[Git][noosfero/noosfero][master] relevant_content: fix html escaping
Victor Costa
gitlab at mg.gitlab.com
Thu May 5 17:50:33 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
dc74d781 by Victor Costa at 2016-05-05T17:50:17-03:00
relevant_content: fix html escaping
- - - - -
2 changed files:
- plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
- plugins/relevant_content/test/unit/relevant_content_block_test.rb
Changes:
=====================================
plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
=====================================
--- a/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
+++ b/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
@@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock < Block
if self.show_most_read
docs = Article.most_accessed(owner, self.limit)
- if !docs.blank?
- subcontent = ""
- subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
- subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
- content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
- end
+ content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
end
if self.show_most_commented
docs = Article.most_commented_relevant_content(owner, self.limit)
- if !docs.blank?
- subcontent = ""
- subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
- subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
- content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
- end
+ content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
end
if owner.kind_of?(Environment)
@@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock < Block
if env.plugin_enabled?('VotePlugin')
if self.show_most_liked
docs = Article.more_positive_votes(owner, self.limit)
- if !docs.blank?
- subcontent = ""
- subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
- subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
- content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
- end
+ content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
end
if self.show_most_disliked
docs = Article.more_negative_votes(owner, self.limit)
- if !docs.blank?
- subcontent = ""
- subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
- subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
- content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
- end
+ content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
end
if self.show_most_voted
docs = Article.most_voted(owner, self.limit)
- if !docs.blank?
- subcontent = ""
- subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
- subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
- content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
- end
+ content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
end
end
return content.html_safe
@@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock < Block
{ :profile => [:article], :environment => [:article] }
end
+ protected
+
+ def subcontent(docs, title, html_class)
+ subcontent = safe_join([
+ content_tag(:span, title, class: "title #{html_class}"),
+ content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
+ ], "\n")
+ content_tag(:div, subcontent, :class=>"block #{html_class}")
+ end
+
end
=====================================
plugins/relevant_content/test/unit/relevant_content_block_test.rb
=====================================
--- a/plugins/relevant_content/test/unit/relevant_content_block_test.rb
+++ b/plugins/relevant_content/test/unit/relevant_content_block_test.rb
@@ -77,4 +77,11 @@ class RelevantContentBlockTest < ActiveSupport::TestCase
assert_equal false, data.empty?
end
+ should 'not escape html in block content' do
+ fast_create(Article, profile_id: profile.id, hits: 10)
+ box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
+ block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+ Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
+ assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/dc74d7816506eb283c3327e84da758c992c33e34
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160505/473e75d0/attachment-0001.html>
More information about the Noosfero-dev
mailing list