adds text_with_links helper and use that in any comment.body in views, adds test to check for malicious injections in comment body

2015-09-10 18:28:10 +02:00
parent f6246bf290
commit 31cf51f07a
11 changed files with 35 additions and 19 deletions
--- a/app/views/admin/comments/index.html.erb
+++ b/app/views/admin/comments/index.html.erb
@@ -9,7 +9,7 @@
    <li id="<%= dom_id(comment) %>">
      <div class="row">
        <div class="small-12 medium-8 column">
-          <%= comment.body %>
+          <%= text_with_links comment.body %>
          <%= link_to comment.commentable.title, comment.commentable %>
        </div>
        <div class="small-6 medium-4 column text-right">
--- a/app/views/admin/users/show.html.erb
+++ b/app/views/admin/users/show.html.erb
@@ -31,7 +31,7 @@
  <li id="<%= dom_id(comment) %>">
      <div class="row">
        <div class="small-12 medium-10 column">
-          <%= comment.body %>
+          <%= text_with_links comment.body %>
        </div>
      </div>
    </li>