[Git][noosfero/noosfero][master] 2 commits: Fix html escape in forum visualization

Leandro Nunes gitlab at mg.gitlab.com
Fri Nov 4 12:58:44 BRST 2016 

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
5f77c31d by Victor Costa at 2016-11-04T08:59:05-03:00
Fix html escape in forum visualization

- - - - -
575bc84b by Leandro Nunes at 2016-11-04T14:56:39+00:00
Merge branch 'fix-forum-escape' into 'master'

Fix html escape in forum visualization

See merge request !1041
- - - - -


2 changed files:

- app/helpers/forum_helper.rb
- test/unit/forum_helper_test.rb


Changes:

=====================================
app/helpers/forum_helper.rb
=====================================
--- a/app/helpers/forum_helper.rb
+++ b/app/helpers/forum_helper.rb
@@ -41,7 +41,7 @@ module ForumHelper
   def last_topic_update(article)
     info = article.info_from_last_update
     if info[:author_url]
-      time_ago_in_words(info[:date]) + ' ' + _('by') + ' ' + link_to(info[:author_name], info[:author_url])
+      (time_ago_in_words(info[:date]) + ' ' + _('by') + ' ' + link_to(info[:author_name], info[:author_url])).html_safe
     else
       time_ago_in_words(info[:date]) + ' ' + _('by') + ' ' + info[:author_name]
     end


=====================================
test/unit/forum_helper_test.rb
=====================================
--- a/test/unit/forum_helper_test.rb
+++ b/test/unit/forum_helper_test.rb
@@ -73,6 +73,13 @@ class ForumHelperTest < ActionView::TestCase
     assert_match(/#{result} by John/m, last_topic_update(some_post))
   end
 
+  should "not escape html in last topic update" do
+    person = create_user('john').person
+    some_post = create(TextArticle, name: 'First post', profile: profile, parent: forum, published: true)
+    some_post.comments << build(Comment, author: person, title: 'test', body: 'test')
+    assert_tag_in_string list_forum_posts(forum.posts), tag: 'a', content: 'john'
+  end
+
   protected
 
   include NoosferoTestHelper



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/b75d93a092f3d5b2eca67922f9af17b6f6d726fd...575bc84b483feaa06a63bc5ad493c10aaafdb6c3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161104/e3750bab/attachment-0001.html>

More information about the Noosfero-dev mailing list