ActionItem192: oops: fixing xss_terminate in Environment

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1742 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem192: oops: fixing xss_terminate in Environment
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1742 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 398598f5
Showing 2 changed files with 5 additions and 4 deletions Show diff stats
app/models/environment.rb
test/functional/admin_panel_controller_test.rb
@@ -185,7 +185,7 @@ class Environment &lt; ActiveRecord::Base
   validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |record| ! record.contact_email.blank? })
-  xss_terminate :only => [ :description ]
+  xss_terminate :only => [ :description ], :with => 'white_list'
   # #################################################
   # Business logic in general
@@ -66,10 +66,11 @@ class AdminPanelControllerTest &lt; Test::Unit::TestCase
     assert_equal "This is my new environment", Environment.default.description
   end
-  should 'sanitize description' do
-    post :site_info, :environment => { :description => "This <strong>is</strong> my new environment" }
+  should 'sanitize description with white_list' do
+    post :site_info, :environment => { :description => "This <strong>is</strong> <scrypt>alert('alow')</script>my new environment" }
     assert_redirected_to :action => 'index'
-    assert_sanitized Environment.default.description
+    #assert_sanitized Environment.default.description
+    assert_equal "This <strong>is</strong> alert('alow')my new environment", Environment.default.description
   end
 end
	@@ -185,7 +185,7 @@ class Environment < ActiveRecord::Base		@@ -185,7 +185,7 @@ class Environment < ActiveRecord::Base
185		185
186	validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { \|record\| ! record.contact_email.blank? })	186	validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { \|record\| ! record.contact_email.blank? })
187		187
188	- xss_terminate :only => [ :description ]	188	+ xss_terminate :only => [ :description ], :with => 'white_list'
189		189
190	# #################################################	190	# #################################################
191	# Business logic in general	191	# Business logic in general