diff --git a/app/assets/javascripts/banners.js b/app/assets/javascripts/banners.js index d69066c92..9ae732ee4 100644 --- a/app/assets/javascripts/banners.js +++ b/app/assets/javascripts/banners.js @@ -4,12 +4,12 @@ initialize: function() { $("[data-js-banner-title]").on({ change: function() { - $("#js-banner-title").html($(this).val()); + $("#js-banner-title").text($(this).val()); } }); $("[data-js-banner-description]").on({ change: function() { - $("#js-banner-description").html($(this).val()); + $("#js-banner-description").text($(this).val()); } }); $("[name='banner[background_color]']").on({ diff --git a/app/assets/javascripts/globalize.js b/app/assets/javascripts/globalize.js index a7757f520..c653bf627 100644 --- a/app/assets/javascripts/globalize.js +++ b/app/assets/javascripts/globalize.js @@ -77,9 +77,10 @@ update_description: function() { var count, description; count = App.Globalize.enabled_locales().length; - description = App.Globalize.language_description(count); - $(".js-languages-description").html(description); - $(".js-languages-count").text(count); + description = $(App.Globalize.language_description(count)).filter(".description").text(); + + $(".js-languages-description .description").text(description); + $(".js-languages-description .count").text(count); }, language_description: function(count) { switch (count) { diff --git a/app/assets/javascripts/markdown_editor.js b/app/assets/javascripts/markdown_editor.js index c0a587e31..7369c356f 100644 --- a/app/assets/javascripts/markdown_editor.js +++ b/app/assets/javascripts/markdown_editor.js @@ -33,10 +33,10 @@ editor.toggleClass("fullscreen"); $(".fullscreen-container").toggleClass("medium-8", "medium-12"); span = $(this).find("span"); - if (span.html() === span.data("open-text")) { - span.html(span.data("closed-text")); + if (span.text() === span.data("open-text")) { + span.text(span.data("closed-text")); } else { - span.html(span.data("open-text")); + span.text(span.data("open-text")); } if (editor.hasClass("fullscreen")) { App.MarkdownEditor.find_textarea(editor).height($(window).height() - 100); diff --git a/app/views/shared/_common_globalize_locales.html.erb b/app/views/shared/_common_globalize_locales.html.erb index e48aef1e5..7eed43d55 100644 --- a/app/views/shared/_common_globalize_locales.html.erb +++ b/app/views/shared/_common_globalize_locales.html.erb @@ -1,7 +1,7 @@
" - data-one-languages-description="<%= sanitize(t("shared.translations.languages_in_use", count: 1)) %>" - data-other-languages-description="<%= sanitize(t("shared.translations.languages_in_use", count: 2)) %>"> + data-zero-languages-description="<%= t("shared.translations.languages_in_use", count: 0) %>" + data-one-languages-description="<%= t("shared.translations.languages_in_use", count: 1) %>" + data-other-languages-description="<%= t("shared.translations.languages_in_use", count: 2) %>">
<%= selected_languages_description(resource) %> diff --git a/config/locales/en/general.yml b/config/locales/en/general.yml index b08677ab4..44b7c9358 100644 --- a/config/locales/en/general.yml +++ b/config/locales/en/general.yml @@ -806,9 +806,9 @@ en: remove_language: Remove language add_language: Add language languages_in_use: - zero: "0 languages in use" - one: "1 language in use" - other: "%{count} languages in use" + zero: "0 languages in use" + one: "1 language in use" + other: "%{count} languages in use" social: facebook: "%{org} Facebook" twitter: "%{org} Twitter" diff --git a/config/locales/es/general.yml b/config/locales/es/general.yml index 4b2391528..791d98cb1 100644 --- a/config/locales/es/general.yml +++ b/config/locales/es/general.yml @@ -803,9 +803,9 @@ es: remove_language: Eliminar idioma add_language: AƱadir idioma languages_in_use: - zero: "0 idiomas en uso" - one: "1 idioma en uso" - other: "%{count} idiomas en uso" + zero: "0 idiomas en uso" + one: "1 idioma en uso" + other: "%{count} idiomas en uso" social: facebook: "Facebook de %{org}" twitter: "Twitter de %{org}" diff --git a/spec/features/xss_spec.rb b/spec/features/xss_spec.rb index 71447c976..32114b89c 100644 --- a/spec/features/xss_spec.rb +++ b/spec/features/xss_spec.rb @@ -13,6 +13,18 @@ describe "Cross-Site Scripting protection", :js do expect(page.text).not_to be_empty end + scenario "edit banner" do + banner = create(:banner, title: attack_code) + + login_as(create(:administrator).user) + visit edit_admin_banner_path(banner) + + title_id = find_field("Title")[:id] + execute_script "document.getElementById('#{title_id}').dispatchEvent(new Event('change'))" + + expect(page.text).not_to be_empty + end + scenario "document title" do process = create(:legislation_process) create(:document, documentable: process, title: attack_code) @@ -49,6 +61,16 @@ describe "Cross-Site Scripting protection", :js do expect(page.text).not_to be_empty end + scenario "languages in use" do + I18nContent.create(key: "shared.translations.languages_in_use", value: attack_code) + + login_as(create(:administrator).user) + visit edit_admin_budget_path(create(:budget)) + click_link "Remove language" + + expect(page.text).not_to be_empty + end + scenario "proposal actions in dashboard" do proposal = create(:proposal)