Commit 4f47de62 authored by Nathan Neulinger's avatar Nathan Neulinger

Stop sanitizing user 'name' when inserting into db

Add spec tests for encoding
parent 571c4f5a
......@@ -699,7 +699,7 @@ class User < ActiveRecord::Base
end
def sanitize_attrs
%w[name username skype linkedin twitter].each do |attr|
%w[username skype linkedin twitter].each do |attr|
value = public_send(attr)
public_send("#{attr}=", Sanitize.clean(value)) if value.present?
end
......
---
title: "Insert user name directly without encoding"
merge_request: 10085
author: Nathan Neulinger <nneul@neulinger.org>
......@@ -1159,6 +1159,18 @@ describe User, models: true do
end
end
describe '#sanitize_attrs' do
let(:user) { build(:user, name: 'test & user', skype: 'test&user') }
it 'encodes HTML entities in the Skype attribute' do
expect { user.sanitize_attrs }.to change { user.skype }.to('test&amp;user')
end
it 'does not encode HTML entities in the name attribute' do
expect { user.sanitize_attrs }.not_to change { user.name }
end
end
describe '#starred?' do
it 'determines if user starred a project' do
user = create :user
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment