best_in_place 1.1.3 → 2.0.0

data/lib/assets/javascripts/best_in_place.js

@@ -39,10 +39,14 @@ BestInPlaceEditor.prototype = {
       to_display = this.original_content;
     }
     else {
-      to_display = this.element.html();
+      if (this.sanitize) {
+        to_display = this.element.text();
+      } else {
+        to_display = this.element.html();
+      }
     }
 
-    var elem = this.isNil ? "-" : this.element.html();
+    var elem = this.isNil ? "-" : this.sanitize ? this.element.text() : this.element.html();
     this.oldValue = elem;
     this.display_value = to_display;
     jQuery(this.activator).unbind("click", this.clickHandler);
@@ -51,8 +55,8 @@ BestInPlaceEditor.prototype = {
   },
 
   abort : function() {
-    if (this.isNil) this.element.html(this.nil);
-    else            this.element.html(this.oldValue);
+    if (this.isNil) this.element.text(this.nil);
+    else            this.element.text(this.oldValue);
     jQuery(this.activator).bind('click', {editor: this}, this.clickHandler);
     this.element.trigger(jQuery.Event("best_in_place:abort"));
     this.element.trigger(jQuery.Event("best_in_place:deactivate"));
@@ -95,7 +99,7 @@ BestInPlaceEditor.prototype = {
     } else if (this.formType == "checkbox") {
       editor.element.html(this.getValue() ? this.values[1] : this.values[0]);
     } else {
-      editor.element.html(this.getValue() !== "" ? this.getValue() : this.nil);
+      editor.element.text(this.getValue() !== "" ? this.getValue() : this.nil);
     }
     editor.element.trigger(jQuery.Event("best_in_place:update"));
   },
@@ -123,6 +127,7 @@ BestInPlaceEditor.prototype = {
       self.inner_class   = self.inner_class   || $parent.attr("data-inner-class");
       self.html_attrs    = self.html_attrs    || $parent.attr("data-html-attrs");
       self.original_content    = self.original_content    || $parent.attr("data-original-content");
+      self.collectionValue = self.collectionValue || $parent.attr("data-value");
     });
 
     // Try Rails-id based if parents did not explicitly supply something
@@ -146,6 +151,7 @@ BestInPlaceEditor.prototype = {
     self.inner_class   = self.element.attr("data-inner-class")   || self.inner_class   || null;
     self.html_attrs    = self.element.attr("data-html-attrs")    || self.html_attrs;
     self.original_content    = self.element.attr("data-original-content") || self.original_content;
+    self.collectionValue     = self.element.attr("data-value")            || self.collectionValue;
 
     if (!self.element.attr("data-sanitize")) {
       self.sanitize = true;
@@ -164,6 +170,7 @@ BestInPlaceEditor.prototype = {
     {
       self.values = jQuery.parseJSON(self.collection);
     }
+
   },
 
   bindForm : function() {
@@ -172,10 +179,10 @@ BestInPlaceEditor.prototype = {
   },
 
   initNil: function() {
-    if (this.element.html() === "")
+    if (this.element.text() === "")
     {
       this.isNil = true;
-      this.element.html(this.nil);
+      this.element.text(this.nil);
     }
   },
 
@@ -185,12 +192,6 @@ BestInPlaceEditor.prototype = {
 
   // Trim and Strips HTML from text
   sanitizeValue : function(s) {
-    if (this.sanitize)
-    {
-      var tmp = document.createElement("DIV");
-      tmp.innerHTML = s;
-      s = jQuery.trim(tmp.textContent || tmp.innerText).replace(/"/g, '"');
-    }
    return jQuery.trim(s);
   },
 
@@ -220,9 +221,9 @@ BestInPlaceEditor.prototype = {
   loadSuccessCallback : function(data) {
     var response = jQuery.parseJSON(jQuery.trim(data));
     if (response !== null && response.hasOwnProperty("display_as")) {
-      this.element.attr("data-original-content", this.element.html());
-      this.original_content = this.element.html();
-      this.element.html(response["display_as"]);
+      this.element.attr("data-original-content", this.element.text());
+      this.original_content = this.element.text();
+      this.element.text(response["display_as"]);
     }
     this.element.trigger(jQuery.Event("ajax:success"), data);
 
