From 00001858754cbf9f3e15535b530ae7c28e8da303 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 3 Feb 2011 11:28:02 -0800 Subject: [PATCH] Status messages now process mentions and output links --- app/models/status_message.rb | 25 ++++++++++++++++---- spec/models/status_message_spec.rb | 38 ++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/app/models/status_message.rb b/app/models/status_message.rb index d229602a4..d6d71ce04 100644 --- a/app/models/status_message.rb +++ b/app/models/status_message.rb @@ -10,7 +10,7 @@ class StatusMessage < Post validates_length_of :message, :maximum => 1000, :message => "please make your status messages less than 1000 characters" xml_name :status_message - xml_attr :message + xml_attr :raw_message has_many :photos, :dependent => :destroy validate :message_or_photos_present? @@ -22,19 +22,34 @@ class StatusMessage < Post get_youtube_title message end + def message + self.formatted_message + end + + def raw_message + read_attribute(:message) + end + def raw_message=(text) + write_attribute(:message, text) + end + def formatted_message + return self.raw_message unless self.raw_message people = self.mentioned_people regex = /@\{([^;]+); ([^\}]+)\}/ - message.gsub(regex) do |matched_string| - people.detect{ |p| + escaped_message = ERB::Util.h(raw_message) + form_message = escaped_message.gsub(regex) do |matched_string| + person = people.detect{ |p| p.diaspora_handle == matched_string.match(regex).captures.last - }.name + } + "#{ERB::Util.h(person.name)}" end + form_message end def mentioned_people regex = /@\{([^;]+); ([^\}]+)\}/ - identifiers = self.message.scan(regex).map do |match| + identifiers = self.raw_message.scan(regex).map do |match| match.last end self.person.owner.contact_people.where(:diaspora_handle => identifiers) diff --git a/spec/models/status_message_spec.rb b/spec/models/status_message_spec.rb index 3e49000e5..fdd701160 100644 --- a/spec/models/status_message_spec.rb +++ b/spec/models/status_message_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' + describe StatusMessage do before do @@ -54,6 +55,12 @@ describe StatusMessage do end describe 'mentions' do + def controller + mock() + end + + include ActionView::Helpers::UrlHelper + include Rails.application.routes.url_helpers before do @people = [alice, bob, eve].map{|u| u.person} @test_string = <<-STR @@ -63,12 +70,29 @@ STR @sm = Factory.create(:status_message, :message => @test_string ) end - it 'adds the links in the formated message text' do - @sm.formatted_message.should == <<-STR -#{@people[0].name} can mention people like Raphael #{@people[1].name} -can mention people like Raphaellike Raphael #{@people[2].name} can mention people like Raph + describe '#formatted_message' do + it 'adds the links in the formated message text' do + @sm.formatted_message.should == <<-STR +#{link_to(@people[0].name, person_path(@people[0]))} can mention people like Raphael #{link_to(@people[1].name, person_path(@people[1]))} +can mention people like Raphaellike Raphael #{link_to(@people[2].name, person_path(@people[2]))} can mention people like Raph STR + end + it 'escapes the link title' do + p = @people[0].profile + p.first_name="" + p.save! + @sm.formatted_message.should_not include(@people[0].profile.first_name) + end + it 'escapes the message' do + xss = " " + @sm.message << xss + + @sm.formatted_message.should_not include xss + end + it 'is html_safe' do + @sm.formatted_message.html_safe?.should be_true + end end it 'extracts the mentioned people from the message' do @@ -80,8 +104,12 @@ STR @message = Factory.create(:status_message, :message => "I hate WALRUSES!", :person => @user.person) @xml = @message.to_xml.to_s end + it 'serializes the unescaped, unprocessed message' do + @message.message = "" + @message.to_xml.to_s.should include @message.message + end it 'serializes the message' do - @xml.should include "I hate WALRUSES!" + @xml.should include "I hate WALRUSES!" end it 'serializes the author address' do