Stop event_commit_title from escaping its output
Return a non-html-safe, unescaped String instead of ActiveSupport::SafeBuffer to preserve safety when the output is misused. Currently there's oly one user, which does the right thing. Closes #23311
This commit is contained in:
parent
b56f093c2b
commit
4012c695cb
2 changed files with 18 additions and 1 deletions
|
@ -154,7 +154,7 @@ module EventsHelper
|
|||
end
|
||||
|
||||
def event_commit_title(message)
|
||||
escape_once(truncate(message.split("\n").first, length: 70))
|
||||
(message.split("\n").first || "").truncate(70)
|
||||
rescue
|
||||
"--broken encoding"
|
||||
end
|
||||
|
|
|
@ -62,4 +62,21 @@ describe EventsHelper do
|
|||
expect(helper.event_note(input)).to eq(expected)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#event_commit_title' do
|
||||
let(:message) { "foo & bar " + "A" * 70 + "\n" + "B" * 80 }
|
||||
subject { helper.event_commit_title(message) }
|
||||
|
||||
it "returns the first line, truncated to 70 chars" do
|
||||
is_expected.to eq(message[0..66] + "...")
|
||||
end
|
||||
|
||||
it "is not html-safe" do
|
||||
is_expected.not_to be_a(ActiveSupport::SafeBuffer)
|
||||
end
|
||||
|
||||
it "handles empty strings" do
|
||||
expect(helper.event_commit_title("")).to eq("")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue