[ARVADOS] created: 1.2.0-429-g76a085a63

Git user git at public.curoverse.com
Wed Nov 21 17:33:20 EST 2018


        at  76a085a633226223409e7d7a05982e7266b2594a (commit)


commit 76a085a633226223409e7d7a05982e7266b2594a
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date:   Wed Nov 21 19:32:23 2018 -0300

    14519: Fixes bug by sanitizing before passing through RedCloth.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>

diff --git a/apps/workbench/app/helpers/application_helper.rb b/apps/workbench/app/helpers/application_helper.rb
index 2b48d74b2..a1d8bb4d2 100644
--- a/apps/workbench/app/helpers/application_helper.rb
+++ b/apps/workbench/app/helpers/application_helper.rb
@@ -16,7 +16,7 @@ module ApplicationHelper
   end
 
   def render_markup(markup)
-    sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile))) if markup
+    raw(RedCloth.new(sanitize(markup.to_s)).to_html(:refs_arvados, :textile)) if markup
   end
 
   def human_readable_bytes_html(n)

commit 2d3f0ae195c48ee497f941180bcb1138df43cec2
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date:   Wed Nov 21 19:31:51 2018 -0300

    14519: Test exposing the regression
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>

diff --git a/apps/workbench/test/controllers/collections_controller_test.rb b/apps/workbench/test/controllers/collections_controller_test.rb
index 3ff02a82a..8be826013 100644
--- a/apps/workbench/test/controllers/collections_controller_test.rb
+++ b/apps/workbench/test/controllers/collections_controller_test.rb
@@ -340,6 +340,24 @@ class CollectionsControllerTest < ActionController::TestCase
     assert_equal 'value_1', assigns(:object).properties[:property_1]
   end
 
+  # Tests #14519
+  test "textile table on description renders as table html markup" do
+    use_token :active
+    col = api_fixture("collections")["collection_owned_by_active"]
+    textile_table = <<-EOT
+    table(table table-striped table-condensed).
+    |_. First Header |_. Second Header |
+    |Content Cell |Content Cell |
+    |Content Cell |Content Cell |
+    EOT
+    found = Collection.find(col["uuid"])
+    found.description = textile_table
+    found.save!
+    get(:show, {id: col["uuid"]}, session_for(:active))
+    assert_includes @response.body, '<th>First Header'
+    assert_includes @response.body, '<td>Content Cell'
+  end
+
   test "update description and check manifest_text is not lost" do
     collection = api_fixture("collections")["multilevel_collection_1"]
     post :update, {

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list