cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'openstreetmap/pull/1348'

Browse source
This commit is contained in:
Tom Hughes 2016-10-29 16:26:16 +01:00
commit d478f94239
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/diary_entry/rss.rss.builder
View file

@ -17,7 +17,7 @@ xml.rss("version" => "2.0",
@entries.each do |entry| @entries.each do |entry|
xml.item do xml.item do
xml.title h(entry.title) xml.title entry.title
xml.link url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL) xml.link url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.guid url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL) xml.guid url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.description entry.body.to_html xml.description entry.body.to_html

7
test/controllers/diary_entry_controller_test.rb
View file

@ -563,6 +563,13 @@ class DiaryEntryControllerTest < ActionController::TestCase
assert_response :not_found, "Should not be able to get a deleted users diary RSS" assert_response :not_found, "Should not be able to get a deleted users diary RSS"
end end
def test_rss_character_escaping
create(:diary_entry, :title => "<script>")
get :rss, :format => :rss
assert_match "<title>&lt;script&gt;</title>", response.body
end
def test_view def test_view
# Try a normal entry that should work # Try a normal entry that should work
diary_entry = create(:diary_entry, :user => users(:normal_user)) diary_entry = create(:diary_entry, :user => users(:normal_user))