diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb index 1f0d5d545c0f234389a4fdd5e268f31842028d36..5e9f5837101608e60e80a160736bec970e2989cd 100644 --- a/app/helpers/labels_helper.rb +++ b/app/helpers/labels_helper.rb @@ -1,12 +1,6 @@ module LabelsHelper include ActionView::Helpers::TagHelper - TABLE_FOR_ESCAPE_HTML_ENTITIES = { - '&' => '&', - '<' => '<', - '>' => '>' - } - # Link to a Label # # label - Label object to link to @@ -136,11 +130,7 @@ module LabelsHelper label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe' end - def unescape_html_entities(value) - value.to_s.gsub(/(>)|(<)|(&)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) - end - # Required for Banzai::Filter::LabelReferenceFilter module_function :render_colored_label, :render_colored_cross_project_label, - :text_color_for_bg, :escape_once, :unescape_html_entities + :text_color_for_bg, :escape_once end diff --git a/app/models/label.rb b/app/models/label.rb index 086007d18644f6f5ceb568c2d7ba9763842cacfb..b0e2cb448b8aee3566dd061327cbad35ba884c7a 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -10,6 +10,12 @@ class Label < ActiveRecord::Base DEFAULT_COLOR = '#428BCA' + TABLE_FOR_ESCAPE_HTML_ENTITIES = { + '&' => '&', + '<' => '<', + '>' => '>' + } + default_value_for :color, DEFAULT_COLOR belongs_to :project @@ -134,6 +140,10 @@ class Label < ActiveRecord::Base end def sanitize_title(value) - LabelsHelper.unescape_html_entities(Sanitize.clean(value.to_s)) + unescape_html_entities(Sanitize.clean(value.to_s)) + end + + def unescape_html_entities(value) + value.to_s.gsub(/(>)|(<)|(&)/, TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) end end diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb index 7d016d78669426193aa9ab8c0b51d5fe41914338..fdd4afce6069af62f21b6a56f8904b7753555306 100644 --- a/lib/banzai/filter/label_reference_filter.rb +++ b/lib/banzai/filter/label_reference_filter.rb @@ -68,7 +68,7 @@ module Banzai end def unescape_html_entities(text) - LabelsHelper.unescape_html_entities(text) + text.to_s.gsub(/(>)|(<)|(&)/, Label::TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) end end end diff --git a/spec/helpers/labels_helper_spec.rb b/spec/helpers/labels_helper_spec.rb index 1457eea7cb255e4cce6f614a7882ec3768f587d8..501f150cfda8a3494212648a239e24c2a727a0e5 100644 --- a/spec/helpers/labels_helper_spec.rb +++ b/spec/helpers/labels_helper_spec.rb @@ -77,10 +77,4 @@ describe LabelsHelper do expect(text_color_for_bg('#000')).to eq '#FFFFFF' end end - - describe 'unescape_html_entities' do - it 'decodes &, <, and > named entities' do - expect(unescape_html_entities('foo & bar < zoo > boo é')).to eq 'foo & bar < zoo > boo é' - end - end end