[Git][noosfero/noosfero][master] 3 commits: html_safe: avoid escaping block titles when edit
Joenio Costa
gitlab at mg.gitlab.com
Mon May 9 15:59:30 BRT 2016
Joenio Costa pushed to branch master at Noosfero / noosfero
Commits:
839e0c57 by Victor Costa at 2016-05-05T16:43:39-03:00
html_safe: avoid escaping block titles when edit
- - - - -
9cba9de7 by Victor Costa at 2016-05-05T16:51:16-03:00
html_safe: fix edition of highlights block
- - - - -
06e7258c by Joenio Costa at 2016-05-09T18:59:14+00:00
Merge branch 'html-safe-blocks' into 'master'
html_safe: fix edition of some blocks
See merge request !900
- - - - -
3 changed files:
- app/helpers/block_helper.rb
- app/views/box_organizer/edit.html.erb
- test/integration/safe_strings_test.rb
Changes:
=====================================
app/helpers/block_helper.rb
=====================================
--- a/app/helpers/block_helper.rb
+++ b/app/helpers/block_helper.rb
@@ -28,7 +28,7 @@ module BlockHelper
}</label></td>
<td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', data: {confirm: _('Are you sure you want to remove this highlight')})}</td>
</tr>
- "
+ ".html_safe
end
end
=====================================
app/views/box_organizer/edit.html.erb
=====================================
--- a/app/views/box_organizer/edit.html.erb
+++ b/app/views/box_organizer/edit.html.erb
@@ -1,5 +1,5 @@
<div class="block-config-options <%= @block.class.name %>-options">
- <h2 class="title"><%= _(@block.class.description) %></h2>
+ <h2 class="title"><%= _(@block.class.description).html_safe %></h2>
<%= form_tag(:action => 'save', :id => @block.id) do %>
=====================================
test/integration/safe_strings_test.rb
=====================================
--- a/test/integration/safe_strings_test.rb
+++ b/test/integration/safe_strings_test.rb
@@ -2,6 +2,14 @@ require_relative "../test_helper"
class SafeStringsTest < ActionDispatch::IntegrationTest
+ def setup
+ @user = create_user('safestring', :password => 'test', :password_confirmation => 'test')
+ @user.activate
+ @person = user.person
+ end
+
+ attr_accessor :user, :person
+
should 'not escape link to admins on profile page' do
person = fast_create Person
community = fast_create Community
@@ -135,4 +143,24 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
}
end
+ should 'not escape block title when edit a block' do
+ class OtherBlock < Block
+ def self.description
+ _("<p class='other-block'>Other Block</p>")
+ end
+ end
+ login user.login, 'test'
+ block = OtherBlock.new
+ person.boxes.first.blocks << block
+ get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+ assert_select '.block-config-options .other-block'
+ end
+
+ should 'not escape edit settings in highlight block' do
+ login user.login, 'test'
+ block = HighlightsBlock.new
+ person.boxes.first.blocks << block
+ get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
+ assert_select '.block-config-options .image-data-line'
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/a6d617ca01f094ca799a7281cf0f1fdc3013487b...06e7258cfeafbd89df6c57798fb0d3f9ba37e416
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160509/81fc7649/attachment-0001.html>
More information about the Noosfero-dev
mailing list