external_feed: strip attributes style and class

(ActionItem2650)

external_feed: strip attributes style and class
(ActionItem2650)
Lucas Melo · Rodrigo Souto
1 parent b29ff55e
Showing 2 changed files with 23 additions and 0 deletions Show diff stats
app/models/external_feed.rb
test/unit/external_feed_test.rb
@@ -11,6 +11,15 @@ class ExternalFeed &lt; ActiveRecord::Base
   }
   def add_item(title, link, date, content)
+    doc = Hpricot(content)
+    doc.search('*').each do |p|
+      if p.instance_of? Hpricot::Elem
+        p.remove_attribute 'style'
+        p.remove_attribute 'class'
+      end
+    end
+    content = doc.to_s
+
     article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)
     unless blog.children.exists?(:slug => article.slug)
       article.save!
@@ -152,4 +152,18 @@ class ExternalFeedTest &lt; ActiveSupport::TestCase
     assert_equal 35, external_feed.fetched_at.min
   end
+  should 'strip content of style and class attributes' do
+    blog = create_blog
+    e = build(:external_feed, :blog => blog)
+    e.add_item('Article title', 'http://orig.link.invalid', Time.now, '<p style="color: red">Html content 1.</p>')
+    e.add_item('Article title 2', 'http://orig.link.invalid', Time.now, '<p class="myclass">Html content 2.</p>')
+    e.add_item('Article title 3', 'http://orig.link.invalid', Time.now, '<img src="noosfero.png" />')
+
+    dd = []
+    Article.where(['parent_id = ?', blog.id]).all.each do |a|
+      dd << a.body.to_s.strip.gsub(/\s+/, ' ')
+    end
+    assert_equal '<img src="noosfero.png" /><p>Html content 1.</p><p>Html content 2.</p>', dd.sort.join
+  end
+
 end
	@@ -11,6 +11,15 @@ class ExternalFeed < ActiveRecord::Base		@@ -11,6 +11,15 @@ class ExternalFeed < ActiveRecord::Base
11	}	11	}
12		12
13	def add_item(title, link, date, content)	13	def add_item(title, link, date, content)
		14	+ doc = Hpricot(content)
		15	+ doc.search('*').each do \|p\|
		16	+ if p.instance_of? Hpricot::Elem
		17	+ p.remove_attribute 'style'
		18	+ p.remove_attribute 'class'
		19	+ end
		20	+ end
		21	+ content = doc.to_s
		22	+
14	article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)	23	article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)
15	unless blog.children.exists?(:slug => article.slug)	24	unless blog.children.exists?(:slug => article.slug)
16	article.save!	25	article.save!
	@@ -152,4 +152,18 @@ class ExternalFeedTest < ActiveSupport::TestCase		@@ -152,4 +152,18 @@ class ExternalFeedTest < ActiveSupport::TestCase
152	assert_equal 35, external_feed.fetched_at.min	152	assert_equal 35, external_feed.fetched_at.min
153	end	153	end
154		154
		155	+ should 'strip content of style and class attributes' do
		156	+ blog = create_blog
		157	+ e = build(:external_feed, :blog => blog)
		158	+ e.add_item('Article title', 'http://orig.link.invalid', Time.now, '<p style="color: red">Html content 1.</p>')
		159	+ e.add_item('Article title 2', 'http://orig.link.invalid', Time.now, '<p class="myclass">Html content 2.</p>')
		160	+ e.add_item('Article title 3', 'http://orig.link.invalid', Time.now, '<img src="noosfero.png" />')
		161	+
		162	+ dd = []
		163	+ Article.where(['parent_id = ?', blog.id]).all.each do \|a\|
		164	+ dd << a.body.to_s.strip.gsub(/\s+/, ' ')
		165	+ end
		166	+ assert_equal '<img src="noosfero.png" /><p>Html content 1.</p><p>Html content 2.</p>', dd.sort.join
		167	+ end
		168	+
155	end	169	end