@@ -232,7 +233,7 @@ BestInPlaceEditor.prototype = {
   },
 
   loadErrorCallback : function(request, error) {
-    this.element.html(this.oldValue);
+    this.element.text(this.oldValue);
 
     this.element.trigger(jQuery.Event("best_in_place:error"), [request, error])
     this.element.trigger(jQuery.Event("ajax:error"));
@@ -291,7 +292,7 @@ BestInPlaceEditor.forms = {
           .attr('value', this.cancelButton)
         )
       }
-      
+
       this.element.html(output);
       this.setHtmlAttributes();
       this.element.find("input[type='text']")[0].select();
@@ -365,7 +366,7 @@ BestInPlaceEditor.forms = {
         input_elt.addClass(this.inner_class);
       }
       output.append(input_elt)
-      
+
       this.element.html(output);
       this.setHtmlAttributes();
       this.element.find('input')[0].select();
@@ -403,13 +404,15 @@ BestInPlaceEditor.forms = {
                        .attr('style', 'display:inline');
           selected   = '',
           oldValue   = this.oldValue,
-          select_elt = $(document.createElement('select'));
+          select_elt = $(document.createElement('select')),
+          currentCollectionValue = this.collectionValue;
+
       jQuery.each(this.values, function (index, value) {
         var option_elt = $(document.createElement('option'))
                          // .attr('value', value[0])
                          .val(value[0])
                          .html(value[1]);
-        if(value[1] == oldValue) {
+        if(value[0] == currentCollectionValue) {
           option_elt.attr('selected', 'selected');
         }
         select_elt.append(option_elt);
@@ -457,7 +460,7 @@ BestInPlaceEditor.forms = {
       // grab width and height of text
       width = this.element.css('width');
       height = this.element.css('height');
-      
+
       // construct form
       var output   = $(document.createElement('form'))
                      .attr('action', 'javascript:void(0)')

data/lib/best_in_place/helper.rb

@@ -15,12 +15,13 @@ module BestInPlace
       opts[:collection] ||= []
       field = field.to_s
 
-      value = build_value_for(real_object, field, opts)
+      display_value = build_value_for(real_object, field, opts)
 
       collection = nil
+      value = nil
       if opts[:type] == :select && !opts[:collection].blank?
-        v = real_object.send(field)
-        value = Hash[opts[:collection]].stringify_keys[v.to_s]
+        value = real_object.send(field)
+        display_value = Hash[opts[:collection]].stringify_keys[value.to_s]
         collection = opts[:collection].to_json
       end
       if opts[:type] == :checkbox
@@ -28,7 +29,7 @@ module BestInPlace
         if opts[:collection].blank? || opts[:collection].size != 2
           opts[:collection] = ["No", "Yes"]
         end
-        value = fieldValue ? opts[:collection][1] : opts[:collection][0]
+        display_value = fieldValue ? opts[:collection][1] : opts[:collection][0]
         collection = opts[:collection].to_json
       end
       classes = ["best_in_place"]
@@ -37,6 +38,7 @@ module BestInPlace
         classes << opts[:classes]
         classes.flatten!
       end
+
       out = "<span class='#{classes.join(" ")}'"
       out << " id='#{BestInPlace::Utils.build_best_in_place_id(real_object, field)}'"
       out << " data-url='#{opts[:path].blank? ? url_for(object) : url_for(opts[:path])}'"
@@ -52,6 +54,8 @@ module BestInPlace
       out << " data-inner-class='#{opts[:inner_class]}'" if opts[:inner_class]
       out << " data-html-attrs='#{opts[:html_attrs].to_json}'" unless opts[:html_attrs].blank?
       out << " data-original-content='#{attribute_escape(real_object.send(field))}'" if opts[:display_as] || opts[:display_with]
+      out << " data-value='#{attribute_escape(value)}'" if value
+
       if opts[:data] && opts[:data].is_a?(Hash)
         opts[:data].each do |k, v|
           if !v.is_a?(String) && !v.is_a?(Symbol)
@@ -62,9 +66,9 @@ module BestInPlace
       end
       if !opts[:sanitize].nil? && !opts[:sanitize]
         out << " data-sanitize='false'>"
-        out << sanitize(value.to_s, :tags => %w(b i u s a strong em p h1 h2 h3 h4 h5 ul li ol hr pre span img br), :attributes => %w(id class href))
+        out << display_value.to_s
       else
-        out << ">#{sanitize(value.to_s, :tags => nil, :attributes => nil)}"
+        out << ">#{h(display_value.to_s)}"
       end
       out << "</span>"
       raw out

data/lib/best_in_place/test_helpers.rb

@@ -1,11 +1,13 @@
 module BestInPlace
   module TestHelpers
+    
+    include ActionView::Helpers::JavaScriptHelper
 
     def bip_area(model, attr, new_value)
       id = BestInPlace::Utils.build_best_in_place_id model, attr
       page.execute_script <<-JS
         jQuery("##{id}").click();
-        jQuery("##{id} form textarea").val('#{new_value}');
+        jQuery("##{id} form textarea").val('#{escape_javascript new_value.to_s}');
         jQuery("##{id} form textarea").blur();
       JS
     end
@@ -14,7 +16,7 @@ module BestInPlace
       id = BestInPlace::Utils.build_best_in_place_id model, attr
       page.execute_script <<-JS
         jQuery("##{id}").click();
-        jQuery("##{id} input[name='#{attr}']").val('#{new_value}');
+        jQuery("##{id} input[name='#{attr}']").val('#{escape_javascript new_value.to_s}');
         jQuery("##{id} form").submit();
       JS
     end

data/lib/best_in_place/version.rb

@@ -1,3 +1,3 @@
 module BestInPlace
-  VERSION = "1.1.3"
+  VERSION = "2.0.0"
 end

data/spec/helpers/best_in_place_spec.rb

@@ -328,6 +328,10 @@ describe BestInPlace::BestInPlaceHelpers do
         @span.text.should == "Italy"
       end
 
