[Git][noosfero/noosfero][master] 2 commits: Fix html escape when send contact message

Leandro Nunes gitlab at mg.gitlab.com
Thu Nov 3 12:22:52 BRST 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
3c6d5d25 by Victor Costa at 2016-11-03T10:33:55-03:00
Fix html escape when send contact message

- - - - -
b75d93a0 by Leandro Nunes at 2016-11-03T14:18:52+00:00
Merge branch 'fix_mail_escape' into 'master'

Fix html escape when send contact message

See merge request !1040
- - - - -


2 changed files:

- app/views/contact/sender/notification.html.erb
- test/unit/contact_test.rb


Changes:

=====================================
app/views/contact/sender/notification.html.erb
=====================================
--- a/app/views/contact/sender/notification.html.erb
+++ b/app/views/contact/sender/notification.html.erb
@@ -16,7 +16,7 @@
     </ul>
     <hr/>
     <%= content_tag('b', _('Message:')) %>
-    <p><%= word_wrap(@message) %></p>
+    <p><%= word_wrap(@message).html_safe %></p>
 
     --<br/>
     <%= _('Greetings,') %><br/>
@@ -24,4 +24,3 @@
     <%= @url %>
   </body>
 </html>
-


=====================================
test/unit/contact_test.rb
=====================================
--- a/test/unit/contact_test.rb
+++ b/test/unit/contact_test.rb
@@ -68,4 +68,11 @@ class ContactTest < ActiveSupport::TestCase
     assert_equal c.email, email.reply_to.first.to_s
   end
 
+  should 'not escape html tags in message' do
+    ent = fast_create(Enterprise, :name => 'my enterprise', :identifier => 'myent')
+    c = Contact.new(:name => 'john', :email => 'john at invalid.com', :subject => 'hi', :message => '<b>hi, all</b>', :dest => ent)
+    email = c.deliver
+    assert_match /<b>hi, all<\/b>/, email.body.to_s
+  end
+
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/6e225ea059b2c993164c5969ae3e177b9ec1464a...b75d93a092f3d5b2eca67922f9af17b6f6d726fd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161103/e0236156/attachment-0001.html>

More information about the Noosfero-dev mailing list