[Git][noosfero/noosfero][master] 3 commits: html_safe: avoid escaping block titles when edit

Mon May 9 15:59:30 BRT 2016

Joenio Costa pushed to branch master at Noosfero / noosfero


Commits:
839e0c57 by Victor Costa at 2016-05-05T16:43:39-03:00
html_safe: avoid escaping block titles when edit

- - - - -
9cba9de7 by Victor Costa at 2016-05-05T16:51:16-03:00
html_safe: fix edition of highlights block

- - - - -
06e7258c by Joenio Costa at 2016-05-09T18:59:14+00:00
Merge branch 'html-safe-blocks' into 'master'

html_safe: fix edition of some blocks



See merge request !900
- - - - -


3 changed files:

- app/helpers/block_helper.rb
- app/views/box_organizer/edit.html.erb
- test/integration/safe_strings_test.rb


Changes:

=====================================
app/helpers/block_helper.rb
=====================================

--- a/app/helpers/block_helper.rb
+++ b/app/helpers/block_helper.rb
@@ -28,7 +28,7 @@ module BlockHelper
       }</label></td>
       <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td>
     </tr>
-    "
+    ".html_safe
   end
 
 end


=====================================
app/views/box_organizer/edit.html.erb
=====================================
--- a/app/views/box_organizer/edit.html.erb
+++ b/app/views/box_organizer/edit.html.erb
@@ -1,5 +1,5 @@
 <div class="block-config-options <%= @block.class.name %>-options">
-  <h2 class="title"><%= _(@block.class.description) %></h2>
+  <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
 
   <%= form_tag(:action => 'save', :id => @block.id) do %>
 


=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -2,6 +2,14 @@ require_relative "../test_helper"
 
 class SafeStringsTest < ActionDispatch::IntegrationTest
 
+  def setup
+    @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
+    @user.activate
+    @person = user.person
+  end
+
+  attr_accessor :user, :person
+
   should 'not escape link to admins on profile page' do
     person = fast_create Person
     community = fast_create Community
@@ -135,4 +143,24 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
     }
   end
 
+  should 'not escape block title when edit a block' do
+    class OtherBlock < Block
+      def self.description
+        _("<p class='other-block'>Other Block</p>")
+      end
+    end
+    login user.login, 'test'
+    block = OtherBlock.new
+    person.boxes.first.blocks << block
+    get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+    assert_select '.block-config-options .other-block'
+  end
+
+  should 'not escape edit settings in highlight block' do
+    login user.login, 'test'
+    block = HighlightsBlock.new
+    person.boxes.first.blocks << block
+    get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+    assert_select '.block-config-options .image-data-line'
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/a6d617ca01f094ca799a7281cf0f1fdc3013487b...06e7258cfeafbd89df6c57798fb0d3f9ba37e416
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160509/81fc7649/attachment-0001.html>
