adds text_with_links helper and use that in any comment.body in views, adds test to check for malicious injections in comment body

2015-09-10 18:28:10 +02:00
parent f6246bf290
commit 31cf51f07a
11 changed files with 35 additions and 19 deletions
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -63,17 +63,17 @@
          </div>

          <% if comment.as_administrator? %>
-            <p class="comment-user is-admin"><%= comment.body %></p>
+            <p class="comment-user is-admin"><%= text_with_links comment.body %></p>
          <% elsif comment.as_moderator? %>
-            <p class="comment-user is-moderator"><%= comment.body %></p>
+            <p class="comment-user is-moderator"><%= text_with_links comment.body %></p>
          <% elsif comment.user.official? && comment.user_id == @commentable.author_id %>
-            <p class="comment-user level-<%= comment.user.official_level %> is-author"><%= comment.body %></p>
+            <p class="comment-user level-<%= comment.user.official_level %> is-author"><%= text_with_links comment.body %></p>
          <% elsif comment.user.official? %>
-            <p class="comment-user level-<%= comment.user.official_level %>"><%= comment.body %></p>
+            <p class="comment-user level-<%= comment.user.official_level %>"><%= text_with_links comment.body %></p>
          <% elsif comment.user_id == @commentable.author_id %>
-            <p class="comment-user is-author"><%= comment.body %></p>
+            <p class="comment-user is-author"><%= text_with_links comment.body %></p>
          <% else %>
-            <p class="comment-user"><%= comment.body %></p>
+            <p class="comment-user"><%= text_with_links comment.body %></p>
          <% end %>
          <span id="<%= dom_id(comment) %>_votes" class="comment-votes right">
            <%= render 'comments/votes', comment: comment %>
@@ -101,4 +101,4 @@
      </div>
    </div>
  </div>
-<% end %>
+<% end %>