diff --git a/app/views/dashboard/mailing/new.html.erb b/app/views/dashboard/mailing/new.html.erb index 9cd2a34b5..1c24c2d91 100644 --- a/app/views/dashboard/mailing/new.html.erb +++ b/app/views/dashboard/mailing/new.html.erb @@ -1,7 +1,7 @@ <% content_for :action_title, t("dashboard.mailing.new.title") %>
- <%== Setting["proposals.email_description"] %> + <%= Setting["proposals.email_description"] %>
<%= render "mailing_options" %> diff --git a/app/views/dashboard/polls/index.html.erb b/app/views/dashboard/polls/index.html.erb index 031c0da4f..24c9fd82d 100644 --- a/app/views/dashboard/polls/index.html.erb +++ b/app/views/dashboard/polls/index.html.erb @@ -1,7 +1,7 @@ <% content_for :action_title, t("dashboard.polls.index.title") %>
- <%== Setting["proposals.poll_description"] %> + <%= Setting["proposals.poll_description"] %> <% if @polls.any? %>
diff --git a/app/views/dashboard/poster/new.html.erb b/app/views/dashboard/poster/new.html.erb index 893f05ff9..172b34f92 100644 --- a/app/views/dashboard/poster/new.html.erb +++ b/app/views/dashboard/poster/new.html.erb @@ -1,7 +1,7 @@ <% content_for :action_title, t("dashboard.poster.new.title") %>
- <%== Setting["proposals.poster_description"] %> + <%= Setting["proposals.poster_description"] %>
<%= render "poster_options" %> diff --git a/spec/features/xss_spec.rb b/spec/features/xss_spec.rb index adbd5b3b3..136f0e36a 100644 --- a/spec/features/xss_spec.rb +++ b/spec/features/xss_spec.rb @@ -60,6 +60,16 @@ describe "Cross-Site Scripting protection", :js do expect(page.text).not_to be_empty end + scenario "poll description setting in dashboard" do + Setting["proposals.poll_description"] = attack_code + proposal = create(:proposal) + + login_as(proposal.author) + visit proposal_dashboard_polls_path(proposal) + + expect(page.text).not_to be_empty + end + scenario "annotation context" do annotation = create(:legislation_annotation) annotation.update_column(:context, attack_code)