consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,242 Commits 1 Branch 0 Tags
9694def11a94de68b1bed47e2dcee4fe14c65eb4
Commit Graph

51 Commits

Author SHA1 Message Date
Javi Martín
7bf4e4d611 Sanitize descriptions in the views 
Sanitizing descriptions before saving a record has a few drawbacks:

1. It makes the application rely on data being safe in the database. If
somehow dangerous data enters the database, the application will be
vulnerable to XSS attacks
2. It makes the code complicated
3. It isn't backwards compatible; if we decide to disallow a certain
HTML tag in the future, we'd need to sanitize existing data.

On the other hand, sanitizing the data in the view means we don't need
to triple-check dangerous HTML has already been stripped when we see the
method `auto_link_already_sanitized_html`, since now every time we use
it we sanitize the text in the same line we call this method.

We could also sanitize the data twice, both when saving to the database
and when displaying values in the view. However, doing so wouldn't make
the application safer, since we sanitize text introduced through
textarea fields but we don't sanitize text introduced through input
fields.

Finally, we could also overwrite the `description` method so it
sanitizes the text. But we're already introducing Globalize which
overwrites that method, and overwriting it again is a bit too confusing
in my humble opinion. It can also lead to hard-to-debug behaviour.
 2019-10-21 21:32:02 +02:00
Julian Herrero
b78ff808c1 Use double quotes in app/views/debates 2019-03-19 12:16:50 +01:00
decabeza
3d6f75bb59 reverts hide tags on index views 2017-06-08 13:30:12 +02:00
decabeza
10d09686c3 removes tags list on index views 2017-06-05 13:39:42 +02:00
decabeza
c5c9efee16 removes redundant label on index views 2017-06-05 13:12:04 +02:00
Alberto Garcia Cabeza
82a06220b5 removes link on debates and proposals description 2016-12-07 17:31:41 +01:00
Alberto Garcia Cabeza
2c4b5315c8 removes blue blocks and improves contrast on debates 2016-11-02 13:07:26 +01:00
rgarcia
9e910a834b Displays badge for official positions 2016-06-20 21:37:25 +02:00
Alberto Garcia Cabeza
3ec0971b37 Replaces icons i tags for span 2016-03-14 19:32:48 +01:00
Alberto Garcia Cabeza
3752f3a53b Adds foundation 6 🎉 2016-02-26 19:33:33 +01:00
rgarcia
f82a590e1e reverts debate links 2016-02-19 19:08:35 +01:00
palomahnhp
2ee90ac76e share links to debate 2016-02-08 10:32:57 +01:00
kikito
6c5d1faa90 Uses the new field, erased_at, for erased users 2015-10-21 14:28:21 +02:00
rgarcia
aface2c89e tests that user has been hidden 2015-10-20 13:07:47 +02:00
Juanjo Bazán
2ffb22a249 Merge pull request #519 from AyuntamientoMadrid/fix-tagcloud-488 
Fix tagcloud
 2015-09-17 17:24:39 +02:00
Alberto Garcia Cabeza
56a72b9118 Adds author name and level on lists 2015-09-16 20:45:02 +02:00
kikito
d324c061b3 Refactors shared/_tags view to always take a param called taggable 2015-09-15 15:28:14 +02:00
Alberto Garcia Cabeza
d364d1bf7e Fixes styles for search results and filters 2015-09-11 13:58:33 +02:00
Alberto Garcia Cabeza
a61c006f7f Replaces bullet for bull 2015-09-09 20:33:21 +02:00
Juanjo Bazán
69cb070ce2 adds user's votes info to cache keys 2015-09-07 13:18:30 +02:00
kikito
9f970568ac Displays debate.created_at in debates#index 2015-09-04 12:16:11 +02:00
Juanjo Bazán
7246c181d5 adds cache to _debate view 2015-08-31 20:40:48 +02:00
Juanjo Bazán
dacbe27fda uses cache counter for debate's comments 2015-08-26 17:26:17 +02:00
Alberto Garcia Cabeza
570169af57 Changes icons classes names 2015-08-22 14:46:26 +02:00
David Gil
06d8c96d54 Limiting max number of tags shown on debate cards ~ issue#144 2015-08-12 16:26:41 +02:00
David Gil
19ef481917 adding counter_cache to comments children and WIPing on the issue 2015-08-12 14:58:36 +02:00
David Gil
44d4fa9fc4 order comments by the most recent first 2015-08-11 20:27:37 +02:00
rgarcia
4dd7e14ac4 moves featured debates to home page 2015-08-11 17:26:25 +02:00
Alberto Garcia Cabeza
f9e0dad7a2 Adds links on comments title 2015-08-11 12:00:54 +02:00
rgarcia
ae34be1ddd adds link to debate description 2015-08-06 15:50:36 +02:00
rgarcia
ec6d34a49f fixes conflicts 2015-08-06 13:42:57 +02:00
Alberto Garcia Cabeza
56f480d5c0 Improves CSS styles for votes 2015-08-06 12:53:19 +02:00
Alberto Garcia Cabeza
f0be767ae8 Updates styles for debates show 2015-08-06 12:42:41 +02:00
Alberto Garcia Cabeza
77ecf39852 Updates styles for debates index 2015-08-06 11:19:37 +02:00
rgarcia
fa5b678b69 fixes conflicts with master [#25] 2015-08-05 13:47:23 +02:00
rgarcia
5ce8db002b adds vote partial for debate index [#25] 2015-08-05 12:24:22 +02:00
kikito
fc4e67824b Merge branch 'master' into debates_description_html 
I removed the truncation from debates.description because
debates.description returns html

Conflicts:
	app/views/debates/_debate.html.erb
	app/views/debates/show.html.erb
 2015-08-04 19:07:20 +02:00
kikito
1fa4087bef Removes all the extra sanitisation from debates 
This makes the feature red
 2015-08-04 18:42:05 +02:00
Alberto Garcia Cabeza
4344bc121f Changes styles for debates index and debate show 2015-08-04 13:25:00 +02:00
Juanjo Bazán
08671414f2 removes hashrockets 2015-07-29 14:27:58 +02:00
rgarcia
1deecea0af adds wysiwyg to debate description 2015-07-28 21:46:01 +02:00
Enrique García
5860efe35d Merge pull request #46 from AyuntamientoMadrid/beautification 
Beautification
 2015-07-28 16:50:32 +02:00
Juanjo Bazán
e9c1910d7d adds i18n to debates' interface 2015-07-28 16:48:36 +02:00
rgarcia
1609f6970f displays debates next to each other 2015-07-28 13:55:15 +02:00
Alberto García Cabeza
c2c176db75 Improves styles for debates home 2015-07-27 21:20:20 +02:00
Alberto García Cabeza
f4c7b0edda Includes first styles for header and debates 2015-07-26 23:14:43 +02:00
rgarcia
12d35085e0 fixing conflicts [#8] 2015-07-18 17:30:31 +02:00
rgarcia
72bc790310 adds tags to debates [#8] 2015-07-18 17:24:16 +02:00
rgarcia
45094a86bc adds author to debates [#11] 2015-07-18 17:20:30 +02:00
rgarcia
e92174e107 adds author to debates [#11] 2015-07-18 14:49:22 +02:00