Commit 60c6ac65350b9330521c24a2590327f76decd6b6
1 parent
99e9e72f
Exists in
master
and in
28 other branches
Fix for escaped HTML in blog posts listing
Showing
2 changed files
with
16 additions
and
1 deletions
Show diff stats
app/helpers/blog_helper.rb
| ... | ... | @@ -42,7 +42,7 @@ module BlogHelper |
| 42 | 42 | |
| 43 | 43 | def display_post(article, format = 'full') |
| 44 | 44 | no_comments = (format == 'full') ? false : true |
| 45 | - html = send("display_#{format}_format", article) | |
| 45 | + html = send("display_#{format}_format", article).html_safe | |
| 46 | 46 | |
| 47 | 47 | article_title(article, :no_comments => no_comments) + html |
| 48 | 48 | end | ... | ... |
test/functional/content_viewer_controller_test.rb
| ... | ... | @@ -1256,4 +1256,19 @@ class ContentViewerControllerTest < ActionController::TestCase |
| 1256 | 1256 | assert_tag :tag => 'a', :attributes => { :href => "/#{profile.identifier}/#{article.path}?comment_page=2", :rel => 'next' } |
| 1257 | 1257 | end |
| 1258 | 1258 | |
| 1259 | + should 'not escape acceptable HTML in list of blog posts' do | |
| 1260 | + login_as('testinguser') | |
| 1261 | + blog = Blog.create!(:name => 'A blog test', :profile => profile) | |
| 1262 | + blog.posts << TinyMceArticle.create!( | |
| 1263 | + :name => 'Post', | |
| 1264 | + :profile => profile, | |
| 1265 | + :parent => blog, | |
| 1266 | + :published => true, | |
| 1267 | + :body => "<p>This is a <strong>bold</strong> statement right there!</p>" | |
| 1268 | + ) | |
| 1269 | + | |
| 1270 | + get :view_page, :profile => profile.identifier, :page => [blog.path] | |
| 1271 | + assert_tag :tag => 'strong', :content => /bold/ | |
| 1272 | + end | |
| 1273 | + | |
| 1259 | 1274 | end | ... | ... |