diff options
author | Benjamin Neff <benjamin@coding4coffee.ch> | 2018-04-10 02:54:53 +0300 |
---|---|---|
committer | Benjamin Neff <benjamin@coding4coffee.ch> | 2018-04-10 02:56:29 +0300 |
commit | aa6f4d46c98f64c15026b5c71810419f79fd2ead (patch) | |
tree | 6a00a0b5b236bf9651100a7f985b014499fe4ba4 | |
parent | d031375610c9dcde6a98f5c9b2f836c2edfe8f16 (diff) | |
parent | f4ea138a642b44c8bee4099ba8d8baccb7e112b5 (diff) |
Merge branch 'hotfix/0.7.4.1'v0.7.4.1
-rw-r--r-- | Changelog.md | 4 | ||||
-rw-r--r-- | app/assets/javascripts/app/helpers/truncate.js | 11 | ||||
-rw-r--r-- | config/defaults.yml | 2 | ||||
-rw-r--r-- | spec/javascripts/app/helpers/truncate_spec.js | 12 |
4 files changed, 21 insertions, 8 deletions
diff --git a/Changelog.md b/Changelog.md index 4c29c8076..d080935af 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +# 0.7.4.1 + +Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata. + # 0.7.4.0 ## Refactor diff --git a/app/assets/javascripts/app/helpers/truncate.js b/app/assets/javascripts/app/helpers/truncate.js index 7cfa6aa59..754713491 100644 --- a/app/assets/javascripts/app/helpers/truncate.js +++ b/app/assets/javascripts/app/helpers/truncate.js @@ -1,14 +1,11 @@ (function() { app.helpers.truncate = function(passedString, length) { - if (passedString === null || passedString === undefined) { + if (passedString === null || passedString === undefined || passedString.length < length) { return passedString; } - if (passedString.length > length) { - var lastBlank = passedString.lastIndexOf(' ', length); - var trimstring = passedString.substring(0, Math.min(length, lastBlank)); - return new Handlebars.SafeString(trimstring + " ..."); - } - return new Handlebars.SafeString(passedString); + var lastBlank = passedString.lastIndexOf(" ", length); + var trimstring = passedString.substring(0, Math.min(length, lastBlank)); + return trimstring + " ..."; }; })(); diff --git a/config/defaults.yml b/config/defaults.yml index 02f4049ea..b15e36554 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.7.4.0" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.7.4.1" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/" diff --git a/spec/javascripts/app/helpers/truncate_spec.js b/spec/javascripts/app/helpers/truncate_spec.js index d816d9f15..00cdcf201 100644 --- a/spec/javascripts/app/helpers/truncate_spec.js +++ b/spec/javascripts/app/helpers/truncate_spec.js @@ -6,4 +6,16 @@ describe("app.helpers.truncate", function() { it("handles undefined", function() { expect(app.helpers.truncate(undefined, 123)).toEqual(undefined); }); + + it("returns a short string", function() { + expect(app.helpers.truncate("Some text", 10)).toEqual("Some text"); + }); + + it("trims a long string at a space", function() { + expect(app.helpers.truncate("Some very long text", 10)).toEqual("Some very ..."); + }); + + it("returns a string", function() { + expect(typeof app.helpers.truncate("Some very long text", 10)).toEqual("string"); + }); }); |