db97f9d08c
We were very inconsistent regarding these rules. Personally I prefer no empty lines around blocks, clases, etc... as recommended by the Ruby style guide [1], and they're the default values in rubocop, so those are the settings I'm applying. The exception is the `private` access modifier, since we were leaving empty lines around it most of the time. That's the default rubocop rule as well. Personally I don't have a strong preference about this one. [1] https://rubystyle.guide/#empty-lines-around-bodies
37 lines
1.0 KiB
Ruby
37 lines
1.0 KiB
Ruby
require "rails_helper"
|
|
|
|
describe WYSIWYGSanitizer do
|
|
subject { WYSIWYGSanitizer.new }
|
|
|
|
describe "#sanitize" do
|
|
it "returns an html_safe string" do
|
|
expect(subject.sanitize("hello")).to be_html_safe
|
|
end
|
|
|
|
it "allows basic html formatting" do
|
|
html = "<p>This is <strong>a paragraph</strong></p>"
|
|
expect(subject.sanitize(html)).to eq(html)
|
|
end
|
|
|
|
it "allows links" do
|
|
html = '<p><a href="/">Home</a></p>'
|
|
expect(subject.sanitize(html)).to eq(html)
|
|
end
|
|
|
|
it "allows headings" do
|
|
html = "<h2>Objectives</h2><p>Fix flaky specs</p><h3>Explain why the test is flaky</h3>"
|
|
expect(subject.sanitize(html)).to eq(html)
|
|
end
|
|
|
|
it "filters out dangerous tags" do
|
|
html = "<p>This is <script>alert('dangerous');</script></p>"
|
|
expect(subject.sanitize(html)).to eq("<p>This is alert('dangerous');</p>")
|
|
end
|
|
|
|
it "filters images" do
|
|
html = "Dangerous<img src='/smile.png' alt='Smile' style='width: 10px';> image"
|
|
expect(subject.sanitize(html)).to eq("Dangerous image")
|
|
end
|
|
end
|
|
end
|