diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-12-13 09:25:34 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-12-13 09:25:34 +0000 |
| commit | a95103e6233d65f230327307904c67aadb871acb (patch) | |
| tree | 28f596209ea7c105e1dd491aeef5e956c5d73b30 | |
| parent | 8dbc6699e697ddbf06ea85e28804cf2c085826d0 (diff) | |
| parent | c049907103c47e279706a319a0d8917ee6c968ab (diff) | |
Merge branch '2346-unescape-titles'
| -rw-r--r-- | .cypress/cypress/integration/category_tests.js | 4 | ||||
| -rw-r--r-- | .cypress/cypress/integration/highways.js | 2 | ||||
| -rw-r--r-- | .cypress/cypress/integration/regressions.js | 17 | ||||
| -rw-r--r-- | .cypress/cypress/integration/staff.js | 4 | ||||
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rwxr-xr-x | bin/browser-tests | 1 | ||||
| -rw-r--r-- | t/Mock/MapIt.pm | 2 | ||||
| -rw-r--r-- | web/cobrands/fixmystreet/fixmystreet.js | 14 |
8 files changed, 38 insertions, 7 deletions
diff --git a/.cypress/cypress/integration/category_tests.js b/.cypress/cypress/integration/category_tests.js index 8bd21acaa..e9cf6b0d1 100644 --- a/.cypress/cypress/integration/category_tests.js +++ b/.cypress/cypress/integration/category_tests.js @@ -35,7 +35,7 @@ describe('Basic categories', function() { cy.server(); cy.route('/report/new/ajax*').as('report-ajax'); cy.url().should('include', '/around'); - cy.get('#map_box').click(210, 200); + cy.get('#map_box').click(240, 249); cy.wait('@report-ajax'); cy.get('[name=category]').should('not.be.visible'); cy.get('select:eq(3) option').each(function (obj, i) { @@ -51,7 +51,7 @@ describe('Basic categories', function() { it('category dropdown contains works from new page', function() { cy.server(); cy.route('/report/new/ajax*').as('report-ajax'); - cy.visit('/report/new?latitude=51.496194&longitude=-2.603482'); + cy.visit('/report/new?latitude=51.496194&longitude=-2.603439'); cy.get('[name=category]').should('not.be.visible'); cy.get('select:eq(1) option').each(function (obj, i) { expect(obj[0].value).to.equal(categories[i]); diff --git a/.cypress/cypress/integration/highways.js b/.cypress/cypress/integration/highways.js index 8494259c8..72438b820 100644 --- a/.cypress/cypress/integration/highways.js +++ b/.cypress/cypress/integration/highways.js @@ -9,7 +9,7 @@ describe('Highways England tests', function() { cy.get('[name=pc]').type(Cypress.env('postcode')); cy.get('[name=pc]').parents('form').submit(); cy.url().should('include', '/around'); - cy.get('#map_box').click(210, 200); + cy.get('#map_box').click(240, 249); cy.wait('@report-ajax'); cy.wait('@highways-tilma'); cy.get('#highways').should('contain', 'M6'); diff --git a/.cypress/cypress/integration/regressions.js b/.cypress/cypress/integration/regressions.js index 00e92f5ad..547fc469b 100644 --- a/.cypress/cypress/integration/regressions.js +++ b/.cypress/cypress/integration/regressions.js @@ -25,4 +25,21 @@ describe('Regression tests', function() { cy.get('#loading-indicator').should('be.hidden'); cy.get('#map_box image').should('be.visible'); }); + it('Does not escape HTML entities in the title', function() { + cy.server(); + cy.route('/around\?ajax*').as('update-results'); + cy.request({ + method: 'POST', + url: '/auth?r=/', + form: true, + body: { username: 'cs@example.org', password_sign_in: 'password' } + }); + cy.visit('/report/1/moderate'); + cy.get('[name=problem_title]').clear().type('M&S "brill" says <glob>').parents('form').submit(); + cy.title().should('contain', 'M&S "brill" says <glob>'); + cy.contains('Problems nearby').click(); + cy.wait('@update-results'); + cy.get('#map_sidebar').contains('M&S').click(); + cy.title().should('contain', 'M&S "brill" says <glob>'); + }); }); diff --git