FIX: prevent pollception

plugins/poll/assets/javascripts/poll_dialect.js

@@ -67,11 +67,18 @@
         }
       }
 
-      // make sure the first child is a list with at least 1 option
-      if (contents.length === 0 || contents[0].length <= 1 || (contents[0][0] !== "numberlist" && contents[0][0] !== "bulletlist")) {
+      // make sure there's only 1 child and it's a list with at least 1 option
+      if (contents.length !== 1 || contents[0].length <= 1 || (contents[0][0] !== "numberlist" && contents[0][0] !== "bulletlist")) {
         return ["div"].concat(contents);
       }
 
+      // make sure there's only options in the list
+      for (o = 1; o < contents[0].length; o++) {
+        if (contents[0][o][0] !== "listitem") {
+          return ["div"].concat(contents);
+        }
+      }
+
       // TODO: remove non whitelisted content
 
       // generate <li> styles (if any)
@@ -86,9 +93,6 @@
 
       // add option id (hash) + style
       for (o = 1; o < contents[0].length; o++) {
-        // break as soon as the list is done
-        if (contents[0][o][0] !== "listitem") { break; }
-
         var attr = {};
         // apply styles if any
         if (style.length > 0) { attr["style"] = style; }

plugins/poll/spec/controllers/posts_controller_spec.rb

@@ -65,6 +65,15 @@ describe PostsController do
       expect(json["polls"]).to be
     end
 
+    it "prevents pollception" do
+      xhr :post, :create, { title: title, raw: "[poll name=1]\n- A\n[poll name=2]\n- B\n- C\n[/poll]\n- D\n[/poll]" }
+      expect(response).to be_success
+      json = ::JSON.parse(response.body)
+      expect(json["cooked"]).to match("data-poll-")
+      expect(json["polls"]["1"]).to_not be
+      expect(json["polls"]["2"]).to be
+    end
+
     describe "edit window" do
 
       describe "within the first 5 minutes" do