[Git][noosfero/noosfero][master] 2 commits: html_safe: fix escape of article body and abstract
Victor Costa
gitlab at mg.gitlab.com
Thu May 5 17:26:49 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
b96e16b3 by Victor Costa at 2016-05-05T14:44:35-03:00
html_safe: fix escape of article body and abstract
- - - - -
025f806d by Victor Costa at 2016-05-05T20:26:41+00:00
Merge branch 'html-safe-article' into 'master'
html_safe: fix escape of article body and abstract
See merge request !896
- - - - -
2 changed files:
- app/controllers/my_profile/cms_controller.rb
- app/views/shared/_lead_and_body.html.erb
Changes:
=====================================
app/controllers/my_profile/cms_controller.rb
=====================================
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -103,8 +103,6 @@ class CmsController < MyProfileController
end
end
end
-
- escape_fields @article
end
def new
@@ -174,9 +172,6 @@ class CmsController < MyProfileController
return
end
end
-
- escape_fields @article
-
render :action => 'edit'
end
@@ -518,10 +513,4 @@ class CmsController < MyProfileController
end
end
- def escape_fields article
- unless article.kind_of?(RssFeed)
- @escaped_body = CGI::escapeHTML(article.body || '')
- @escaped_abstract = CGI::escapeHTML(article.abstract || '')
- end
- end
end
=====================================
app/views/shared/_lead_and_body.html.erb
=====================================
--- a/app/views/shared/_lead_and_body.html.erb
+++ b/app/views/shared/_lead_and_body.html.erb
@@ -23,11 +23,7 @@
<% if f %>
<%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %>
<% else %>
- <% if @article.kind_of?(Article) %>
- <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %>
- <% else %>
- <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
- <% end %>
+ <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
<% end %>
</div>
<div style="margin-top: 10px;">
@@ -35,11 +31,7 @@
<% if f %>
<%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %>
<% else %>
- <% if @article.kind_of?(Article) %>
- <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %>
- <% else %>
- <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
- <% end %>
+ <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
<% end %>
</div>
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/ea29ebc4aeaac151bbac95c9398998ce3f2a5d0f...025f806d0aa51a3b46979cb4fa2a75f3c2a40435
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160505/4977adad/attachment-0001.html>
More information about the Noosfero-dev
mailing list