[Git][noosfero/noosfero][master] 3 commits: html_safe: fix author link in publishing info

Leandro Nunes gitlab at mg.gitlab.com
Wed May 4 15:44:29 BRT 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
498b3078 by Victor Costa at 2016-05-04T15:08:28-03:00
html_safe: fix author link in publishing info

- - - - -
e9e5d31d by Victor Costa at 2016-05-04T15:10:48-03:00
html_safe: not escape tinymce macros

- - - - -
2a82a686 by Leandro Nunes at 2016-05-04T18:44:16+00:00
Merge branch 'html-safe-fixes' into 'master'

Html safe fixes

1. html_safe: not escape tinymce macros
1. html_safe: fix author link in publishing info

See merge request !894
- - - - -


3 changed files:

- app/helpers/macros_helper.rb
- app/views/content_viewer/_publishing_info.html.erb
- test/integration/safe_strings_test.rb


Changes:

=====================================
app/helpers/macros_helper.rb
=====================================
--- a/app/helpers/macros_helper.rb
+++ b/app/helpers/macros_helper.rb
@@ -32,7 +32,7 @@ module MacrosHelper
           }
         });
       }"
-    end
+    end.html_safe
   end
 
   def include_macro_js_files


=====================================
app/views/content_viewer/_publishing_info.html.erb
=====================================
--- a/app/views/content_viewer/_publishing_info.html.erb
+++ b/app/views/content_viewer/_publishing_info.html.erb
@@ -3,7 +3,7 @@
     <%= show_time(@page.published_at) %>
   </span>
   <span class="author">
-    <%= _(", by %s") % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
+    <%= _(", by %s").html_safe % (@page.author ? link_to(@page.author_name, @page.author_url) : @page.author_name) %>
   </span>
 <% unless @no_comments %>
   <span class="comments">


=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -92,4 +92,29 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
     get "/myprofile/marley"
     assert_select ".pending-tasks ul li a"
   end
+
+  should 'not escape author link in publishing info of article' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    person = Person['jimi']
+    article = fast_create(Article, author_id: person.id, profile_id: person.id)
+    get url_for(article.view_url)
+    assert_select ".publishing-info .author a"
+  end
+
+  should 'not escape tinymce macros when create article' do
+    class Plugin1 < Noosfero::Plugin
+    end
+    class Plugin1::Macro < Noosfero::Plugin::Macro
+      def self.configuration
+        {params: {}}
+      end
+    end
+    Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([SafeStringsTest::Plugin1.new])
+
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    person = Person['jimi']
+    login 'jimi', 'test'
+    get "/myprofile/jimi/cms/new?type=TinyMceArticle"
+    assert_no_match /title: "Safestringstest::plugin1::macro&quot/, response.body
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/464b8a1c2b438cda7f000d22c92d40a05af28012...2a82a6868338e1621e119531ece116e1211ef1e1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160504/6d1ce811/attachment-0001.html>

More information about the Noosfero-dev mailing list