From c294ce70ca2e63f3227422c8e9e285bad4915686 Mon Sep 17 00:00:00 2001 From: sebastiencarceles Date: Thu, 24 Nov 2022 14:04:33 +0100 Subject: [PATCH] fix: escape characters when showing page title --- app/views/layouts/application.html.haml | 2 +- spec/system/users/dossier_creation_spec.rb | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 62d58b0ec..b181ba6e0 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -7,7 +7,7 @@ = csrf_meta_tags %title - = content_for?(:title) ? "#{yield(:title)} · #{APPLICATION_NAME}" : APPLICATION_NAME + = content_for?(:title) ? "#{sanitize(yield(:title))} · #{APPLICATION_NAME}" : APPLICATION_NAME = favicon_link_tag(image_url("#{FAVICON_16PX_SRC}"), type: "image/png", sizes: "16x16") = favicon_link_tag(image_url("#{FAVICON_32PX_SRC}"), type: "image/png", sizes: "32x32") diff --git a/spec/system/users/dossier_creation_spec.rb b/spec/system/users/dossier_creation_spec.rb index 130cabaca..1ffb745e6 100644 --- a/spec/system/users/dossier_creation_spec.rb +++ b/spec/system/users/dossier_creation_spec.rb @@ -9,7 +9,8 @@ describe 'Creating a new dossier:' do end context 'when the procedure has identification by individual' do - let(:procedure) { create(:procedure, :published, :for_individual, :with_service, ask_birthday: ask_birthday) } + let(:libelle) { "[title] with characters to escape : '@*^$" } + let(:procedure) { create(:procedure, :published, :for_individual, :with_service, ask_birthday: ask_birthday, libelle: libelle) } let(:ask_birthday) { false } let(:expected_birthday) { nil } @@ -19,6 +20,7 @@ describe 'Creating a new dossier:' do expect(page).to have_current_path identite_dossier_path(user.reload.dossiers.last) expect(page).to have_procedure_description(procedure) + expect(page).to have_title(libelle) choose 'Monsieur' fill_in 'individual_nom', with: 'Nom'