[Git][noosfero/noosfero][master] 2 commits: html_safe: avoid escape task information string
Leandro Nunes
gitlab at mg.gitlab.com
Wed May 4 12:17:33 BRT 2016
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
963fc123 by Victor Costa at 2016-05-03T15:35:30-03:00
html_safe: avoid escape task information string
- - - - -
464b8a1c by Leandro Nunes at 2016-05-04T15:17:23+00:00
Merge branch 'html-safe-tasks' into 'master'
html_safe: avoid escape task information string
See merge request !889
- - - - -
2 changed files:
- app/views/profile_editor/_pending_tasks.html.erb
- test/integration/safe_strings_test.rb
Changes:
=====================================
app/views/profile_editor/_pending_tasks.html.erb
=====================================
--- a/app/views/profile_editor/_pending_tasks.html.erb
+++ b/app/views/profile_editor/_pending_tasks.html.erb
@@ -4,7 +4,7 @@
<div class='pending-tasks'>
<h2><%= _('You have pending requests') %></h2>
<ul>
- <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task))}) %>
+ <%= safe_join(@pending_tasks.map {|task| content_tag('li', task_information(task).html_safe)}) %>
</ul>
<%= button(:todo, _('Process requests'), :controller => 'tasks', :action => 'index') %>
</div>
=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -84,4 +84,12 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
}
end
+ should 'not escape task information on manage profile' do
+ create_user('marley', :password => 'test', :password_confirmation => 'test').activate
+ person = Person['marley']
+ task = create(Task, :requestor => person, :target => person)
+ login 'marley', 'test'
+ get "/myprofile/marley"
+ assert_select ".pending-tasks ul li a"
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/d488fa59b4e3dbc87b10dc828642d49cb1fcd368...464b8a1c2b438cda7f000d22c92d40a05af28012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160504/af03552b/attachment-0001.html>
More information about the Noosfero-dev
mailing list