Stop sanitizing user 'name' when inserting into db
Add spec tests for encoding
This commit is contained in:
parent
571c4f5a4f
commit
4f47de62b4
3 changed files with 17 additions and 1 deletions
|
@ -699,7 +699,7 @@ class User < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def sanitize_attrs
|
||||
%w[name username skype linkedin twitter].each do |attr|
|
||||
%w[username skype linkedin twitter].each do |attr|
|
||||
value = public_send(attr)
|
||||
public_send("#{attr}=", Sanitize.clean(value)) if value.present?
|
||||
end
|
||||
|
|
4
changelogs/unreleased/10085-stop-encoding-user-name.yml
Normal file
4
changelogs/unreleased/10085-stop-encoding-user-name.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: "Insert user name directly without encoding"
|
||||
merge_request: 10085
|
||||
author: Nathan Neulinger <nneul@neulinger.org>
|
|
@ -1159,6 +1159,18 @@ describe User, models: true do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#sanitize_attrs' do
|
||||
let(:user) { build(:user, name: 'test & user', skype: 'test&user') }
|
||||
|
||||
it 'encodes HTML entities in the Skype attribute' do
|
||||
expect { user.sanitize_attrs }.to change { user.skype }.to('test&user')
|
||||
end
|
||||
|
||||
it 'does not encode HTML entities in the name attribute' do
|
||||
expect { user.sanitize_attrs }.not_to change { user.name }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#starred?' do
|
||||
it 'determines if user starred a project' do
|
||||
user = create :user
|
||||
|
|
Loading…
Reference in a new issue