239  
  240 + should 'not sanitize colspan and rowspan attributes' do
  241 + article = TinyMceArticle.create!(:name => 'table with colspan and rowspan',
  242 + :body => "<table colspan='2' rowspan='3'><tr></tr></table>",
  243 + :profile => profile
  244 + )
  245 + assert_tag_in_string article.body, :tag => 'table',
  246 + :attributes => { :colspan => 2, :rowspan => 3 }
  247 + end
  248 +
240 249 end
... ...