Commit db91caf2 authored by Joenio Costa's avatar Joenio Costa

not escape HTML on LinkListBlock edition

parent d2753ec3
Pipeline #3146918 failed with stage
in 161 minutes and 38 seconds
......@@ -81,10 +81,8 @@ class LinkListBlock < Block
end
end
def icons_options
ICONS.map do |i|
"<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe
end
def icons
ICONS
end
end
......@@ -2,6 +2,8 @@
<%= hidden_field_tag 'block[links][][icon]', icon %>
<span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span>
<div class="icon-selector" style='display:none;'>
<%= @block.icons_options.join %>
<% @block.icons.map do |i| %>
<%= content_tag('span', '', :title => i[1], :class => "icon-#{i[0]}", :onclick => "changeIcon(this, '#{i[0]}')") %>
<% end %>
</div>
</div>
......@@ -163,4 +163,16 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
assert_select '.block-config-options .image-data-line'
end
should 'not escape icons options editing link_list block' do
create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
profile = Person['jimi']
login 'jimi', 'test'
profile.blocks.each(&:destroy)
profile.boxes.first.blocks << LinkListBlock.new
block = profile.boxes.first.blocks.first
get "/myprofile/#{profile.identifier}/profile_design/edit/#{block.id}"
assert_select '.icon-selector .icon-edit'
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment