decidim-proposals 0.26.5 → 0.26.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a4c8eb3005ae333b7e25070ab1fb36beba6ae7f2148fb1748457564e057ca73
-  data.tar.gz: 8a80ce1a6549660c4dd5ed49f63fd9ddba9e8136e0f48f2e36155f9cb2f59c71
+  metadata.gz: a4fce0c0b6f6522f1a2b6d43d805c27ab18608f7d0c45694847da7dd8ae27026
+  data.tar.gz: f89485ecc409eae9d065db73bff545f583228968b3ff75dee69ed964694dca73
 SHA512:
-  metadata.gz: 490fdb4bad6ce35bc944e3e7558cde07d3f711ebbbd6bdaf489296eae9e6d41f87d0703ba0ce43ab85d8bf302511f1dff1798619b1620f98972fac163a8fc54a
-  data.tar.gz: ec6da6b3acfb109dd56ed7d0680c293290a2f9de5d3a28f52ac4d7aad983e56423a7ae5bc2abd6bc1b3d8496c9e51b83f14ca6df60d19ac16ed0fe00584d3185
+  metadata.gz: 8de8e50973686973c038f4a07de403c4a2d3eae6edd86031458a97cf1543ecd480f1d50e601ae4770a012960656c5670f10d99a588fd374f3964c7fd045d32b6
+  data.tar.gz: b1ef8c8a2c18d61d04fedf861ae5535425bb97215c0743906e40fd220f67c90cdca049be1b4733316caa579130b027007e3540c3e1583ddb45e7b8a53835e1cc

data/app/cells/decidim/proposals/collaborative_draft_m_cell.rb

@@ -23,7 +23,7 @@ module Decidim
       end
 
       def description
-        decidim_sanitize_editor(present(model).body.truncate(100, separator: /\s/))
+        decidim_sanitize_editor(present(model).body.truncate(100, separator: /\s/), strip_tags: true)
       end
 
       def has_badge?

data/app/commands/decidim/proposals/admin/notify_proposal_answer.rb

@@ -21,6 +21,8 @@ module Decidim
         #
         # Returns nothing.
         def call
+          return broadcast(:invalid) if proposal.blank?
+
           if proposal.published_state? && state_changed?
             transaction do
               increment_score

data/app/helpers/decidim/proposals/application_helper.rb

@@ -96,13 +96,24 @@ module Decidim
       # frontend, the proposal body is considered as safe content; that's unless
       # the proposal comes from a collaborative_draft or a participatory_text.
       def safe_content?
-        rich_text_editor_in_public_views? && not_from_collaborative_draft(@proposal) ||
-          (@proposal.official? || @proposal.official_meeting?) && not_from_participatory_text(@proposal)
+        (rich_text_editor_in_public_views? && not_from_collaborative_draft(@proposal)) ||
+          safe_content_admin?
+      end
+
+      # For admin entered content, the proposal body can contain certain extra
+      # tags, such as iframes.
+      def safe_content_admin?
+        (@proposal.official? || @proposal.official_meeting?) && not_from_participatory_text(@proposal)
       end
 
       # If the content is safe, HTML tags are sanitized, otherwise, they are stripped.
       def render_proposal_body(proposal)
-        Decidim::ContentProcessor.render(render_sanitized_content(proposal, :body), "div")
+        sanitized = render_sanitized_content(proposal, :body)
+        if safe_content?
+          Decidim::ContentProcessor.render_without_format(sanitized).html_safe
+        else
+          Decidim::ContentProcessor.render(sanitized, "div")
+        end
       end
 
       # Returns :text_area or :editor based on the organization' settings.

data/app/helpers/decidim/proposals/proposals_helper.rb

@@ -7,7 +7,7 @@ module Decidim
       def proposal_reason_callout_announcement
         {
           title: proposal_reason_callout_title,
-          body: decidim_sanitize_editor(translated_attribute(@proposal.answer))
+          body: decidim_sanitize_editor_admin(translated_attribute(@proposal.answer))
         }
       end
 

data/app/views/decidim/proposals/admin/participatory_texts/_article-preview.html.erb

@@ -1,13 +1,13 @@
 <div class="grid-x">
   <div class="cell">
     <%= form.hidden_field :position, class: "position" %>
-    <%= form.text_field :title, optional: false %>
+    <%= form.text_field :title, required: true %>
   </div>
 </div>
 <% if proposal.article? %>
 <div class="grid-x">
   <div class="cell">
-    <%= form.text_area :body, optional: false, rows: 5 %>
+    <%= form.text_area :body, required: true, rows: 5 %>
   </div>
 </div>
 <% end %>

data/app/views/decidim/proposals/collaborative_drafts/_edit_form_fields.html.erb

@@ -5,7 +5,7 @@
 </div>
 
 <div class="field hashtags__container">
-  <%= form.text_area :body, rows: 10, class: "js-hashtags", value: form_presenter.body(extras: false).strip %>
+  <%= text_editor_for_proposal_body(form) %>
 </div>
 
 <% if @form.component_automatic_hashtags.any? %>

data/app/views/decidim/proposals/collaborative_drafts/show.html.erb

@@ -33,7 +33,7 @@
     <div class="section">
       <%== cell("decidim/proposals/collaborative_draft_m", @collaborative_draft, full_badge: true).badge %>
 
-      <%= simple_format(present(@collaborative_draft).body(links: true, strip_tags: true), nil, sanitize: false) %>
+      <%= decidim_sanitize_editor present(@collaborative_draft).body(links: true) %>
 
       <% if component_settings.geocoding_enabled? %>
         <%= render partial: "decidim/shared/static_map", locals: { icon_name: "proposals", geolocalizable: @collaborative_draft } %>

data/app/views/decidim/proposals/proposals/_linked_proposals.html.erb

@@ -22,7 +22,8 @@
           <% end %>
         </div>
       </div>
-      <% if !current_settings.try(:votes_hidden?) && !proposal.component.current_settings.votes_hidden? %>
+      <% if !current_settings.try(:votes_hidden?) && !proposal.component.current_settings.votes_hidden? &&
+      proposal.component.current_settings.votes_enabled? %>
         <div class="card--list__data">
           <span class="card--list__data__number">
             <%= proposal.votes.size %>