Commit f20379e1ae36061c1370386a93919808c2561405
1 parent
398598f5
Exists in
master
and in
29 other branches
ActionItem192: oops: fixing xss_terminate in Environment
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1742 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
2 changed files
with
5 additions
and
4 deletions
Show diff stats
app/models/environment.rb
| ... | ... | @@ -185,7 +185,7 @@ class Environment < ActiveRecord::Base |
| 185 | 185 | |
| 186 | 186 | validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |record| ! record.contact_email.blank? }) |
| 187 | 187 | |
| 188 | - xss_terminate :only => [ :description ] | |
| 188 | + xss_terminate :only => [ :description ], :with => 'white_list' | |
| 189 | 189 | |
| 190 | 190 | # ################################################# |
| 191 | 191 | # Business logic in general | ... | ... |
test/functional/admin_panel_controller_test.rb
| ... | ... | @@ -66,10 +66,11 @@ class AdminPanelControllerTest < Test::Unit::TestCase |
| 66 | 66 | assert_equal "This is my new environment", Environment.default.description |
| 67 | 67 | end |
| 68 | 68 | |
| 69 | - should 'sanitize description' do | |
| 70 | - post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" } | |
| 69 | + should 'sanitize description with white_list' do | |
| 70 | + post :site_info, :environment => { :description => "This <strong>is</strong> <scrypt>alert('alow')</script>my new environment" } | |
| 71 | 71 | assert_redirected_to :action => 'index' |
| 72 | - assert_sanitized Environment.default.description | |
| 72 | + #assert_sanitized Environment.default.description | |
| 73 | + assert_equal "This <strong>is</strong> alert('alow')my new environment", Environment.default.description | |
| 73 | 74 | end |
| 74 | 75 | |
| 75 | 76 | end | ... | ... |