Hotfix: don't escape HTML for analytics script

2026-01-25 01:37:52 -05:00 · 2013-03-29 10:25:28 +11:00
parent de39047781
commit da4a86bd2c
2 changed files with 4 additions and 3 deletions
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -25,4 +25,4 @@
    / Placed at the end of the document so the pages load faster
    = javascript_include_tag "application"

-    = Growstuff::Application.config.analytics_code
+    != Growstuff::Application.config.analytics_code
--- a/spec/views/layouts/application_spec.rb
+++ b/spec/views/layouts/application_spec.rb
@@ -58,9 +58,10 @@ describe 'layouts/application.html.haml', :type => "view" do
    end

    it 'includes the analytics code' do
-      Growstuff::Application.config.analytics_code = 'ANALYTICS'
+      Growstuff::Application.config.analytics_code = '<script>alert("foo!")</script>'
      render
-      rendered.should contain 'ANALYTICS'
+      assert_select "script", :text => 'alert("foo!")'
+      rendered.should_not contain 'script'
    end

  end