Unverified Commit f4ea138a authored Apr 10, 2018 by Benjamin Neff

Don't return a SafeString after truncate

parent d0313756

Changelog.md

+4 −0

Original line number	Diff line number	Diff line
		# 0.7.4.1

		Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata.

		# 0.7.4.0

		## Refactor

app/assets/javascripts/app/helpers/truncate.js

+4 −7

Original line number	Diff line number	Diff line
		(function() {
		app.helpers.truncate = function(passedString, length) {
		if (passedString === null \|\| passedString === undefined) {
		if (passedString === null \|\| passedString === undefined \|\| passedString.length < length) {
		return passedString;
		}

		if (passedString.length > length) {
		var lastBlank = passedString.lastIndexOf(' ', length);
		var lastBlank = passedString.lastIndexOf(" ", length);
		var trimstring = passedString.substring(0, Math.min(length, lastBlank));
		return new Handlebars.SafeString(trimstring + " ...");
		}
		return new Handlebars.SafeString(passedString);
		return trimstring + " ...";
		};
		})();

spec/javascripts/app/helpers/truncate_spec.js

+12 −0

Original line number	Diff line number	Diff line
		@@ -6,4 +6,16 @@ describe("app.helpers.truncate", function() {
		it("handles undefined", function() {
		expect(app.helpers.truncate(undefined, 123)).toEqual(undefined);
		});

		it("returns a short string", function() {
		expect(app.helpers.truncate("Some text", 10)).toEqual("Some text");
		});

		it("trims a long string at a space", function() {
		expect(app.helpers.truncate("Some very long text", 10)).toEqual("Some very ...");
		});

		it("returns a string", function() {
		expect(typeof app.helpers.truncate("Some very long text", 10)).toEqual("string");
		});
		});