Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid double-escaping diary entry titles #1348

merged 1 commit into from Oct 29, 2016
Changes from all commits
File filter...
Filter file types
Jump to…
Jump to file
Failed to load files.


Just for now

@@ -17,7 +17,7 @@ xml.rss("version" => "2.0",

@entries.each do |entry|
xml.item do
xml.title h(entry.title)
xml.title entry.title url_for(:action => "view", :id =>, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.guid url_for(:action => "view", :id =>, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.description entry.body.to_html
@@ -563,6 +563,13 @@ def test_rss_nonexisting_user
assert_response :not_found, "Should not be able to get a deleted users diary RSS"

def test_rss_character_escaping
create(:diary_entry, :title => "<script>")
get :rss, :format => :rss

assert_match "<title>&lt;script&gt;</title>", response.body

def test_view
# Try a normal entry that should work
diary_entry = create(:diary_entry, :user => users(:normal_user))
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.