[Git][noosfero/noosfero][stable-1.7] Merge branch 'forms_html_safe' into 'master'
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Feb 3 17:38:27 BRST 2017
Rodrigo Souto pushed to branch stable-1.7 at Noosfero / noosfero
Commits:
cd7eba84 by Rodrigo Souto at 2017-02-03T19:38:25+00:00
Merge branch 'forms_html_safe' into 'master'
Fixes escaped HTML in custom form submission page
Closes #249
See merge request !1107
- - - - -
1 changed file:
- plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
Changes:
=====================================
plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
=====================================
--- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/show_submission.html.erb
@@ -1,7 +1,7 @@
<div id="custom-forms-plugin_submission-view">
<h1><%= @form.name %></h1>
-<p><%= @form.description %></p>
+<p><%= @form.description.html_safe %></p>
<% sanitizer = ActionView::Base.white_list_sanitizer %>
@@ -35,10 +35,10 @@
answer.to_s.gsub("\n", '<br>')
else
content_tag :ul do
- answer.to_text_list.map {|a| content_tag :li, a }.join("\n")
+ answer.to_text_list.map {|a| content_tag :li, a }.join("\n").html_safe
end
end
- sanitizer.sanitize answer
+ sanitizer.sanitize(answer).html_safe
%></td>
</tr>
<% end %>
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/cd7eba847948e9f6ab76685fded9e24e2899b9de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20170203/cb46ab73/attachment-0001.html>
More information about the Noosfero-dev
mailing list