Stop sanitizing user 'name' when inserting into db

Add spec tests for encoding

Stop sanitizing user 'name' when inserting into db
Add spec tests for encoding
4f47de62 · Nathan Neulinger · 571c4f5a · 4f47de62 · 4f47de62 · 4f47de62
Commit 4f47de62 authored Apr 10, 2017 by Nathan Neulinger
Showing with 17 additions and 1 deletion

app/models/user.rb app/models/user.rb +1 -1

changelogs/unreleased/10085-stop-encoding-user-name.yml changelogs/unreleased/10085-stop-encoding-user-name.yml +4 -0

spec/models/user_spec.rb spec/models/user_spec.rb +12 -0

No files found.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -699,7 +699,7 @@ class User < ActiveRecord::Base
  end

  def sanitize_attrs
-    %w[name username skype linkedin twitter].each do |attr|
+    %w[username skype linkedin twitter].each do |attr|
      value = public_send(attr)
      public_send("#{attr}=", Sanitize.clean(value)) if value.present?
    end

--- a/changelogs/unreleased/10085-stop-encoding-user-name.yml
+++ b/changelogs/unreleased/10085-stop-encoding-user-name.yml
+---
+title: "Insert user name directly without encoding"
+merge_request: 10085
+author: Nathan Neulinger <nneul@neulinger.org>
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1159,6 +1159,18 @@ describe User, models: true do
    end
  end

+  describe '#sanitize_attrs' do
+    let(:user) { build(:user, name: 'test & user', skype: 'test&user') }
+
+    it 'encodes HTML entities in the Skype attribute' do
+      expect { user.sanitize_attrs }.to change { user.skype }.to('test&amp;user')
+    end
+
+    it 'does not encode HTML entities in the name attribute' do
+      expect { user.sanitize_attrs }.not_to change { user.name }
+    end
+  end
+
  describe '#starred?' do
    it 'determines if user starred a project' do
      user = create :user