Stop sanitizing user 'name' when inserting into db

Add spec tests for encoding
2017-04-10 08:02:31 -05:00 · 2017-04-10 08:02:31 -05:00 · 4f47de62b4
parent 571c4f5a4f
commit 4f47de62b4
3 changed files with 17 additions and 1 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -699,7 +699,7 @@ class User < ActiveRecord::Base
  end

  def sanitize_attrs
-    %w[name username skype linkedin twitter].each do |attr|
+    %w[username skype linkedin twitter].each do |attr|
      value = public_send(attr)
      public_send("#{attr}=", Sanitize.clean(value)) if value.present?
    end
--- a/changelogs/unreleased/10085-stop-encoding-user-name.yml
+++ b/changelogs/unreleased/10085-stop-encoding-user-name.yml
@ -0,0 +1,4 @@
+---
+title: "Insert user name directly without encoding"
+merge_request: 10085
+author: Nathan Neulinger <nneul@neulinger.org>
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -1159,6 +1159,18 @@ describe User, models: true do
    end
  end

+  describe '#sanitize_attrs' do
+    let(:user) { build(:user, name: 'test & user', skype: 'test&user') }
+
+    it 'encodes HTML entities in the Skype attribute' do
+      expect { user.sanitize_attrs }.to change { user.skype }.to('test&amp;user')
+    end
+
+    it 'does not encode HTML entities in the name attribute' do
+      expect { user.sanitize_attrs }.not_to change { user.name }
+    end
+  end
+
  describe '#starred?' do
    it 'determines if user starred a project' do
      user = create :user