cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid double-escaping diary entry titles

Browse source 
The XML builder takes care of the escaping, and adding h() lead to
double-escaped titles in the RSS feed.
This commit is contained in:
Andy Allan 2016-10-29 16:54:42 +02:00
parent f7b4793c50
commit 4a9aa0a12e
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/diary_entry/rss.rss.builder
View file

@ -17,7 +17,7 @@ xml.rss("version" => "2.0",
@entries.each do |entry|
xml.item do
xml.title h(entry.title)
xml.title entry.title
xml.link url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.guid url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.description entry.body.to_html

7
test/controllers/diary_entry_controller_test.rb
View file

@ -563,6 +563,13 @@ class DiaryEntryControllerTest < ActionController::TestCase
assert_response :not_found, "Should not be able to get a deleted users diary RSS"
end
def test_rss_character_escaping
create(:diary_entry, :title => "<script>")
get :rss, :format => :rss
assert_match "<title>&lt;script&gt;</title>", response.body
end
def test_view
# Try a normal entry that should work
diary_entry = create(:diary_entry, :user => users(:normal_user))