a/.cypress/cypress/integration/staff.js b/.cypress/cypress/integration/staff.js index 88afb5490..ab1de0749 100644 --- a/.cypress/cypress/integration/staff.js +++ b/.cypress/cypress/integration/staff.js @@ -17,7 +17,7 @@ describe('Staff user tests', function() { cy.get('[name=pc]').type(Cypress.env('postcode')); cy.get('[name=pc]').parents('form').submit(); cy.url().should('include', '/around'); - cy.get('#map_box').click(210, 200); + cy.get('#map_box').click(240, 249); cy.get('[name=form_as]').should('have.value', 'body'); cy.cleanUpXHR(); }); @@ -36,7 +36,7 @@ describe('Staff user tests', function() { cy.get('[name=pc]').type(Cypress.env('postcode')); cy.get('[name=pc]').parents('form').submit(); cy.url().should('include', '/around'); - cy.get('#map_box').click(210, 200); + cy.get('#map_box').click(240, 249); cy.wait('@report-ajax'); cy.get('select:eq(3)').select('Graffiti'); cy.get('[name=title]').should('have.value', 'A Graffiti problem has been found'); diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fb18ccfb..825a9d353 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ - Keep all moderation history, and show in report/update admin. #2329 - Bugfixes: - Restore map zoom out when navigating to /around from /report. #1649 + - Don’t escape HTML entities in report titles pulled in by ajax. #2346 - Open311 improvements: - Fix bug in contact group handling. #2323 - Improve validation of fetched reports timestamps. #2327 diff --git a/bin/browser-tests b/bin/browser-tests index 2d4ee09ac..c663e56af 100755 --- a/bin/browser-tests +++ b/bin/browser-tests @@ -98,6 +98,7 @@ sub run { my $c = Test::MockModule->new('FixMyStreet::Cobrand::FixMyStreet'); $c->mock('enable_category_groups', sub { 1 }); # Child, run the server on port 3001 + FixMyStreet->test_mode(1); # So email doesn't try to send local $ENV{FIXMYSTREET_APP_DEBUG} = 0; require Plack::Runner; my $runner = Plack::Runner->new; diff --git a/t/Mock/MapIt.pm b/t/Mock/MapIt.pm index f3f9f89b2..2778df1ed 100644 --- a/t/Mock/MapIt.pm +++ b/t/Mock/MapIt.pm @@ -26,7 +26,7 @@ my @PLACES = ( [ '?', 53.387402, -2.943997, 2527, 'Liverpool City Council', 'MTD' ], [ 'EH1 1BB', 55.952055, -3.189579, 2651, 'Edinburgh City Council', 'UTA', 20728, 'City Centre', 'UTE' ], [ 'BS10 5EE', 51.494885, -2.602237, 2561, 'Bristol City Council', 'UTA', 148646, 'Bedminster', 'UTW' ], - [ 'BS20 5EE', 51.496194, -2.603482, 2608, 'Borsetshire County Council', 'CTY', 148646, 'Bedminster', 'UTW' ], + [ 'BS20 5EE', 51.496194, -2.603439, 2608, 'Borsetshire County Council', 'CTY', 148646, 'Bedminster', 'UTW' ], [ 'SL9 0NX', 51.615559, -0.556903, 2217, 'Buckinghamshire County Council', 'CTY', 2257, 'Chiltern District Council', 'DIS' ], [ 'SW1A 1AA', 51.501009, -0.141588, 2504, 'Westminster City Council', 'LBO' ], [ 'GL50 2PR', 51.896268, -2.093063, 2226, 'Gloucestershire County Council', 'CTY', 2326, 'Cheltenham Borough Council', 'DIS', 4544, 'Lansdown', 'DIW', 143641, 'Lansdown and Park', 'CED' ], diff --git a/web/cobrands/fixmystreet/fixmystreet.js b/web/cobrands/fixmystreet/fixmystreet.js index 98e538933..100eec15d 100644 --- a/web/cobrands/fixmystreet/fixmystreet.js +++ b/web/cobrands/fixmystreet/fixmystreet.js @@ -1354,7 +1354,19 @@ fixmystreet.display = { } var found = html.match(/<title>([\s\S]*?)<\/title>/); - var page_title = found[1]; + // Unencode HTML entities so it's suitable for document.title. We + // only care about the ones encoded by the template's html_filter. + var map = { + '&': '&', + '>': '>', + '<': '<', + '"': '"', + ''': "'" + }; + var page_title = found[1].replace(/&(amp|lt|gt|quot|#39);/g, function(m) { + return map[m]; + }); + fixmystreet.page = 'report'; $('.big-hide-pins-link').hide(); |