Skip to content

G
gitlab-ce
Commit d6b60e83 authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre
Browse files
Options

Move `unescape_html_entities` from LabelsHelper to Label model

parent ab811b6a
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 19 deletions
app/helpers/labels_helper.rb
View file @ d6b60e83
module LabelsHelper module LabelsHelper
include ActionView::Helpers::TagHelper include ActionView::Helpers::TagHelper
TABLE_FOR_ESCAPE_HTML_ENTITIES = {
'&' => '&',
'<' => '&lt;',
'>' => '&gt;'
}
# Link to a Label # Link to a Label
# #
# label - Label object to link to # label - Label object to link to
...@@ -136,11 +130,7 @@ module LabelsHelper ...@@ -136,11 +130,7 @@ module LabelsHelper
label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe' label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe'
end end
def unescape_html_entities(value)
value.to_s.gsub(/(&gt;)|(&lt;)|(&amp;)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert)
end
# Required for Banzai::Filter::LabelReferenceFilter # Required for Banzai::Filter::LabelReferenceFilter
module_function :render_colored_label, :render_colored_cross_project_label, module_function :render_colored_label, :render_colored_cross_project_label,
:text_color_for_bg, :escape_once, :unescape_html_entities :text_color_for_bg, :escape_once
end end
app/models/label.rb
View file @ d6b60e83
...@@ -10,6 +10,12 @@ class Label < ActiveRecord::Base ...@@ -10,6 +10,12 @@ class Label < ActiveRecord::Base
DEFAULT_COLOR = '#428BCA' DEFAULT_COLOR = '#428BCA'
TABLE_FOR_ESCAPE_HTML_ENTITIES = {
'&' => '&amp;',
'<' => '&lt;',
'>' => '&gt;'
}
default_value_for :color, DEFAULT_COLOR default_value_for :color, DEFAULT_COLOR
belongs_to :project belongs_to :project
...@@ -134,6 +140,10 @@ class Label < ActiveRecord::Base ...@@ -134,6 +140,10 @@ class Label < ActiveRecord::Base
end end
def sanitize_title(value) def sanitize_title(value)
LabelsHelper.unescape_html_entities(Sanitize.clean(value.to_s)) unescape_html_entities(Sanitize.clean(value.to_s))
end
def unescape_html_entities(value)
value.to_s.gsub(/(&gt;)|(&lt;)|(&amp;)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert)
end end
end end
lib/banzai/filter/label_reference_filter.rb
View file @ d6b60e83
...@@ -68,7 +68,7 @@ module Banzai ...@@ -68,7 +68,7 @@ module Banzai
end end
def unescape_html_entities(text) def unescape_html_entities(text)
LabelsHelper.unescape_html_entities(text) text.to_s.gsub(/(&gt;)|(&lt;)|(&amp;)/, Label::TABLE_FOR_ESCAPE_HTML_ENTITIES.invert)
end end
end end
end end
......
spec/helpers/labels_helper_spec.rb
View file @ d6b60e83
...@@ -77,10 +77,4 @@ describe LabelsHelper do ...@@ -77,10 +77,4 @@ describe LabelsHelper do
expect(text_color_for_bg('#000')).to eq '#FFFFFF' expect(text_color_for_bg('#000')).to eq '#FFFFFF'
end end
end end
describe 'unescape_html_entities' do
it 'decodes &, <, and > named entities' do
expect(unescape_html_entities('foo &amp; bar &lt; zoo &gt; boo &eacute;')).to eq 'foo & bar < zoo > boo &eacute;'
end
end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7