This is a link www.example.org
' + fill_in 'proposal_captcha', with: correct_captcha_text + check 'proposal_terms_of_service' + + click_button 'Start a proposal' + + expect(page).to have_content 'Proposal was successfully created.' + expect(page).to have_content 'Testing auto link' + expect(page).to have_link('www.example.org', href: 'http://www.example.org') + end + + scenario 'JS injection is prevented but autolinking is respected' do + author = create(:user) + login_as(author) + + visit new_proposal_path + fill_in 'proposal_title', with: 'Testing auto link' + fill_in 'proposal_question', with: 'Should I stay or should I go?' + fill_in 'proposal_description', with: " click me http://example.org" + fill_in 'proposal_captcha', with: correct_captcha_text + check 'proposal_terms_of_service' + + click_button 'Start a proposal' + + expect(page).to have_content 'Proposal was successfully created.' + expect(page).to have_content 'Testing auto link' + expect(page).to have_link('http://example.org', href: 'http://example.org') + expect(page).not_to have_link('click me') + expect(page.html).to_not include "" + + click_link 'Edit' + + expect(current_path).to eq edit_proposal_path(Proposal.last) + expect(page).not_to have_link('click me') + expect(page.html).to_not include "" + end + context 'Tagging proposals' do let(:author) { create(:user) } diff --git a/spec/models/lock_spec.rb b/spec/models/lock_spec.rb index 0c072e9c8..d3c238484 100644 --- a/spec/models/lock_spec.rb +++ b/spec/models/lock_spec.rb @@ -10,7 +10,7 @@ describe Lock do expect(lock.locked?).to be true end - it "return false if locked_until is before curren time" do + it "return false if locked_until is before current time" do lock.locked_until = 1.day.ago expect(lock.locked?).to be false end