[Git][noosfero/noosfero][cherry-pick-8be6cb6d] Merge branch 'html-escape-fixes' into 'master'
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Nov 18 16:51:09 BRST 2016
Rodrigo Souto pushed to branch cherry-pick-8be6cb6d at Noosfero / noosfero
Commits:
5d49ad25 by Rodrigo Souto at 2016-11-18T18:51:05+00:00
Merge branch 'html-escape-fixes' into 'master'
Html escape fixes
See merge request !1042
- - - - -
11 changed files:
- app/helpers/application_helper.rb
- app/helpers/forum_helper.rb
- app/views/content_viewer/_article_title.html.erb
- app/views/content_viewer/_display_compact_format.html.erb
- app/views/content_viewer/_publishing_info.html.erb
- app/views/content_viewer/forum_page.html.erb
- app/views/content_viewer/versioned_article.html.erb
- app/views/person_notifier/mailer/_default_activity.html.erb
- app/views/person_notifier/mailer/_task.html.erb
- app/views/person_notifier/mailer/_upload_image.html.erb
- public/designs/themes/profile-base/footer.html.erb
Changes:
=====================================
app/helpers/application_helper.rb
=====================================
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -720,7 +720,7 @@ module ApplicationHelper
),
:class => 'short-post'
)
- html
+ html.html_safe
end
def ui_icon(icon_class, extra_class = '')
@@ -857,7 +857,7 @@ module ApplicationHelper
result << render(:file => file, :use_full_path => false)
end
end
- result
+ result.html_safe
end
def manage_link(list, kind, title)
@@ -960,7 +960,7 @@ module ApplicationHelper
elsif page.reference_article
source_url = link_to(page.reference_article.profile.name, page.reference_article.url)
end
- content_tag(:div, _('Source: %s') % source_url, :id => 'article-source') unless source_url.nil?
+ content_tag(:div, _('Source: %s') % source_url.html_safe, :id => 'article-source') unless source_url.nil?
end
def task_information(task, params = {})
=====================================
app/helpers/forum_helper.rb
=====================================
--- a/app/helpers/forum_helper.rb
+++ b/app/helpers/forum_helper.rb
@@ -30,7 +30,7 @@ module ForumHelper
content << content_tag('tr',
content_tag('td', link_to(art.title, art.url), :class => "forum-post-title") +
content_tag('td', link_to(art.comments.count, art.url.merge(:anchor => 'comments_list')), :class => "forum-post-answers") +
- content_tag('td', last_topic_update(art), :class => "forum-post-last-answer"),
+ content_tag('td', last_topic_update(art).html_safe, :class => "forum-post-last-answer"),
:class => 'forum-post ' + css_add.join(' '),
:id => "post-#{art.id}"
)
=====================================
app/views/content_viewer/_article_title.html.erb
=====================================
--- a/app/views/content_viewer/_article_title.html.erb
+++ b/app/views/content_viewer/_article_title.html.erb
@@ -9,7 +9,7 @@
<%= render :partial => "publishing_info" %>
<% if @page.display_preview? %>
<div class="preview">
- <%= @page.lead %>
+ <%= @page.lead.html_safe %>
</div>
<% end %>
<% else %>
=====================================
app/views/content_viewer/_display_compact_format.html.erb
=====================================
--- a/app/views/content_viewer/_display_compact_format.html.erb
+++ b/app/views/content_viewer/_display_compact_format.html.erb
@@ -16,6 +16,6 @@
</div>
<% end %>
<div class = <%= className %> >
- <%= article.lead(400) %>
+ <%= article.lead(400).html_safe %>
</div>
</div>
=====================================
app/views/content_viewer/_publishing_info.html.erb
=====================================
--- a/app/views/content_viewer/_publishing_info.html.erb
+++ b/app/views/content_viewer/_publishing_info.html.erb
@@ -40,7 +40,7 @@
<% if @page.license.present? %>
<div id="article-license">
- <%= _('Licensed under %s') % (@page.license.url.present? ? link_to(@page.license.name, @page.license.url, :target => '_blank') : @page.license.name) %>
+ <%= _('Licensed under %s').html_safe % (@page.license.url.present? ? link_to(@page.license.name, @page.license.url, :target => '_blank') : @page.license.name) %>
</div>
<% end %>
</div>
=====================================
