Merge branch 'newsletter-article-image' into 'master'

newsletter: remove unwanted tags from lead Filter out image and other tags from newsletter articles's lead since the only image for an article in the newsletter has to be the article's image. The content in the lead can't have any type of additional formatting in the newsletter's body. This also fixes the problem with not sanitizing p tags with any attributes, like styles commonly added by tinymce. See merge request !698

Merge branch 'newsletter-article-image' into 'master'
newsletter: remove unwanted tags from lead Filter out image and other tags from newsletter articles's lead since the only image for an article in the newsletter has to be the article's image. The content in the lead can't have any type of additional formatting in the newsletter's body. This also fixes the problem with not sanitizing p tags with any attributes, like styles commonly added by tinymce. See merge request !698
Antonio Terceiro
2 parents 5641033f dcddcdea
Showing 3 changed files with 21 additions and 10 deletions Show diff stats
plugins/newsletter/lib/newsletter_plugin/newsletter.rb
plugins/newsletter/public/style.css
plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
@@ -123,11 +123,11 @@ class NewsletterPlugin::Newsletter &lt; Noosfero::Plugin::ActiveRecord
   end
   def post_with_image(post)
-    content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
+    content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
   end
   def post_without_image(post)
-    content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
+    content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
   end
   def body(data = {})
@@ -177,10 +177,6 @@ class NewsletterPlugin::Newsletter &lt; Noosfero::Plugin::ActiveRecord
     last_mailing.nil? ? nil : last_mailing.created_at
   end
-  def sanitize(html)
-    html.gsub(/<\/?p>/, '')
-  end
-
   def has_posts_in_the_period?
     ! self.posts.empty?
   end
@@ -14,7 +14,7 @@
 }
 #newsletter-moderation-preview {
-  margin-left: 25px;
+  margin-left: 10px;
 }
 #newsletter-moderation-preview input[type=checkbox] {
@@ -351,15 +351,30 @@ EOS
     post = fast_create(TextArticle, :parent_id => blog.id,
                 :name => 'the last news 1',
                 :profile_id => community.id,
-                :body => "<p>paragraph of news</p>")
+                :body => '<p style="text-align: left;">paragraph of news</p>')
     newsletter = NewsletterPlugin::Newsletter.create!(
       :environment => environment,
       :blog_ids => [blog.id],
       :person => fast_create(Person))
-    assert_match /<p>paragraph of news<\/p>/, post.body
-    assert_not_match /<p>paragraph of news<\/p>/, newsletter.body
+    assert_match /<p style="text-align: left;">paragraph of news<\/p>/, post.body
+    assert_not_match /<p style="text-align: left;">paragraph of news<\/p>/, newsletter.body
+  end
+
+  should 'only include text for posts in HTML generated content' do
+    environment = fast_create Environment
+    community = fast_create(Community, :environment_id => environment.id)
+    blog = fast_create(Blog, :profile_id => community.id)
+    post = fast_create(TextArticle, :profile_id => community.id, :parent_id => blog.id, :name => 'the last news', :abstract => 'A picture<img src="example.png"> is <em>worth</em> a thousand words. <hr><h1>The main goals of visualization</h1>')
+    newsletter = NewsletterPlugin::Newsletter.create!(
+      :environment => environment,
+      :blog_ids => [blog.id],
+      :person => fast_create(Person))
+
+    assert_match /A picture<img src="example.png"> is <em>worth<\/em> a thousand words. <hr><h1>The main goals of visualization<\/h1>/, post.abstract
+    # Tags for text emphasis are whitelisted
+    assert_match /A picture is <em>worth<\/em> a thousand words. The main goals of visualization/, newsletter.body
   end
   should 'filter posts when listing posts for newsletter' do
	@@ -14,7 +14,7 @@		@@ -14,7 +14,7 @@
14	}	14	}
15		15
16	#newsletter-moderation-preview {	16	#newsletter-moderation-preview {
17	- margin-left: 25px;	17	+ margin-left: 10px;
18	}	18	}
19		19
20	#newsletter-moderation-preview input[type=checkbox] {	20	#newsletter-moderation-preview input[type=checkbox] {
	@@ -351,15 +351,30 @@ EOS		@@ -351,15 +351,30 @@ EOS
351	post = fast_create(TextArticle, :parent_id => blog.id,	351	post = fast_create(TextArticle, :parent_id => blog.id,
352	:name => 'the last news 1',	352	:name => 'the last news 1',
353	:profile_id => community.id,	353	:profile_id => community.id,
354	- :body => "<p>paragraph of news</p>")	354	+ :body => '<p style="text-align: left;">paragraph of news</p>')
355		355
356	newsletter = NewsletterPlugin::Newsletter.create!(	356	newsletter = NewsletterPlugin::Newsletter.create!(
357	:environment => environment,	357	:environment => environment,
358	:blog_ids => [blog.id],	358	:blog_ids => [blog.id],
359	:person => fast_create(Person))	359	:person => fast_create(Person))
360		360
361	- assert_match /<p>paragraph of news<\/p>/, post.body
362	- assert_not_match /<p>paragraph of news<\/p>/, newsletter.body	361	+ assert_match /<p style="text-align: left;">paragraph of news<\/p>/, post.body
		362	+ assert_not_match /<p style="text-align: left;">paragraph of news<\/p>/, newsletter.body
		363	+ end
		364	+
		365	+ should 'only include text for posts in HTML generated content' do
		366	+ environment = fast_create Environment
		367	+ community = fast_create(Community, :environment_id => environment.id)
		368	+ blog = fast_create(Blog, :profile_id => community.id)
		369	+ post = fast_create(TextArticle, :profile_id => community.id, :parent_id => blog.id, :name => 'the last news', :abstract => 'A picture<img src="example.png"> is <em>worth</em> a thousand words. <hr><h1>The main goals of visualization</h1>')
		370	+ newsletter = NewsletterPlugin::Newsletter.create!(
		371	+ :environment => environment,
		372	+ :blog_ids => [blog.id],
		373	+ :person => fast_create(Person))
		374	+
		375	+ assert_match /A picture<img src="example.png"> is <em>worth<\/em> a thousand words. <hr><h1>The main goals of visualization<\/h1>/, post.abstract
		376	+ # Tags for text emphasis are whitelisted
		377	+ assert_match /A picture is <em>worth<\/em> a thousand words. The main goals of visualization/, newsletter.body
363	end	378	end
364		379
365	should 'filter posts when listing posts for newsletter' do	380	should 'filter posts when listing posts for newsletter' do