[Git][noosfero/noosfero][master] should not parse html of body and abstract display content plugin

Leandro Nunes gitlab at mg.gitlab.com
Thu May 19 16:55:51 BRT 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
68660d32 by Leandro Nunes dos Santos at 2016-05-19T16:55:22-03:00
should not parse html of body and abstract display content plugin

- - - - -


3 changed files:

- plugins/display_content/test/unit/display_content_block_test.rb
- plugins/display_content/views/blocks/display_content/_document.slim
- plugins/display_content/views/blocks/display_content/_section.slim


Changes:

=====================================
plugins/display_content/test/unit/display_content_block_test.rb
=====================================
--- a/plugins/display_content/test/unit/display_content_block_test.rb
+++ b/plugins/display_content/test/unit/display_content_block_test.rb
@@ -774,4 +774,63 @@ class DisplayContentBlockViewTest < ActionView::TestCase
     assert render_block_content(block).index(en_article.name).present?
     assert_nil render_block_content(block).index(pt_article.name)
   end
+
+  should 'not escape abstract html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, abstract: "<p class='test-article-abstract'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-abstract' }
+  end
+
+  should 'not raise if abstract of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.abstract
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
+  should 'not escape body html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, body: "<p class='test-article-body'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'body', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-body' }
+  end
+
+  should 'not raise if body of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.body
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
 end


=====================================
plugins/display_content/views/blocks/display_content/_document.slim
=====================================
--- a/plugins/display_content/views/blocks/display_content/_document.slim
+++ b/plugins/display_content/views/blocks/display_content/_document.slim
@@ -1,4 +1,4 @@
 li
   - unless item.folder? || item.class == RssFeed
     = render partial: 'blocks/display_content/section', collection: block.sections, locals: { block: block, item: item }
-    = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { |section| section[:value] == 'abstract' }, block: block }
\ No newline at end of file
+    = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { |section| section[:value] == 'abstract' }, block: block }


=====================================
plugins/display_content/views/blocks/display_content/_section.slim
=====================================
--- a/plugins/display_content/views/blocks/display_content/_section.slim
+++ b/plugins/display_content/views/blocks/display_content/_section.slim
@@ -8,10 +8,10 @@
       = link_to(h(item.title), item.url)
   - when 'abstract'
     div class='lead'
-      = item.abstract
+      = (item.abstract || '').html_safe
   - when 'body'
     div class='body'
-      = item.body
+      = (item.body || '').html_safe
   - when 'image'
     - unless item.image || item.image.public_filename
       div class='image'



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/68660d326afa1550ee5659c8edc49bf2faa9932e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160519/e150948c/attachment-0001.html>

More information about the Noosfero-dev mailing list