Fixes #722 - Disable auto_link sanitize to support HTML tags in

description note.
ucsdlib · Nov 6, 2019 · 6f8cf10 · 6f8cf10
1 parent cd604cb
commit 6f8cf10
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 3 deletions.
diff --git a/app/views/shared/fields/_note.html.erb b/app/views/shared/fields/_note.html.erb
@@ -71,8 +71,10 @@
 
     notes.each do |key, noteList|
       key = 'Publication Information' if key == 'Publication'
-
-
+
+      # Don't sanitize description notes that need to display html contents
+      sanitizeHtmlTags = key == 'Description' ? false : true
+
       # if no type is provided, use types from note json
       if type == nil 
         htmlOpen = htmlOpenTemp
@@ -89,7 +91,7 @@
         <% if note['displayLabel'] == 'event id' %>
           <%= link_to note['value'], catalog_index_path({'f[event_ssi][]' => note['value']}) %>
         <% else %>
-          <%= auto_link(note['value'].gsub('""', '"').gsub("\n","<br/>"))%>
+          <%= auto_link(note['value'].gsub('""', '"').gsub('\n','<br/>'), :sanitize => sanitizeHtmlTags)%>
         <% end %>
       </p>
       <%

diff --git a/spec/features/dams_object_spec.rb b/spec/features/dams_object_spec.rb
@@ -1787,4 +1787,58 @@
     visit dams_object_path @rdcpObj.pid
     expect(page).to have_content('the CC license requires written permission of UC San Diego.')
   end
+end
+
+describe "Object with description note containing HTML tags" do
+  let(:html_note_value) { 'Description note with HTML tags <table><tr><th>Cell Type</th><th>% intense</th></tr></table> embedded.' }
+
+  before(:all) do
+    @noteDescription = { type: "description", value: 'Description note with HTML tags <table><tr><th>Cell Type</th><th>% intense</th></tr></table> embedded.' }
+    @noteOther = { type: "note", value: 'Other note with HTML tags <table><tr><th>Cell Type</th><th>% intense</th></tr></table> embedded.' }
+    @title = 'Object Test with HTML tag in note'
+    @col = DamsAssembledCollection.create( titleValue: 'Test Collection', visibility: 'public' )
+    @obj = DamsObject.create( titleValue: @title, copyright_attributes: [ {status: 'Public domain'} ],
+                              assembledCollectionURI: [ @col.pid ], typeOfResource: 'image', note_attributes: [@noteDescription] )
+
+    solr_index @col.pid
+    solr_index @obj.pid
+  end
+
+  after(:all) do
+    @col.delete
+    @obj.delete
+  end
+
+  scenario 'it should retain the HTML tags for description note' do
+    sign_in_developer
+    visit dams_object_path @obj.pid
+    expect(page).to have_selector('p', text: html_note_value)
+  end
+end
+
+describe "Object with other note containing HTML tags" do
+  let(:html_note_value) { 'Other note with HTML tags <table><tr><th>Cell Type</th><th>% intense</th></tr></table> embedded.' }
+
+  before(:all) do
+    @note = { type: "note", value: 'Other note with HTML tags <table><tr><th>Cell Type</th><th>% intense</th></tr></table> embedded.' }
+    @title = 'Object Test with HTML tag in note'
+    @col = DamsAssembledCollection.create( titleValue: 'Test Collection', visibility: 'public' )
+    @obj = DamsObject.create( titleValue: @title, copyright_attributes: [ {status: 'Public domain'} ],
+                              assembledCollectionURI: [ @col.pid ], typeOfResource: 'image', note_attributes: [@note] )
+
+    solr_index @col.pid
+    solr_index @obj.pid
+  end
+
+  after(:all) do
+    @col.delete
+    @obj.delete
+  end
+
+  scenario 'it should sanitize the HTML tags for notes other than description note' do
+    sign_in_developer
+    visit dams_object_path @obj.pid
+    expect(page).not_to have_selector('p', text: html_note_value)
+    expect(page).to have_selector('p', text: 'Other note with HTML tags Cell Type% intense embedded.')
+  end
 end