changeset 172:df4be896ab8b

Improved escaping and truncating
author nanaya <me@nanaya.pro>
date Wed, 08 Aug 2018 20:37:29 +0900
parents 90db232f39e7
children aa78d1eeb6e5
files app/helpers/application_helper.rb app/views/tweets/_tweet.atom.erb app/views/tweets/_tweet.html.erb config/initializers/ext_twitter_tweet.rb
diffstat 4 files changed, 11 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/app/helpers/application_helper.rb	Wed Aug 08 20:19:51 2018 +0900
+++ b/app/helpers/application_helper.rb	Wed Aug 08 20:37:29 2018 +0900
@@ -1,14 +1,6 @@
 module ApplicationHelper
   include Twitter::TwitterText::Autolink
 
-  def ellipsize(text, limit = 30)
-    if text.length <= limit
-      text
-    else
-      "#{text.first(limit)}..."
-    end
-  end
-
   def atom_id(id)
     "tag:#{request.host},2005:#{id}"
   end
--- a/app/views/tweets/_tweet.atom.erb	Wed Aug 08 20:19:51 2018 +0900
+++ b/app/views/tweets/_tweet.atom.erb	Wed Aug 08 20:37:29 2018 +0900
@@ -3,7 +3,7 @@
   <published><%= tweet.created_at.xmlschema %></published>
   <updated><%= tweet.created_at.xmlschema %></updated>
   <link rel="alternate" type="text/html" href="<%= tweet.uri %>"/>
-  <title><%= ellipsize tweet.attrs[:full_text] %></title>
+  <title><%= truncate tweet.unescaped_text, :length => 30 %></title>
   <content type="xhtml">
     <div xmlns="http://www.w3.org/1999/xhtml">
       <%= render :partial => "tweet", :formats => :html, :locals => { :tweet => tweet } %>
--- a/app/views/tweets/_tweet.html.erb	Wed Aug 08 20:19:51 2018 +0900
+++ b/app/views/tweets/_tweet.html.erb	Wed Aug 08 20:37:29 2018 +0900
@@ -13,11 +13,11 @@
 
   <p>
     <%# FIXME: Twitter gem doesn't support extended mode when writing this %>
-    <%= auto_link(expand_url(
-          tweet.attrs[:full_text].printable,
+    <%= auto_link(html_escape(expand_url(
+          tweet.unescaped_text,
           tweet.attrs[:entities][:urls],
           tweet.attrs[:entities][:media]
-        ))
+        )))
         .gsub("\n", "<br />")
         .html_safe
       %>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config/initializers/ext_twitter_tweet.rb	Wed Aug 08 20:37:29 2018 +0900
@@ -0,0 +1,7 @@
+class Twitter::Tweet
+  def unescaped_text
+    CGI.unescapeHTML attrs[:full_text].printable
+  end
+
+  memoize :unescaped_text
+end