@@ -12,4 +12,4 @@ = link_to_function 'Available Tags', "load_tag_reference('#{page_part.name.to_slug}');" = render_region :part_controls, :locals => {:page_part => page_part} %div - ~ text_area_tag 'page[parts][][content]', page_part.content, :class => "textarea", :style => "width: 100%", :id => "part_#{page_part.name.to_slug}_content" \ No newline at end of file + ~ text_area_tag 'page[parts][][content]', h(page_part.content), :class => "textarea", :style => "width: 100%", :id => "part_#{page_part.name.to_slug}_content" \ No newline at end of file app/views/admin/page_parts/_page_part.html.haml @@ -34,6 +34,12 @@ describe 'Page management' do response.should have_text(/Under Construction/) end + it "should properly escape part contents" do + navigate_to '/admin/pages/new' + submit_form 'new_page', :continue => 'Save and Continue', :page => {:title => 'My Site', :slug => '/', :breadcrumb => 'My Site', :parts => [{:name => 'body', :content => '<r:url />'}], :status_id => Status[:published].id} + response.should have_tag('textarea', :text => "<r:url />") + end + describe 'with homepage' do dataset :home_page spec/integration/admin/pages_integration_spec.rb e88f129a9cb441bb0429b68a4767fa65b9a5c430 Sean Cribbs seancribbs@gmail.com http://github.com/radiant/radiant/commit/300ffd5b535c7e3ee5981213c176396889e7c920 300ffd5b535c7e3ee5981213c176396889e7c920 2009-02-12T15:37:57-08:00 2009-02-12T15:37:57-08:00 Properly escape page part contents in the UI. 1b22bce3c790f12355e883107ebd04ca3e7dfd60 Sean Cribbs seancribbs@gmail.com