diff options
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | changelogs/unreleased/10085-stop-encoding-user-name.yml | 4 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 12 |
3 files changed, 17 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 4b01c2f19f0..2d39b1c1c34 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -699,7 +699,7 @@ class User < ActiveRecord::Base end def sanitize_attrs - %w[name username skype linkedin twitter].each do |attr| + %w[username skype linkedin twitter].each do |attr| value = public_send(attr) public_send("#{attr}=", Sanitize.clean(value)) if value.present? end diff --git a/changelogs/unreleased/10085-stop-encoding-user-name.yml b/changelogs/unreleased/10085-stop-encoding-user-name.yml new file mode 100644 index 00000000000..8fab474e047 --- /dev/null +++ b/changelogs/unreleased/10085-stop-encoding-user-name.yml @@ -0,0 +1,4 @@ +--- +title: "Insert user name directly without encoding" +merge_request: 10085 +author: Nathan Neulinger <nneul@neulinger.org> diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index d04162a527f..c70f916a8bd 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1159,6 +1159,18 @@ describe User, models: true do end end + describe '#sanitize_attrs' do + let(:user) { build(:user, name: 'test & user', skype: 'test&user') } + + it 'encodes HTML entities in the Skype attribute' do + expect { user.sanitize_attrs }.to change { user.skype }.to('test&user') + end + + it 'does not encode HTML entities in the name attribute' do + expect { user.sanitize_attrs }.not_to change { user.name } + end + end + describe '#starred?' do it 'determines if user starred a project' do user = create :user |