Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixes #3138 - Article body gets updated/re-sanitized when updating other Article attribute.

Browse source
This commit is contained in:
Rolf Schmidt 2020-07-29 16:54:40 +02:00 committed by Thorsten Eckel
parent 3376037561
commit fe2174f0a8
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/concerns/checks_html_sanitized.rb
View file

@ -12,6 +12,8 @@ module ChecksHtmlSanitized
return true if html_attributes.blank? return true if html_attributes.blank?
html_attributes.each do |attribute| html_attributes.each do |attribute|
next if changes[attribute].blank?
value = send(attribute) value = send(attribute)
next if value.blank? next if value.blank?

18
spec/models/ticket/article_spec.rb
View file

@ -126,6 +126,24 @@ RSpec.describe Ticket::Article, type: :model do
<a href="https://example.com" rel="nofollow noreferrer noopener" target="_blank" title="https://example.com">foo</a> <a href="https://example.com" rel="nofollow noreferrer noopener" target="_blank" title="https://example.com">foo</a>
SANITIZED SANITIZED
end end
context 'when a sanitization attribute is present' do
# ATTENTION: We use `target` here because re-sanitization would change the order of attributes
let(:body) { '<a href="https://example.com" target="_blank">foo</a>' }
it 'adds sanitization attributes' do
expect(article.body).to eq(<<~SANITIZED.chomp)
<a href="https://example.com" rel="nofollow noreferrer noopener" target="_blank" title="https://example.com">foo</a>
SANITIZED
end
context 'when changing an unrelated attribute' do
it "doesn't re-sanitizes the body" do
expect { article.update!(message_id: 'test') }.not_to change { article.reload.body }
end
end
end
end end
context 'for all cases above, combined' do context 'for all cases above, combined' do