FIX: OpenGraph tags not fully sanitized

This commit is contained in:
Régis Hanol 2013-03-22 12:32:56 +01:00
parent 664915fcd2
commit 2ab08ef21d
2 changed files with 9 additions and 3 deletions

View file

@ -1,8 +1,9 @@
# Summarize a HTML field into regular text. Used currently # Summarize a HTML field into regular text. Used currently
# for meta tags # for meta tags
require 'sanitize'
class Summarize class Summarize
include ActionView::Helpers
def initialize(text) def initialize(text)
@text = text @text = text
@ -15,7 +16,7 @@ class Summarize
def summary def summary
return nil if @text.blank? return nil if @text.blank?
result = sanitize(@text, tags: [], attributes: []) result = Sanitize.clean(@text)
result.gsub!(/\n/, ' ') result.gsub!(/\n/, ' ')
result.strip! result.strip!

View file

@ -15,6 +15,11 @@ describe Summarize do
Summarize.new("hello <b>robin</b>").summary.should == "hello robin" Summarize.new("hello <b>robin</b>").summary.should == "hello robin"
end end
it "removes doctype entries" do
# this is not valid html but this is just testing DOCTYPE entries
Summarize.new("<!DOCTYPE html>Discourse").summary.should == "Discourse"
end
it "strips leading and trailing space" do it "strips leading and trailing space" do
Summarize.new("\t \t hello \t ").summary.should == "hello" Summarize.new("\t \t hello \t ").summary.should == "hello"
end end