Remove hack from exporter

I couldn't reproduce what the comment states anymore, so I just removed it. This fixes a minor issue where html wouldn't be escaped in the export. Thanks to A Kai (@sixhundredns) for reporting.
2014-05-24 15:27:13 +02:00 · 2014-05-24 15:27:13 +02:00 · d36589e05b
commit d36589e05b
parent a216f267a0
2 changed files with 26 additions and 10 deletions
--- a/lib/diaspora/exporter.rb
+++ b/lib/diaspora/exporter.rb
@ -83,10 +83,7 @@ module Diaspora
          }
        end

-        # This is a hack.  Nokogiri interprets *.to_xml as a string.
-        # we want to inject document objects, instead.  See lines: 25,35,40.
-        # Solutions?
-        CGI.unescapeHTML(builder.to_xml.to_s)
+        builder.to_xml.to_s
      end
    end
  end
--- a/spec/lib/diaspora/exporter_spec.rb
+++ b/spec/lib/diaspora/exporter_spec.rb
@ -12,33 +12,50 @@ describe Diaspora::Exporter do
    @user2 =  FactoryGirl.create(:user)
    @user3 =  bob

+    @user1.person.profile.first_name = "<script>"
+    @user1.person.profile.gender = "<script>"
+    @user1.person.profile.bio = "<script>"
+    @user1.person.profile.location = "<script>"
+    @user1.person.profile.save
+
    @aspect  =  @user1.aspects.first
    @aspect1 =  @user1.aspects.create(:name => "Work")
    @aspect2 =  @user2.aspects.create(:name => "Family")
    @aspect3 =  @user3.aspects.first
+    @aspect.name = "<script>"
+    @aspect.save

    @status_message1 =  @user1.post(:status_message, :text => "One", :public => true, :to => @aspect1.id)
    @status_message2 =  @user1.post(:status_message, :text => "Two", :public => true, :to => @aspect1.id)
    @status_message3 =  @user2.post(:status_message, :text => "Three", :public => false, :to => @aspect2.id)
+    @status_message4 =  @user1.post(:status_message, :text => "<script>", :public => true, :to => @aspect2.id)
  end

  def exported
    Nokogiri::XML(Diaspora::Exporter.new(Diaspora::Exporters::XML).execute(@user1))
  end

+  it 'escapes xml relevant characters' do
+    expect(exported.to_s).to_not include "<script>"
+  end
+
  context '<user/>' do
-    before do
-      @user_xml = exported.xpath('//user').to_s
-    end
+    let(:user_xml) { exported.xpath('//user').to_s }
+
    it 'includes a users private key' do
-      @user_xml.to_s.should include @user1.serialized_private_key
+      expect(user_xml).to include @user1.serialized_private_key
+    end
+
+    it 'includes the profile as xml' do
+      puts exported.to_s
+      expect(user_xml).to include "<profile>"
    end
  end

  context '<aspects/>' do
+    let(:aspects_xml) { exported.xpath('//aspects').to_s }

    it 'includes the post_ids' do
-      aspects_xml = exported.xpath('//aspects').to_s
      aspects_xml.should include @status_message1.id.to_s
      aspects_xml.should include @status_message2.id.to_s
    end
@ -47,6 +64,8 @@ describe Diaspora::Exporter do
  context '<contacts/>' do

    before do
+      @aspect.name = "Safe"
+      @aspect.save
      @user1.add_contact_to_aspect(@user1.contact_for(@user3.person), @aspect1)
      @user1.reload
    end