+      it "should include the proper data-value" do
+        @span.attribute("data-value").value.should == "2"
+      end
+
       context "with an apostrophe in it" do
         before do
           @apostrophe_countries = [[1, "Joe's Country"], [2, "Bob's Country"]]

data/spec/integration/js_spec.rb

@@ -86,6 +86,7 @@ describe "JS behaviour", :js => true do
       :description => "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus a lectus et lacus ultrices auctor. Morbi aliquet convallis tincidunt. Praesent enim libero, iaculis at commodo nec, fermentum a dolor. Quisque eget eros id felis lacinia faucibus feugiat et ante. Aenean justo nisi, aliquam vel egestas vel, porta in ligula. Etiam molestie, lacus eget tincidunt accumsan, elit justo rhoncus urna, nec pretium neque mi et lorem. Aliquam posuere, dolor quis pulvinar luctus, felis dolor tincidunt leo, eget pretium orci purus ac nibh. Ut enim sem, suscipit ac elementum vitae, sodales vel sem."
 
     visit users_path
+
     within("tr#user_#{@user.id} > .name > span") do
       page.should have_content("Lucia")
       page.should have_xpath("//a[contains(@href,'#{user_path(@user)}')]")
@@ -97,13 +98,11 @@ describe "JS behaviour", :js => true do
       $("##{id} input[name='name']").val('Lisa');
       $("##{id} form").submit();
     JS
-    # binding.pry
-    # visit users_path
+
     within("tr#user_#{@user.id} > .name > span") do
       page.should have_content('Lisa')
-      page.should have_xpath("//a[contains(@href,'#{user_path(@user)}')]")
     end
-  end  
+  end
 
   it "should be able to use bip_text to update a text field" do
     @user.save!
@@ -745,6 +744,26 @@ describe "JS behaviour", :js => true do
     end
   end
 
+  it "should keep the same value after multipe edits" do
+    @user.save!
+
+    retry_on_timeout do
+      visit double_init_user_path(@user)
+
+      bip_area @user, :description, "A <a href=\"http://google.es\">link in this text</a> not sanitized."
+      visit double_init_user_path(@user)
+
+      page.should have_link("link in this text", :href => "http://google.es")
+
+      id = BestInPlace::Utils.build_best_in_place_id @user, :description
+      page.execute_script <<-JS
+        $("##{id}").click();
+      JS
+
+      page.find("##{id} textarea").value.should eq("A <a href=\"http://google.es\">link in this text</a> not sanitized.")
+    end
+  end
+
   it "should display single- and double-quotes in values appropriately" do
     @user.height = %{5' 6"}
     @user.save!
@@ -782,4 +801,66 @@ describe "JS behaviour", :js => true do
     end
   end
 
+  it "should escape javascript in test helpers" do
+    @user.save!
+
+    retry_on_timeout do
+      visit user_path(@user)
+
+      bip_text @user, :last_name, "Other '); alert('hi');"
+      sleep 1
+
+      @user.reload
+      @user.last_name.should eq("Other '); alert('hi');")
+    end
+  end
+
+  it "should save text in database without encoding" do
+    @user.save!
+
+    retry_on_timeout do
+      visit user_path(@user)
+
+      bip_text @user, :last_name, "Other \"thing\""
+      sleep 1
+
+      @user.reload
+      @user.last_name.should eq("Other \"thing\"")
+    end
+  end
+
+  it "should not strip html tags" do
+    @user.save!
+
+    retry_on_timeout do
+      visit user_path(@user)
+
+      bip_text @user, :last_name, "<script>alert('hi');</script>"
+      within("#last_name") { page.should have_content("<script>alert('hi');</script>") }
+
+      visit user_path(@user)
+
+      id = BestInPlace::Utils.build_best_in_place_id @user, :last_name
+      page.execute_script <<-JS
+        $("##{id}").click();
+      JS
+
+      page.find("##{id} input").value.should eq("<script>alert('hi');</script>")
+    end
+  end
+
+  it "should generate the select html with the proper current option selected" do
+    @user.save!
+    visit user_path(@user)
+    within("#country") do
+      page.should have_content("Italy")
+    end
+
+    id = BestInPlace::Utils.build_best_in_place_id @user, :country
+    page.execute_script <<-JS
+      $("##{id}").click();
+    JS
+
+    page.should have_css("##{id} select option[value='2'][selected='selected']")
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: best_in_place
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 2.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -230,7 +230,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 572357039
+      hash: -891902797
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 572357039
+      hash: -891902797
 requirements: []
 rubyforge_project: best_in_place
 rubygems_version: 1.8.24