[Git][noosfero/noosfero][master] 3 commits: newsletter: whitelist only text for article in newsletter
Antonio Terceiro
gitlab at mg.gitlab.com
Thu Nov 12 11:30:37 BRST 2015
Antonio Terceiro pushed to branch master at Noosfero / noosfero
Commits:
4075f24d by Larissa Reis at 2015-10-09T12:39:59Z
newsletter: whitelist only text for article in newsletter
The only image for an article in the newsletter has to be the
article's image. The lead for the article also can't have any
paragraph or other crazy stuff.
Instead of manually using gsub to remove undesired tags, I'm using
ActionView::Helpers::SanitizeHelper#sanitize and whitelisting only
tags for emphasis in text.
- - - - -
dcddcdea by Larissa Reis at 2015-10-09T12:39:59Z
newsletter: makes gap between tasks border and newsletter border smaller
- - - - -
ef77a138 by Antonio Terceiro at 2015-11-12T13:30:12Z
Merge branch 'newsletter-article-image' into 'master'
newsletter: remove unwanted tags from lead
Filter out image and other tags from newsletter articles's lead
since the only image for an article in the newsletter has to be the
article's image. The content in the lead can't have any type of
additional formatting in the newsletter's body.
This also fixes the problem with not sanitizing p tags with any
attributes, like styles commonly added by tinymce.
See merge request !698
- - - - -
3 changed files:
- plugins/newsletter/lib/newsletter_plugin/newsletter.rb
- plugins/newsletter/public/style.css
- plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
Changes:
=====================================
plugins/newsletter/lib/newsletter_plugin/newsletter.rb
=====================================
--- a/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
+++ b/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
@@ -123,11 +123,11 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
end
def post_with_image(post)
- content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
+ content_tag(:tr,content_tag(:td,tag(:img, :src => "#{self.environment.top_url}#{post.image.public_filename(:big)}", :id => post.id),:style => CSS['post-image'])+content_tag(:td,content_tag(:span, show_date(post.published_at), :style => CSS['post-date'])+content_tag(:h3, link_to(h(post.title), post.url, :style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(190), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url), :style => CSS['post-info']))
end
def post_without_image(post)
- content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
+ content_tag(:tr, content_tag(:td,content_tag(:span, show_date(post.published_at),:style => CSS['post-date'], :id => post.id)+content_tag(:h3, link_to(h(post.title), post.url,:style => CSS['post-title']))+content_tag(:p,sanitize(post.lead(360), tags: %w(strong em b i)),:style => CSS['post-lead'])+read_more(post.url),:colspan => 2, :style => CSS['post-info']))
end
def body(data = {})
@@ -177,10 +177,6 @@ class NewsletterPlugin::Newsletter < Noosfero::Plugin::ActiveRecord
last_mailing.nil? ? nil : last_mailing.created_at
end
- def sanitize(html)
- html.gsub(/<\/?p>/, '')
- end
-
def has_posts_in_the_period?
! self.posts.empty?
end
=====================================
plugins/newsletter/public/style.css
=====================================
--- a/plugins/newsletter/public/style.css
+++ b/plugins/newsletter/public/style.css
@@ -14,7 +14,7 @@
}
#newsletter-moderation-preview {
- margin-left: 25px;
+ margin-left: 10px;
}
#newsletter-moderation-preview input[type=checkbox] {
=====================================
plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
=====================================
--- a/plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
+++ b/plugins/newsletter/test/unit/newsletter_plugin_newsletter_test.rb
@@ -351,15 +351,30 @@ EOS
post = fast_create(TextArticle, :parent_id => blog.id,
:name => 'the last news 1',
:profile_id => community.id,
- :body => "<p>paragraph of news</p>")
+ :body => '<p style="text-align: left;">paragraph of news</p>')
newsletter = NewsletterPlugin::Newsletter.create!(
:environment => environment,
:blog_ids => [blog.id],
:person => fast_create(Person))
- assert_match /<p>paragraph of news<\/p>/, post.body
- assert_not_match /<p>paragraph of news<\/p>/, newsletter.body
+ assert_match /<p style="text-align: left;">paragraph of news<\/p>/, post.body
+ assert_not_match /<p style="text-align: left;">paragraph of news<\/p>/, newsletter.body
+ end
+
+ should 'only include text for posts in HTML generated content' do
+ environment = fast_create Environment
+ community = fast_create(Community, :environment_id => environment.id)
+ blog = fast_create(Blog, :profile_id => community.id)
+ post = fast_create(TextArticle, :profile_id => community.id, :parent_id => blog.id, :name => 'the last news', :abstract => 'A picture<img src="example.png"> is <em>worth</em> a thousand words. <hr><h1>The main goals of visualization</h1>')
+ newsletter = NewsletterPlugin::Newsletter.create!(
+ :environment => environment,
+ :blog_ids => [blog.id],
+ :person => fast_create(Person))
+
+ assert_match /A picture<img src="example.png"> is <em>worth<\/em> a thousand words. <hr><h1>The main goals of visualization<\/h1>/, post.abstract
+ # Tags for text emphasis are whitelisted
+ assert_match /A picture is <em>worth<\/em> a thousand words. The main goals of visualization/, newsletter.body
end
should 'filter posts when listing posts for newsletter' do
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/5641033f3e9ec66a0e09ba992c1704000388f9fa...ef77a1386c4618ef428e8e61c1dfc884fe2cbc30
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20151112/8c827c2d/attachment-0001.html>
More information about the Noosfero-dev
mailing list