From 7006564c31fdb1bb1c0a3432c052f2436063aa19 Mon Sep 17 00:00:00 2001
From: taitus <sebastia.roig@gmail.com>
Date: Mon, 18 Dec 2023 22:10:48 +0100
Subject: [PATCH] Unify sanitizes comment spec

---
 .../comments/budget_investments_spec.rb       | 15 --------
 spec/system/comments/debates_spec.rb          | 15 --------
 .../comments/legislation_annotations_spec.rb  | 15 --------
 .../comments/legislation_questions_spec.rb    | 15 --------
 spec/system/comments/polls_spec.rb            | 15 --------
 spec/system/comments/proposals_spec.rb        | 15 --------
 spec/system/comments/topics_spec.rb           | 34 -------------------
 spec/system/comments_spec.rb                  | 15 ++++++++
 8 files changed, 15 insertions(+), 124 deletions(-)

diff --git a/spec/system/comments/budget_investments_spec.rb b/spec/system/comments/budget_investments_spec.rb
index b124ab463..64c8eff86 100644
--- a/spec/system/comments/budget_investments_spec.rb
+++ b/spec/system/comments/budget_investments_spec.rb
@@ -6,21 +6,6 @@ describe "Commenting Budget::Investments" do
 
   it_behaves_like "flaggable", :budget_investment_comment
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: investment,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit budget_investment_path(investment.budget, investment)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: investment) }
diff --git a/spec/system/comments/debates_spec.rb b/spec/system/comments/debates_spec.rb
index a20522bb2..cd0ad42a2 100644
--- a/spec/system/comments/debates_spec.rb
+++ b/spec/system/comments/debates_spec.rb
@@ -25,21 +25,6 @@ describe "Commenting debates" do
     end
   end
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: debate,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit debate_path(debate)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: debate) }
diff --git a/spec/system/comments/legislation_annotations_spec.rb b/spec/system/comments/legislation_annotations_spec.rb
index 8f3026706..9d294ccea 100644
--- a/spec/system/comments/legislation_annotations_spec.rb
+++ b/spec/system/comments/legislation_annotations_spec.rb
@@ -6,21 +6,6 @@ describe "Commenting legislation questions" do
 
   it_behaves_like "flaggable", :legislation_annotation_comment
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: annotation,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit polymorphic_path(annotation)
-
-    within all(".comment").first do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: annotation) }
diff --git a/spec/system/comments/legislation_questions_spec.rb b/spec/system/comments/legislation_questions_spec.rb
index 286b97518..715aef261 100644
--- a/spec/system/comments/legislation_questions_spec.rb
+++ b/spec/system/comments/legislation_questions_spec.rb
@@ -10,21 +10,6 @@ describe "Commenting legislation questions" do
     it_behaves_like "flaggable", :legislation_question_comment
   end
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: question,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit legislation_process_question_path(question.process, question)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: question) }
diff --git a/spec/system/comments/polls_spec.rb b/spec/system/comments/polls_spec.rb
index 54a963b5a..dccf205d8 100644
--- a/spec/system/comments/polls_spec.rb
+++ b/spec/system/comments/polls_spec.rb
@@ -4,21 +4,6 @@ describe "Commenting polls" do
   let(:user) { create(:user) }
   let(:poll) { create(:poll, author: create(:user)) }
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: poll,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit poll_path(poll)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: poll) }
diff --git a/spec/system/comments/proposals_spec.rb b/spec/system/comments/proposals_spec.rb
index f2fe13be3..760e3b2a9 100644
--- a/spec/system/comments/proposals_spec.rb
+++ b/spec/system/comments/proposals_spec.rb
@@ -6,21 +6,6 @@ describe "Commenting proposals" do
 
   it_behaves_like "flaggable", :proposal_comment
 
-  scenario "Sanitizes comment body for security" do
-    create(:comment, commentable: proposal,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit proposal_path(proposal)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     per_page = 10
     (per_page + 2).times { create(:comment, commentable: proposal) }
diff --git a/spec/system/comments/topics_spec.rb b/spec/system/comments/topics_spec.rb
index 7b6472398..be8259d02 100644
--- a/spec/system/comments/topics_spec.rb
+++ b/spec/system/comments/topics_spec.rb
@@ -6,23 +6,6 @@ describe "Commenting topics from proposals" do
 
   it_behaves_like "flaggable", :topic_with_community_comment
 
-  scenario "Sanitizes comment body for security" do
-    community = proposal.community
-    topic = create(:topic, community: community)
-    create(:comment, commentable: topic,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit community_topic_path(community, topic)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     community = proposal.community
     topic = create(:topic, community: community)
@@ -390,23 +373,6 @@ describe "Commenting topics from budget investments" do
   let(:user)       { create(:user) }
   let(:investment) { create(:budget_investment) }
 
-  scenario "Sanitizes comment body for security" do
-    community = investment.community
-    topic = create(:topic, community: community)
-    create(:comment, commentable: topic,
-                     body: "<script>alert('hola')</script> " \
-                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
-                           "http://www.url.com")
-
-    visit community_topic_path(community, topic)
-
-    within first(".comment") do
-      expect(page).to have_content "click me http://www.url.com"
-      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
-      expect(page).not_to have_link("click me")
-    end
-  end
-
   scenario "Paginated comments" do
     community = investment.community
     topic = create(:topic, community: community)
diff --git a/spec/system/comments_spec.rb b/spec/system/comments_spec.rb
index fb4bde3e2..31e000214 100644
--- a/spec/system/comments_spec.rb
+++ b/spec/system/comments_spec.rb
@@ -243,6 +243,21 @@ describe "Comments" do
     end
   end
 
+  scenario "Sanitizes comment body for security" do
+    create(:comment, commentable: resource,
+                     body: "<script>alert('hola')</script> " \
+                           "<a href=\"javascript:alert('sorpresa!')\">click me<a/> " \
+                           "http://www.url.com")
+
+    visit polymorphic_path(resource)
+
+    within first(".comment") do
+      expect(page).to have_content "click me http://www.url.com"
+      expect(page).to have_link("http://www.url.com", href: "http://www.url.com")
+      expect(page).not_to have_link("click me")
+    end
+  end
+
   scenario "Errors on create" do
     login_as(user)
     visit polymorphic_path(resource)