consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check the alt attribute in XSS tests

Browse Source 
Not doing so was causing a test to fail when checking that all rendered
image contain an `alt` attribute.
This commit is contained in:
Javi Martín
2024-10-12 22:52:37 +02:00
parent a6e6a90bef
commit 815a4078d5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/system/xss_spec.rb
View File

@@ -170,7 +170,7 @@ describe "Cross-Site Scripting protection" do
end end
scenario "legislation version body filters script tags but not header IDs nor tags like images" do scenario "legislation version body filters script tags but not header IDs nor tags like images" do
markdown = "# Title 1\n<a href='https://domain.com/url'>link</a><img src='/image.png'>" markdown = "# Title 1\n<a href='https://domain.com/url'>link</a><img src='/image.png' alt='text'>"
version = create(:legislation_draft_version, :published, body: "#{markdown}#{attack_code}") version = create(:legislation_draft_version, :published, body: "#{markdown}#{attack_code}")
visit legislation_process_draft_version_path(version.process, version) visit legislation_process_draft_version_path(version.process, version)
@@ -178,6 +178,6 @@ describe "Cross-Site Scripting protection" do
expect(page.text).not_to be_empty expect(page.text).not_to be_empty
expect(page).to have_css "h1#title-1", text: "Title 1" expect(page).to have_css "h1#title-1", text: "Title 1"
expect(page).to have_link "link", href: "https://domain.com/url" expect(page).to have_link "link", href: "https://domain.com/url"
expect(page).to have_css('img[src="/image.png"') expect(page).to have_css('img[src="/image.png"]')
end end
end end