Avoid double-escaping diary entry titles #1348

Merged
merged 1 commit into from Oct 29, 2016
Jump to file or symbol
Failed to load files and symbols.
+8 −1
Diff settings

Always

Just for now

@@ -17,7 +17,7 @@ xml.rss("version" => "2.0",
@entries.each do |entry|
xml.item do
- xml.title h(entry.title)
+ xml.title entry.title
xml.link url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.guid url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.description entry.body.to_html
@@ -563,6 +563,13 @@ def test_rss_nonexisting_user
assert_response :not_found, "Should not be able to get a deleted users diary RSS"
end
+ def test_rss_character_escaping
+ create(:diary_entry, :title => "<script>")
+ get :rss, :format => :rss
+
+ assert_match "<title>&lt;script&gt;</title>", response.body
+ end
+
def test_view
# Try a normal entry that should work
diary_entry = create(:diary_entry, :user => users(:normal_user))