external_feed: strip attributes style and class

(ActionItem2650)

external_feed: strip attributes style and class
(ActionItem2650)
Lucas Melo · Rodrigo Souto
1 parent b29ff55e
Showing 2 changed files with 23 additions and 0 deletions Show diff stats
app/models/external_feed.rb
test/unit/external_feed_test.rb
@@ -11,6 +11,15 @@ class ExternalFeed &lt; ActiveRecord::Base
   }
  
   def add_item(title, link, date, content)
+    doc = Hpricot(content)
+    doc.search('*').each do |p|
+      if p.instance_of? Hpricot::Elem
+        p.remove_attribute 'style'
+        p.remove_attribute 'class'
+      end
+    end
+    content = doc.to_s
+
     article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)
     unless blog.children.exists?(:slug => article.slug)
       article.save!
@@ -152,4 +152,18 @@ class ExternalFeedTest &lt; ActiveSupport::TestCase
     assert_equal 35, external_feed.fetched_at.min
   end
  
+  should 'strip content of style and class attributes' do
+    blog = create_blog
+    e = build(:external_feed, :blog => blog)
+    e.add_item('Article title', 'http://orig.link.invalid', Time.now, '<p style="color: red">Html content 1.</p>')
+    e.add_item('Article title 2', 'http://orig.link.invalid', Time.now, '<p class="myclass">Html content 2.</p>')
+    e.add_item('Article title 3', 'http://orig.link.invalid', Time.now, '<img src="noosfero.png" />')
+
+    dd = []
+    Article.where(['parent_id = ?', blog.id]).all.each do |a|
+      dd << a.body.to_s.strip.gsub(/\s+/, ' ')
+    end
+    assert_equal '<img src="noosfero.png" /><p>Html content 1.</p><p>Html content 2.</p>', dd.sort.join
+  end
+
 end
...	...	@@ -11,6 +11,15 @@ class ExternalFeed < ActiveRecord::Base
11	11	}
12	12
13	13	def add_item(title, link, date, content)
	14	+ doc = Hpricot(content)
	15	+ doc.search('*').each do \|p\|
	16	+ if p.instance_of? Hpricot::Elem
	17	+ p.remove_attribute 'style'
	18	+ p.remove_attribute 'class'
	19	+ end
	20	+ end
	21	+ content = doc.to_s
	22	+
14	23	article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)
15	24	unless blog.children.exists?(:slug => article.slug)
16	25	article.save!
...	...
...	...	@@ -152,4 +152,18 @@ class ExternalFeedTest < ActiveSupport::TestCase
152	152	assert_equal 35, external_feed.fetched_at.min
153	153	end
154	154
	155	+ should 'strip content of style and class attributes' do
	156	+ blog = create_blog
	157	+ e = build(:external_feed, :blog => blog)
	158	+ e.add_item('Article title', 'http://orig.link.invalid', Time.now, '<p style="color: red">Html content 1.</p>')
	159	+ e.add_item('Article title 2', 'http://orig.link.invalid', Time.now, '<p class="myclass">Html content 2.</p>')
	160	+ e.add_item('Article title 3', 'http://orig.link.invalid', Time.now, '<img src="noosfero.png" />')
	161	+
	162	+ dd = []
	163	+ Article.where(['parent_id = ?', blog.id]).all.each do \|a\|
	164	+ dd << a.body.to_s.strip.gsub(/\s+/, ' ')
	165	+ end
	166	+ assert_equal '<img src="noosfero.png" /><p>Html content 1.</p><p>Html content 2.</p>', dd.sort.join
	167	+ end
	168	+
155	169	end
...	...