Sanitization shared spec

Create sanitization shared spec to check sanitizable concern features in all translatable models.
2018-12-23 01:08:13 +01:00
parent 206f92b9fa
commit 5881f8241e
1 changed files with 51 additions and 0 deletions
--- a/spec/shared/models/sanitizable.rb
+++ b/spec/shared/models/sanitizable.rb
@@ -0,0 +1,51 @@
+shared_examples "sanitizable" do
+  let(:sanitizable)        { build(model_name(described_class)) }
+
+  it "is sanitized" do
+    sanitizable.description = "<script>alert('danger');</script>"
+
+    sanitizable.valid?
+
+    expect(sanitizable.description).to eq("alert('danger');")
+  end
+
+  it "is html_safe" do
+    sanitizable.description = "<script>alert('danger');</script>"
+
+    sanitizable.valid?
+
+    expect(sanitizable.description).to be_html_safe
+  end
+
+  it "is sanitized using globalize accessors" do
+    sanitizable.description_en = "<script>alert('danger');</script>"
+
+    sanitizable.valid?
+
+    expect(sanitizable.description_en).to eq("alert('danger');")
+  end
+
+  it "is html_safe using globalize accessors" do
+    sanitizable.description_en = "<script>alert('danger');</script>"
+
+    sanitizable.valid?
+
+    expect(sanitizable.description_en).to be_html_safe
+  end
+
+  describe "#tag_list" do
+    before do
+      unless described_class.included_modules.include?(Taggable)
+        skip "#{described_class} does not have a tag list"
+      end
+    end
+
+    it "sanitizes the tag list" do
+      sanitizable.tag_list = "user_id=1"
+
+      sanitizable.valid?
+
+      expect(sanitizable.tag_list).to eq(["user_id1"])
+    end
+  end
+end