From cc94a76567589fe8f97239aa430295bc3ea79da2 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 1 Aug 2019 20:13:38 -0300 Subject: [PATCH] no permitir html en description ni title --- app/lib/core_extensions/string/strip_tags.rb | 12 ++++++++++++ app/models/site.rb | 9 +++++++++ config/initializers/core_extensions.rb | 3 +++ doc/crear_sitios.md | 6 +++--- test/models/site_test.rb | 9 +++++++++ 5 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 app/lib/core_extensions/string/strip_tags.rb create mode 100644 config/initializers/core_extensions.rb diff --git a/app/lib/core_extensions/string/strip_tags.rb b/app/lib/core_extensions/string/strip_tags.rb new file mode 100644 index 00000000..76e35f8b --- /dev/null +++ b/app/lib/core_extensions/string/strip_tags.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module CoreExtensions + module String + # Elimina el HTML + module StripTags + def strip_tags + ActionController::Base.helpers.strip_tags(self) + end + end + end +end diff --git a/app/models/site.rb b/app/models/site.rb index 6c537e0b..354e376a 100644 --- a/app/models/site.rb +++ b/app/models/site.rb @@ -41,6 +41,15 @@ class Site < ApplicationRecord accepts_nested_attributes_for :deploys, allow_destroy: true + # No permitir HTML en estos atributos + def title=(title) + super(title.strip_tags) + end + + def description=(description) + super(description.strip_tags) + end + # El repositorio git para este sitio def repository @repository ||= Site::Repository.new path diff --git a/config/initializers/core_extensions.rb b/config/initializers/core_extensions.rb new file mode 100644 index 00000000..2207fe85 --- /dev/null +++ b/config/initializers/core_extensions.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +String.include CoreExtensions::String::StripTags diff --git a/doc/crear_sitios.md b/doc/crear_sitios.md index a70173c4..7f6bd8af 100644 --- a/doc/crear_sitios.md +++ b/doc/crear_sitios.md @@ -218,7 +218,7 @@ tengamos tiempo de hacerlo realmente. * ver las estadisticas de compilaciĆ³n en lugar del log (el log tambiĆ©n) * comitear en git los articulos (igual no es de esta rama...) -* sanitizar titulo y descripcion, tambien escapar -* al crear el sitio incorporar politica de privacidad y codigo de - convivencia * link a visitar sitio +* editor de opciones +* forkear gemas +* que les usuaries elijan su propio idioma diff --git a/test/models/site_test.rb b/test/models/site_test.rb index b74daaf2..438ef820 100644 --- a/test/models/site_test.rb +++ b/test/models/site_test.rb @@ -76,4 +76,13 @@ class SiteTest < ActiveSupport::TestCase assert File.directory?(@site.path) assert_not File.directory?(path) end + + test 'no se puede guardar html en title y description' do + site = build :site + site.description = "hola" + site.title = "hola" + + assert_equal 'hola', site.description + assert_equal 'hola', site.title + end end