[Git][noosfero/noosfero][master] 3 commits: html_safe: fix author link in publishing info
Leandro Nunes
gitlab at mg.gitlab.com
Wed May 4 15:44:29 BRT 2016
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
498b3078 by Victor Costa at 2016-05-04T15:08:28-03:00
html_safe: fix author link in publishing info
- - - - -
e9e5d31d by Victor Costa at 2016-05-04T15:10:48-03:00
html_safe: not escape tinymce macros
- - - - -
2a82a686 by Leandro Nunes at 2016-05-04T18:44:16+00:00
Merge branch 'html-safe-fixes' into 'master'
Html safe fixes
1. html_safe: not escape tinymce macros
1. html_safe: fix author link in publishing info
See merge request !894
- - - - -
3 changed files:
- app/helpers/macros_helper.rb
- app/views/content_viewer/_publishing_info.html.erb
- test/integration/safe_strings_test.rb
Changes:
=====================================
app/helpers/macros_helper.rb
=====================================
--- a/app/helpers/macros_helper.rb
+++ b/app/helpers/macros_helper.rb
@@ -32,7 +32,7 @@ module MacrosHelper
}
});
}"
- end
+ end.html_safe
end
def include_macro_js_files
=====================================
app/views/content_viewer/_publishing_info.html.erb
=====================================
--- a/app/views/content_viewer/_publishing_info.html.erb
+++ b/app/views/content_viewer/_publishing_info.html.erb
@@ -3,7 +3,7 @@
<%= show_time(@page.published_at) %>
</span>
<span class="author">
- <%= _(", by %s") % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
+ <%= _(", by %s").html_safe % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
</span>
<% unless @no_comments %>
<span class="comments">
=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -92,4 +92,29 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
get "/myprofile/marley"
assert_select ".pending-tasks ul li a"
end
+
+ should 'not escape author link in publishing info of article' do
+ create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+ person = Person['jimi']
+ article = fast_create(Article, author_id: person.id, profile_id: person.id)
+ get url_for(article.view_url)
+ assert_select ".publishing-info .author a"
+ end
+
+ should 'not escape tinymce macros when create article' do
+ class Plugin1 < Noosfero::Plugin
+ end
+ class Plugin1::Macro < Noosfero::Plugin::Macro
+ def self.configuration
+ {params: {}}
+ end
+ end
+ Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([SafeStringsTest::Plugin1.new])
+
+ create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+ person = Person['jimi']
+ login 'jimi', 'test'
+ get "/myprofile/jimi/cms/new?type=TinyMceArticle"
+ assert_no_match /title: "Safestringstest::plugin1::macro"/, response.body
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/464b8a1c2b438cda7f000d22c92d40a05af28012...2a82a6868338e1621e119531ece116e1211ef1e1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160504/6d1ce811/attachment-0001.html>
More information about the Noosfero-dev
mailing list