[Git][noosfero/noosfero][master] 2 commits: html_safe: avoid escape task information string

Leandro Nunes gitlab at mg.gitlab.com
Wed May 4 12:17:33 BRT 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
963fc123 by Victor Costa at 2016-05-03T15:35:30-03:00
html_safe: avoid escape task information string

- - - - -
464b8a1c by Leandro Nunes at 2016-05-04T15:17:23+00:00
Merge branch 'html-safe-tasks' into 'master'

html_safe: avoid escape task information string



See merge request !889
- - - - -


2 changed files:

- app/views/profile_editor/_pending_tasks.html.erb
- test/integration/safe_strings_test.rb


Changes:

=====================================
app/views/profile_editor/_pending_tasks.html.erb
=====================================
--- a/app/views/profile_editor/_pending_tasks.html.erb
+++ b/app/views/profile_editor/_pending_tasks.html.erb
@@ -4,7 +4,7 @@
   <div class='pending-tasks'>
     <h2><%= _('You have pending requests') %></h2>
     <ul>
-      <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %>
+      <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task).html_safe)}) %>
     </ul>
     <%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
   </div>


=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -84,4 +84,12 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
     }
   end
 
+  should 'not escape task information on manage profile' do
+    create_user('marley', :password => 'test', :password_confirmation => 'test').activate
+    person = Person['marley']
+    task = create(Task, :requestor => person, :target => person)
+    login 'marley', 'test'
+    get "/myprofile/marley"
+    assert_select ".pending-tasks ul li a"
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/d488fa59b4e3dbc87b10dc828642d49cb1fcd368...464b8a1c2b438cda7f000d22c92d40a05af28012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160504/af03552b/attachment-0001.html>

More information about the Noosfero-dev mailing list