[Git][noosfero/noosfero][master] 2 commits: fix html escape of activity lead

Leandro Nunes gitlab at mg.gitlab.com
Thu May 5 13:20:29 BRT 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
05010771 by Leandro Nunes dos Santos at 2016-05-05T13:05:55-03:00
fix html escape of activity lead

- - - - -
1ec026e9 by Leandro Nunes at 2016-05-05T16:20:17+00:00
Merge branch 'html-safe-activity' into 'master'

fix html escape of activity lead

fix html escape of activity lead

See merge request !899
- - - - -


2 changed files:

- app/views/profile/_create_article.html.erb
- test/integration/safe_strings_test.rb


Changes:

=====================================
app/views/profile/_create_article.html.erb
=====================================
--- a/app/views/profile/_create_article.html.erb
+++ b/app/views/profile/_create_article.html.erb
@@ -9,7 +9,7 @@
   <div class='profile-activity-lead'>
     <div class='article-name'><%= link_to(activity.params['name'], activity.params['url']) %></div>
     <span title='<%= activity.target.class.short_description %>' class='profile-activity-icon icon-new icon-new<%= activity.target.class.icon_name %>'></span>
-    <%= image_tag(activity.params['first_image']) unless activity.params['first_image'].blank? %><%= strip_tags(truncate(activity.params['lead'], :length => 1000, :ommision => '...')).gsub(/(\xC2\xA0|\s)+/, ' ').gsub(/^\s+/, '') unless activity.params['lead'].blank? %> <small><%= link_to(_('See more'), activity.params['url']) unless activity.get_lead.blank? %></small>
+    <%= image_tag(activity.params['first_image']) unless activity.params['first_image'].blank? %><%= strip_tags(truncate(activity.params['lead'].html_safe, :length => 1000, :ommision => '...')).gsub(/(\xC2\xA0|\s)+/, ' ').gsub(/^\s+/, '') unless activity.params['lead'].blank? %><small><%= link_to(_('See more'), activity.params['url']) unless activity.get_lead.blank? %></small>
   </div>
   <%= content_tag(:p, link_to(_('See complete forum'), activity.get_url), :class => 'see-forum') if activity.target.is_a?(Forum) %>
   <p class='profile-activity-time'><%= time_ago_in_words(activity.created_at) %></p>


=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -117,4 +117,22 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
     get "/myprofile/jimi/cms/new?type=TinyMceArticle"
     assert_no_match /title: "Safestringstest::plugin1::macro&quot/, response.body
   end
+
+  should 'not escape short_description of articles in activities' do
+    user = create_user('marley', :password => 'test', :password_confirmation => 'test')
+    user.activate
+    profile = user.person
+    login 'marley', 'test'
+
+    expected_content = 'something'
+    html_content = "<p>#{expected_content}</p>"
+    article = TinyMceArticle.create!(:profile => profile, :name => 'An Article about Free Software', :body => html_content)
+    ActionTracker::Record.destroy_all
+    activity = create(ActionTracker::Record, :user_id => profile.id, :user_type => 'Profile', :verb => 'create_article', :target_id => article.id, :target_type => 'Article', :params => {'name' => article.name, 'url' => article.url, 'lead' => article.lead, 'first_image' => article.first_image})
+    get "/profile/marley"
+    assert_tag 'li', :attributes => {:id => "profile-activity-item-#{activity.id}"}, :descendant => {
+      :tag => 'div', :content => "\n    " + expected_content, :attributes => {:class => 'profile-activity-lead'}
+    }
+  end
+
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/53dbec924ee6317b809924ed6f2b5033d05fa561...1ec026e9554eb7fb70d896b8236c1e0a698a2b78
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160505/79b47e8b/attachment-0001.html>

More information about the Noosfero-dev mailing list