[Git][noosfero/noosfero][master] relevant_content: fix html escaping

Thu May 5 17:50:33 BRT 2016

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
dc74d781 by Victor Costa at 2016-05-05T17:50:17-03:00
relevant_content: fix html escaping

- - - - -


2 changed files:

- plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
- plugins/relevant_content/test/unit/relevant_content_block_test.rb


Changes:

=====================================
plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
=====================================

--- a/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
+++ b/plugins/relevant_content/lib/relevant_content_plugin/relevant_content_block.rb
@@ -29,22 +29,12 @@ class RelevantContentPlugin::RelevantContentBlock < Block
 
     if self.show_most_read
       docs = Article.most_accessed(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most read articles"), :class=>"title mread") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mread") + "\n"
-      end
+      content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
     end
 
     if self.show_most_commented
       docs = Article.most_commented_relevant_content(owner, self.limit)
-      if !docs.blank?
-        subcontent = ""
-        subcontent += content_tag(:span, _("Most commented articles"), :class=>"title mcommented") + "\n"
-        subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-        content += content_tag(:div, subcontent, :class=>"block mcommented") + "\n"
-      end
+      content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
     end
 
     if owner.kind_of?(Environment)
@@ -56,31 +46,16 @@ class RelevantContentPlugin::RelevantContentBlock < Block
     if env.plugin_enabled?('VotePlugin')
       if self.show_most_liked
         docs = Article.more_positive_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most liked articles"), :class=>"title mliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mliked") + "\n"
-        end
+        content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
       end
       if self.show_most_disliked
         docs = Article.more_negative_votes(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most disliked articles"), :class=>"title mdisliked") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mdisliked") + "\n"
-        end
+        content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
       end
 
       if self.show_most_voted
         docs = Article.most_voted(owner, self.limit)
-        if !docs.blank?
-          subcontent = ""
-          subcontent += content_tag(:span, _("Most voted articles"), :class=>"title mvoted") + "\n"
-          subcontent += content_tag(:ul, docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-          content += content_tag(:div, subcontent, :class=>"block mvoted") + "\n"
-        end
+        content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
       end
     end
     return content.html_safe
@@ -94,4 +69,14 @@ class RelevantContentPlugin::RelevantContentBlock < Block
       { :profile => [:article], :environment => [:article] }
   end
 
+  protected
+
+  def subcontent(docs, title, html_class)
+    subcontent = safe_join([
+      content_tag(:span, title, class: "title #{html_class}"),
+      content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
+    ], "\n")
+    content_tag(:div, subcontent, :class=>"block #{html_class}")
+  end
+
 end


=====================================
plugins/relevant_content/test/unit/relevant_content_block_test.rb
=====================================
--- a/plugins/relevant_content/test/unit/relevant_content_block_test.rb
+++ b/plugins/relevant_content/test/unit/relevant_content_block_test.rb
@@ -77,4 +77,11 @@ class RelevantContentBlockTest < ActiveSupport::TestCase
     assert_equal false, data.empty?
   end
 
+  should 'not escape html in block content' do
+    fast_create(Article, profile_id: profile.id, hits: 10)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
+    block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+    Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
+    assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/dc74d7816506eb283c3327e84da758c992c33e34
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160505/473e75d0/attachment-0001.html>
