Download as
Browse Code »

Commit ef77a1386c4618ef428e8e61c1dfc884fe2cbc30

Authored by Antonio Terceiro
2 parents 5641033f dcddcdea
Exists in master and in 20 other branches add_member_task_reject_details, admin_visible_profile, community_notifications, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes, send_email_to_admins, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge branch 'newsletter-article-image' into 'master' 

newsletter: remove unwanted tags from lead

Filter out image and other tags from newsletter articles's lead
since the only image for an article in the newsletter has to be the
article's image. The content in the lead can't have any type of
additional formatting in the newsletter's body. 

This also fixes the problem with not sanitizing p tags with any
attributes, like styles commonly added by tinymce.

See merge request !698
Showing 3 changed files with 21 additions and 10 deletions   Show diff stats
plugins/newsletter/lib/newsletter_plugin/newsletter.rb
  Diff comments   View file @ef77a13
... ... @@ -123,11 +123,11 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
123 123 end
124 124  
125 125 def post_with_image(post)
126   - content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
  126 + content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
127 127 end
128 128  
129 129 def post_without_image(post)
130   - content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
  130 + content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
131 131 end
132 132  
133 133 def body(data = {})
... ... @@ -177,10 +177,6 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
177 177 last_mailing.nil? ? nil : last_mailing.created_at
178 178 end
179 179  
180   - def sanitize(html)
181   - html.gsub(/<\/?p>/, '')
182   - end
183   -
184 180 def has_posts_in_the_period?
185 181 ! self.posts.empty?
186 182 end
... ...
plugins/newsletter/public/style.css
  Diff comments   View file @ef77a13
... ... @@ -14,7 +14,7 @@
14 14 }
15 15  
16 16 #newsletter-moderation-preview {
17   - margin-left: 25px;
  17 + margin-left: 10px;
18 18 }
19 19  
20 20 #newsletter-moderation-preview input[type=checkbox] {
... ...
plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
  Diff comments   View file @ef77a13
... ... @@ -351,15 +351,30 @@ EOS
351 351 post = fast_create(TextArticle, :parent_id => blog.id,
352 352 :name => 'the last news 1',
353 353 :profile_id => community.id,
354   - :body => "<p>paragraph of news</p>")
  354 + :body => '<p style="text-align: left;">paragraph of news</p>')
355 355  
356 356 newsletter = NewsletterPlugin::Newsletter.create!(
357 357 :environment => environment,
358 358 :blog_ids => [blog.id],
359 359 :person => fast_create(Person))
360 360  
361   - assert_match /<p>paragraph of news<\/p>/, post.body
362   - assert_not_match /<p>paragraph of news<\/p>/, newsletter.body
  361 + assert_match /<p style="text-align: left;">paragraph of news<\/p>/, post.body
  362 + assert_not_match /<p style="text-align: left;">paragraph of news<\/p>/, newsletter.body
  363 + end
  364 +
  365 + should 'only include text for posts in HTML generated content' do
  366 + environment = fast_create Environment
  367 + community = fast_create(Community, :environment_id => environment.id)
  368 + blog = fast_create(Blog, :profile_id => community.id)
  369 + post = fast_create(TextArticle, :profile_id => community.id, :parent_id => blog.id, :name => 'the last news', :abstract => 'A picture<img src="example.png"> is <em>worth</em> a thousand words. <hr><h1>The main goals of visualization</h1>')
  370 + newsletter = NewsletterPlugin::Newsletter.create!(
  371 + :environment => environment,
  372 + :blog_ids => [blog.id],
  373 + :person => fast_create(Person))
  374 +
  375 + assert_match /A picture<img src="example.png"> is <em>worth<\/em> a thousand words. <hr><h1>The main goals of visualization<\/h1>/, post.abstract
  376 + # Tags for text emphasis are whitelisted
  377 + assert_match /A picture is <em>worth<\/em> a thousand words. The main goals of visualization/, newsletter.body
363 378 end
364 379  
365 380 should 'filter posts when listing posts for newsletter' do
... ...