[Git][noosfero/noosfero][master] 2 commits: Unescapes HTML in custom form submission page
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Feb 3 17:38:17 BRST 2017
Rodrigo Souto pushed to branch master at Noosfero / noosfero
Commits:
f8fb00e1 by Gabriel Silva at 2017-02-03T09:33:21+00:00
Unescapes HTML in custom form submission page
Signed-off-by: Gabriel Silva <gabriel93.silva at gmail.com>
- - - - -
f09a7bc9 by Rodrigo Souto at 2017-02-03T19:38:13+00:00
Merge branch 'forms_html_safe' into 'master'
Fixes escaped HTML in custom form submission page
Closes #249
See merge request !1107
- - - - -
1 changed file:
- plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
Changes:
=====================================
plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
@@ -1,7 +1,7 @@
<div id="custom-forms-plugin_submission-view">
<h1><%= @form.name %></h1>
-<p><%= @form.description %></p>
+<p><%= @form.description.html_safe %></p>
<% sanitizer = ActionView::Base.white_list_sanitizer %>
@@ -35,10 +35,10 @@
answer.to_s.gsub("\n", '<br>')
else
content_tag :ul do
- answer.to_text_list.map {|a| content_tag :li, a }.join("\n")
+ answer.to_text_list.map {|a| content_tag :li, a }.join("\n").html_safe
end
end
- sanitizer.sanitize answer
+ sanitizer.sanitize(answer).html_safe
%></td>
</tr>
<% end %>
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/3141f3d36bb311f7733b978e143885bb642bac67...f09a7bc99056a01ec1a804f4f379a533a36e345c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20170203/49ae1ccd/attachment-0001.html>
More information about the Noosfero-dev
mailing list