From f20379e1ae36061c1370386a93919808c2561405 Mon Sep 17 00:00:00 2001
From: JoenioCosta <JoenioCosta@3f533792-8f58-4932-b0fe-aaf55b0a4547>
Date: Tue, 29 Apr 2008 06:46:32 +0000
Subject: [PATCH] ActionItem192: oops: fixing xss_terminate in Environment

---
 app/models/environment.rb                      | 2 +-
 test/functional/admin_panel_controller_test.rb | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/models/environment.rb b/app/models/environment.rb
index 324914b..7bdc6f9 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -185,7 +185,7 @@ class Environment < ActiveRecord::Base
 
   validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |record| ! record.contact_email.blank? })
 
-  xss_terminate :only => [ :description ]
+  xss_terminate :only => [ :description ], :with => 'white_list'
 
   # #################################################
   # Business logic in general
diff --git a/test/functional/admin_panel_controller_test.rb b/test/functional/admin_panel_controller_test.rb
index 1520ca6..50bba72 100644
--- a/test/functional/admin_panel_controller_test.rb
+++ b/test/functional/admin_panel_controller_test.rb
@@ -66,10 +66,11 @@ class AdminPanelControllerTest < Test::Unit::TestCase
     assert_equal "This is my new environment", Environment.default.description
   end
 
-  should 'sanitize description' do
-    post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" }
+  should 'sanitize description with white_list' do
+    post :site_info, :environment => { :description => "This <strong>is</strong> <scrypt>alert('alow')</script>my new environment" }
     assert_redirected_to :action => 'index'
-    assert_sanitized Environment.default.description
+    #assert_sanitized Environment.default.description
+    assert_equal "This <strong>is</strong> alert('alow')my new environment", Environment.default.description
   end
 
 end
--
libgit2 0.21.2