app/views/content_viewer/forum_page.html.erb
=====================================
--- a/app/views/content_viewer/forum_page.html.erb
+++ b/app/views/content_viewer/forum_page.html.erb
@@ -3,7 +3,7 @@
<div>
<div class='forum-description'>
- <%= @page.body %>
+ <%= (@page.body || '').html_safe %>
</div>
</div>
<hr class="pre-posts"/>
=====================================
app/views/content_viewer/versioned_article.html.erb
=====================================
--- a/app/views/content_viewer/versioned_article.html.erb
+++ b/app/views/content_viewer/versioned_article.html.erb
@@ -33,7 +33,7 @@
<div id='article-sub-header'>
<% if version_license.present? %>
<div id="article-license">
- <%= _('Licensed under %s') % (version_license.url.present? ? link_to(version_license.name, version_license.url, :target => '_blank') : version_license.name) %>
+ <%= _('Licensed under %s').html_safe % (version_license.url.present? ? link_to(version_license.name, version_license.url, :target => '_blank') : version_license.name) %>
</div>
<% end %>
</div>
=====================================
app/views/person_notifier/mailer/_default_activity.html.erb
=====================================
--- a/app/views/person_notifier/mailer/_default_activity.html.erb
+++ b/app/views/person_notifier/mailer/_default_activity.html.erb
@@ -6,7 +6,7 @@
<p>
<span style="font-size: 14px;">
<%= link_to activity.user.name, activity.user.url %>
- <%= describe activity %>
+ <%= describe(activity).html_safe %>
</span>
<span style="font-size: 10px; color: #929292; float: right;"><%= time_ago_in_words(activity.created_at) %></span>
</p>
=====================================
app/views/person_notifier/mailer/_task.html.erb
=====================================
--- a/app/views/person_notifier/mailer/_task.html.erb
+++ b/app/views/person_notifier/mailer/_task.html.erb
@@ -10,7 +10,7 @@
</div>
<div style="font-size: 14px">
<span style="font-size: 14px">
- <%= task_information(task) %>
+ <%= task_information(task).html_safe %>
</span>
<span style="font-size: 10px; color: #929292; float: right;"><%= time_ago_in_words(task.created_at) %></span>
</div>
=====================================
app/views/person_notifier/mailer/_upload_image.html.erb
=====================================
--- a/app/views/person_notifier/mailer/_upload_image.html.erb
+++ b/app/views/person_notifier/mailer/_upload_image.html.erb
@@ -4,7 +4,7 @@
</td>
<td>
<p>
- <span style="font-size: 14px;"><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></span>
+ <span style="font-size: 14px;"><%= link_to activity.user.name, activity.user.url %> <%= describe(activity).html_safe %></span>
<span style="font-size: 10px; color: #929292; float:right;"><%= time_ago_in_words(activity.created_at) %></span>
</p>
</td>
=====================================
public/designs/themes/profile-base/footer.html.erb
=====================================
--- a/public/designs/themes/profile-base/footer.html.erb
+++ b/public/designs/themes/profile-base/footer.html.erb
@@ -1,3 +1,6 @@
<div id="footer-content">
- <p><%= _('This site uses <a href="http://noosfero.org/">Noosfero</a>, developed by %s and licensed under the <a href="http://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</a> version 3 or any later version.') % link_to('Colivre', 'http://colivre.coop.br/').html_safe %></p>
+ <% noosfero_url = link_to("Noosfero", "http://noosfero.org/").html_safe %>
+ <% colivre_url = link_to('Colivre', 'http://colivre.coop.br/').html_safe %>
+ <% agpl_url = link_to("GNU Affero General Public License", "http://www.gnu.org/licenses/agpl.html").html_safe %>
+ <p><%= _("This site uses %{noosfero_url}, developed by %{colivre_url} and licensed under the %{agpl_url} version 3 or any later version." % {:noosfero_url => noosfero_url, :colivre_url => colivre_url, :agpl_url => agpl_url}) %></p>
</div>
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/5d49ad25f0619c8391fd85ee94d7a591e3c8d779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161118/18a2978e/attachment-0001.html>
More information about the Noosfero-dev
mailing list