consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
eefe09e6919cef2fc26aace7421c908b51ceedb3
grecia/spec/lib/admin_wysiwyg_sanitizer_spec.rb
Javi Martín f917f5eed9 Filter image tags everywhere except in custom pages 
Allowing image tags everywhere makes us vulnerable to CSRF attacks.
2018-09-12 12:35:28 +02:00

13 lines
314 B
Ruby
Raw Blame History

require 'rails_helper'
describe AdminWYSIWYGSanitizer do
let(:sanitizer) { AdminWYSIWYGSanitizer.new }
describe '#sanitize' do
it 'allows images' do
html = 'Dangerous<img src="/smile.png" alt="Smile" style="width: 10px;"> image'
expect(sanitizer.sanitize(html)).to eq(html)
end
end
end
Reference in New Issue View Git Blame Copy Permalink