ActionItem192: sanitizing fields from admin_panel_controller

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1727 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem192: sanitizing fields from admin_panel_controller
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1727 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent f26b098c
Showing 2 changed files with 8 additions and 0 deletions Show diff stats
app/models/environment.rb
test/functional/admin_panel_controller_test.rb
@@ -185,6 +185,8 @@ class Environment &lt; ActiveRecord::Base
  
   validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |record| ! record.contact_email.blank? })
  
+  xss_terminate :only => [ :description ]
+
   # #################################################
   # Business logic in general
   # #################################################
@@ -66,4 +66,10 @@ class AdminPanelControllerTest &lt; Test::Unit::TestCase
     assert_equal "This is my new environment", Environment.default.description
   end
  
+  should 'sanitize description' do
+    post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" }
+    assert_redirected_to :action => 'index'
+    assert_sanitized Environment.default.description
+  end
+
 end
...	...	@@ -185,6 +185,8 @@ class Environment < ActiveRecord::Base
185	185
186	186	validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { \|record\| ! record.contact_email.blank? })
187	187
	188	+ xss_terminate :only => [ :description ]
	189	+
188	190	# #################################################
189	191	# Business logic in general
190	192	# #################################################
...	...
...	...	@@ -66,4 +66,10 @@ class AdminPanelControllerTest < Test::Unit::TestCase
66	66	assert_equal "This is my new environment", Environment.default.description
67	67	end
68	68
	69	+ should 'sanitize description' do
	70	+ post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" }
	71	+ assert_redirected_to :action => 'index'
	72	+ assert_sanitized Environment.default.description
	73	+ end
	74	+
69	75	end
...	...