Commit db91caf2 authored by Joenio Costa's avatar Joenio Costa

not escape HTML on LinkListBlock edition

parent d2753ec3
Pipeline #3146918 failed with stage
in 161 minutes and 38 seconds
...@@ -81,10 +81,8 @@ class LinkListBlock < Block ...@@ -81,10 +81,8 @@ class LinkListBlock < Block
end end
end end
def icons_options def icons
ICONS.map do |i| ICONS
"<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe
end
end end
end end
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
<%= hidden_field_tag 'block[links][][icon]', icon %> <%= hidden_field_tag 'block[links][][icon]', icon %>
<span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span> <span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span>
<div class="icon-selector" style='display:none;'> <div class="icon-selector" style='display:none;'>
<%= @block.icons_options.join %> <% @block.icons.map do |i| %>
<%= content_tag('span', '', :title => i[1], :class => "icon-#{i[0]}", :onclick => "changeIcon(this, '#{i[0]}')") %>
<% end %>
</div> </div>
</div> </div>
...@@ -163,4 +163,16 @@ class SafeStringsTest < ActionDispatch::IntegrationTest ...@@ -163,4 +163,16 @@ class SafeStringsTest < ActionDispatch::IntegrationTest
get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id) get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
assert_select '.block-config-options .image-data-line' assert_select '.block-config-options .image-data-line'
end end
should 'not escape icons options editing link_list block' do
create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
profile = Person['jimi']
login 'jimi', 'test'
profile.blocks.each(&:destroy)
profile.boxes.first.blocks << LinkListBlock.new
block = profile.boxes.first.blocks.first
get "/myprofile/#{profile.identifier}/profile_design/edit/#{block.id}"
assert_select '.icon-selector .icon-edit'
end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment