Don't return a SafeString after truncate

Changelog.md

+# 0.7.4.1
+
+Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata.
+
 # 0.7.4.0
 
 ## Refactor

app/assets/javascripts/app/helpers/truncate.js

 (function() {
   app.helpers.truncate = function(passedString, length) {
-    if (passedString === null || passedString === undefined) {
+    if (passedString === null || passedString === undefined || passedString.length < length) {
       return passedString;
     }
 
-    if (passedString.length > length) {
-      var lastBlank = passedString.lastIndexOf(' ', length);
+    var lastBlank = passedString.lastIndexOf(" ", length);
     var trimstring = passedString.substring(0, Math.min(length, lastBlank));
-      return new Handlebars.SafeString(trimstring + " ...");
-    }
-    return new Handlebars.SafeString(passedString);
+    return trimstring + " ...";
   };
 })();

spec/javascripts/app/helpers/truncate_spec.js

@@ -6,4 +6,16 @@ describe("app.helpers.truncate", function() {
   it("handles undefined", function() {
     expect(app.helpers.truncate(undefined, 123)).toEqual(undefined);
   });
+
+  it("returns a short string", function() {
+    expect(app.helpers.truncate("Some text", 10)).toEqual("Some text");
+  });
+
+  it("trims a long string at a space", function() {
+    expect(app.helpers.truncate("Some very long text", 10)).toEqual("Some very ...");
+  });
+
+  it("returns a string", function() {
+    expect(typeof app.helpers.truncate("Some very long text", 10)).toEqual("string");
+  });
 });