##// END OF EJS Templates
jro_apps » redmine
RSS
Text in the "removed" part of a diff is double-escaped (#22115)....
Jean-Philippe Lang -
r14905:25eb92c0dc33
parent child
Show More
Side by Side Unified
Context file:
r14905:25eb92c0dc33 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,75 +1,77
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require 'diff'
18 require 'diff'
19
19
20 module Redmine
20 module Redmine
21 module Helpers
21 module Helpers
22 class Diff
22 class Diff
23 include ERB::Util
23 include ERB::Util
24 include ActionView::Helpers::TagHelper
24 include ActionView::Helpers::TagHelper
25 include ActionView::Helpers::TextHelper
25 include ActionView::Helpers::TextHelper
26 include ActionView::Helpers::OutputSafetyHelper
26 attr_reader :diff, :words
27 attr_reader :diff, :words
27
28
28 def initialize(content_to, content_from)
29 def initialize(content_to, content_from)
29 @words = content_to.to_s.split(/(\s+)/)
30 @words = content_to.to_s.split(/(\s+)/)
30 @words = @words.select {|word| word != ' '}
31 @words = @words.select {|word| word != ' '}
31 words_from = content_from.to_s.split(/(\s+)/)
32 words_from = content_from.to_s.split(/(\s+)/)
32 words_from = words_from.select {|word| word != ' '}
33 words_from = words_from.select {|word| word != ' '}
33 @diff = words_from.diff @words
34 @diff = words_from.diff @words
34 end
35 end
35
36
36 def to_html
37 def to_html
37 words = self.words.collect{|word| h(word)}
38 words = self.words.collect{|word| h(word)}
38 words_add = 0
39 words_add = 0
39 words_del = 0
40 words_del = 0
40 dels = 0
41 dels = 0
41 del_off = 0
42 del_off = 0
42 diff.diffs.each do |diff|
43 diff.diffs.each do |diff|
43 add_at = nil
44 add_at = nil
44 add_to = nil
45 add_to = nil
45 del_at = nil
46 del_at = nil
46 deleted = ""
47 deleted = ""
47 diff.each do |change|
48 diff.each do |change|
48 pos = change[1]
49 pos = change[1]
49 if change[0] == "+"
50 if change[0] == "+"
50 add_at = pos + dels unless add_at
51 add_at = pos + dels unless add_at
51 add_to = pos + dels
52 add_to = pos + dels
52 words_add += 1
53 words_add += 1
53 else
54 else
54 del_at = pos unless del_at
55 del_at = pos unless del_at
55 deleted << ' ' unless deleted.empty?
56 deleted << ' ' unless deleted.empty?
56 deleted << h(change[2])
57 deleted << change[2]
57 words_del += 1
58 words_del += 1
58 end
59 end
59 end
60 end
60 if add_at
61 if add_at
61 words[add_at] = '<span class="diff_in">'.html_safe + words[add_at]
62 words[add_at] = '<span class="diff_in">'.html_safe + words[add_at]
62 words[add_to] = words[add_to] + '</span>'.html_safe
63 words[add_to] = words[add_to] + '</span>'.html_safe
63 end
64 end
64 if del_at
65 if del_at
65 words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + deleted + '</span>'.html_safe
66 # deleted is not safe html at this point
67 words.insert del_at - del_off + dels + words_add, '<span class="diff_out">'.html_safe + h(deleted) + '</span>'.html_safe
66 dels += 1
68 dels += 1
67 del_off += words_del
69 del_off += words_del
68 words_del = 0
70 words_del = 0
69 end
71 end
70 end
72 end
71 words.join(' ').html_safe
73 safe_join(words, ' ')
72 end
74 end
73 end
75 end
74 end
76 end
75 end
77 end
Show file before | Show file after | Hide comments
@@ -1,25 +1,37
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../../../../test_helper', __FILE__)
18 require File.expand_path('../../../../../test_helper', __FILE__)
19
19
20 class DiffTest < ActiveSupport::TestCase
20 class DiffTest < ActiveSupport::TestCase
21 def test_diff
21 def test_diff
22 diff = Redmine::Helpers::Diff.new("foo", "bar")
22 diff = Redmine::Helpers::Diff.new("foo", "bar")
23 assert_not_nil diff
23 assert_not_nil diff
24 end
24 end
25
26 def test_dont_double_escape
27 # 3 cases to test in the before: first word, last word, everything inbetween
28 before = "<stuff> with html & special chars</danger>"
29 # all words in after are treated equal
30 after = "other stuff <script>alert('foo');</alert>"
31
32 computed_diff = Redmine::Helpers::Diff.new(before, after).to_html
33 expected_diff = '<span class="diff_in">&lt;stuff&gt; with html &amp; special chars&lt;/danger&gt;</span> <span class="diff_out">other stuff &lt;script&gt;alert(&#39;foo&#39;);&lt;/alert&gt;</span>'
34
35 assert_equal computed_diff, expected_diff
36 end
25 end
37 end
General Comments 0
You need to be logged in to leave comments. Login now