consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove <%== usage displaying settings

Browse Source 
Using `<%==` is the same as using `raw`. I'm not sure if we meant
`sanitize` in this case, or it's just a typo. I'm assuming the latter
since we don't use anything similar in any other places.
This commit is contained in:
Javi Martín
2019-10-06 03:57:46 +02:00
parent b1b449b187
commit 00a6f5b601
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
spec/features/xss_spec.rb
View File

@@ -60,6 +60,16 @@ describe "Cross-Site Scripting protection", :js do
expect(page.text).not_to be_empty
end
scenario "poll description setting in dashboard" do
Setting["proposals.poll_description"] = attack_code
proposal = create(:proposal)
login_as(proposal.author)
visit proposal_dashboard_polls_path(proposal)
expect(page.text).not_to be_empty
end
scenario "annotation context" do
annotation = create(:legislation_annotation)
annotation.update_column(:context, attack_code)