[Git][noosfero/noosfero][master] 2 commits: html_safe: fix escape of article body and abstract

Victor Costa gitlab at mg.gitlab.com
Thu May 5 17:26:49 BRT 2016 

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
b96e16b3 by Victor Costa at 2016-05-05T14:44:35-03:00
html_safe: fix escape of article body and abstract

- - - - -
025f806d by Victor Costa at 2016-05-05T20:26:41+00:00
Merge branch 'html-safe-article' into 'master'

html_safe: fix escape of article body and abstract



See merge request !896
- - - - -


2 changed files:

- app/controllers/my_profile/cms_controller.rb
- app/views/shared/_lead_and_body.html.erb


Changes:

=====================================
app/controllers/my_profile/cms_controller.rb
=====================================
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -103,8 +103,6 @@ class CmsController < MyProfileController
         end
       end
     end
-
-    escape_fields @article
   end
 
   def new
@@ -174,9 +172,6 @@ class CmsController < MyProfileController
         return
       end
     end
-
-    escape_fields @article
-
     render :action => 'edit'
   end
 
@@ -518,10 +513,4 @@ class CmsController < MyProfileController
     end
   end
 
-  def escape_fields article
-    unless article.kind_of?(RssFeed)
-      @escaped_body = CGI::escapeHTML(article.body || '')
-      @escaped_abstract = CGI::escapeHTML(article.abstract || '')
-    end
-  end
 end


=====================================
app/views/shared/_lead_and_body.html.erb
=====================================
--- a/app/views/shared/_lead_and_body.html.erb
+++ b/app/views/shared/_lead_and_body.html.erb
@@ -23,11 +23,7 @@
   <% if f %>
     <%= labelled_form_field(_(abstract_label), f.text_area(abstract_method, abstract_options)) %>
   <% else %>
-    <% if @article.kind_of?(Article) %>
-      <%= labelled_form_field(_(abstract_label), text_area_tag("article[abstract]", @escaped_abstract, abstract_options)) %>
-    <% else %>
-      <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
-    <% end %>
+    <%= labelled_form_field(_(abstract_label), text_area(object, abstract_method, abstract_options)) %>
   <% end %>
 </div>
 <div style="margin-top: 10px;">
@@ -35,11 +31,7 @@
   <% if f %>
     <%= labelled_form_field(_(body_label), f.text_area(body_method, body_options)) %>
   <% else %>
-    <% if @article.kind_of?(Article) %>
-      <%= labelled_form_field(_(body_label), text_area_tag("article[body]", @escaped_body, body_options)) %>
-    <% else %>
-      <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
-    <% end %>
+    <%= labelled_form_field(_(body_label), text_area(object, body_method, body_options)) %>
   <% end %>
 </div>
 



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/ea29ebc4aeaac151bbac95c9398998ce3f2a5d0f...025f806d0aa51a3b46979cb4fa2a75f3c2a40435
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160505/4977adad/attachment-0001.html>

More information about the Noosfero-dev mailing list