[Git][noosfero/noosfero][master] CommunityTrack: avoid html parse in body and lead tracks and steps

[Leandro Nunes]

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
2276f138 by Leandro Nunes dos Santos at 2016-08-04T14:31:48-03:00
CommunityTrack: avoid html parse in body and lead tracks and steps

- - - - -


4 changed files:

- plugins/community_track/views/blocks/_track.html.erb
- plugins/community_track/views/content_viewer/_step_item.html.erb
- plugins/community_track/views/content_viewer/step.html.erb
- plugins/community_track/views/content_viewer/track.html.erb


Changes:

=====================================
plugins/community_track/views/blocks/_track.html.erb
=====================================
--- a/plugins/community_track/views/blocks/_track.html.erb
+++ b/plugins/community_track/views/blocks/_track.html.erb
@@ -5,7 +5,7 @@
     <div class="lead">
       <h3><%= link_to track.name, track.url %></h3>
       <div class="content">
-        <%= track.lead %>
+        <%= track.lead.html_safe %>
       </div>
     </div>
     <div class="steps">


=====================================
plugins/community_track/views/content_viewer/_step_item.html.erb
=====================================
--- a/plugins/community_track/views/content_viewer/_step_item.html.erb
+++ b/plugins/community_track/views/content_viewer/_step_item.html.erb
@@ -10,7 +10,7 @@
         <%= status_description(step_item) %>
       </div>
       <div class="name"><span class="tool_icon button with-text icon-new icon-new<%= step_item.tool_class.icon_name if step_item.tool_class %>"></span>  <%= step_item.name %></div>
-      <div class="lead"><%= step_item.body %></div>
+      <div class="lead"><%= step_item.body.html_safe %></div>
       <div class="tools">
         <% if step_item.tool %>
           <%= _('Tool: ') %>


=====================================
plugins/community_track/views/content_viewer/step.html.erb
=====================================
--- a/plugins/community_track/views/content_viewer/step.html.erb
+++ b/plugins/community_track/views/content_viewer/step.html.erb
@@ -7,7 +7,7 @@
     </ul>
   </div>
   <div>
-    <%= step.body %>
+    <%= step.body.html_safe %>
   </div>
   <% if step.allow_create?(user) && !step.tool && step.tool_class %>
     <h3><%= _("Tool") %></h3>


=====================================
plugins/community_track/views/content_viewer/track.html.erb
=====================================
--- a/plugins/community_track/views/content_viewer/track.html.erb
+++ b/plugins/community_track/views/content_viewer/track.html.erb
@@ -3,7 +3,7 @@
 <%= form_tag({:controller => 'community_track_plugin_myprofile', :action => 'save_order', :track => track}) do %>
 <div id="track">
   <div>
-    <%= track.body %>
+    <%= track.body.html_safe %>
   </div>
 
   <h3><%= _("Steps") %></h3>



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/2276f13845bae26059442e6bdbe2f165908c4770
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160804/a7afdbfb/attachment-0001.html>