[Git][noosfero/noosfero][master] Not escape html in people suggestions
Victor Costa
gitlab at mg.gitlab.com
Thu Aug 4 16:56:35 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
f16ec7f4 by Victor Costa at 2016-08-04T16:55:55-03:00
Not escape html in people suggestions
- - - - -
2 changed files:
- app/helpers/application_helper.rb
- app/views/shared/_profile_connections.html.erb
Changes:
=====================================
app/helpers/application_helper.rb
=====================================
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1183,10 +1183,10 @@ module ApplicationHelper
end
controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
- profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>", :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4
+ profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>".html_safe, :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4
if profiles.present?
- content_tag(:div, profiles.join , :class => 'profile-connections')
+ content_tag(:div, profiles.safe_join , :class => 'profile-connections')
else
''
end
=====================================
app/views/shared/_profile_connections.html.erb
=====================================
--- a/app/views/shared/_profile_connections.html.erb
+++ b/app/views/shared/_profile_connections.html.erb
@@ -4,7 +4,7 @@
<ul class="profile-list">
<% profiles.each do |profile| %>
<li>
- <%= link_to_profile profile_image(profile) + '<br/>' + profile.short_name,
+ <%= link_to_profile profile_image(profile) + '<br/>'.html_safe + profile.short_name,
profile.identifier, :class => 'profile-link' %>
</li>
<% end %>
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/f16ec7f40f8a718f3860db79ebf6a17ce30f462e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160804/ddd34ef6/attachment-0001.html>
More information about the Noosfero-dev
mailing list