From 90e577c811c154fe900d57a884f8a2eb96a2c329 Mon Sep 17 00:00:00 2001
From: kikito <kikito@gmail.com>
Date: Tue, 4 Aug 2015 18:40:58 +0200
Subject: [PATCH] Adds feature for debate description

---
 spec/features/debates_spec.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/spec/features/debates_spec.rb b/spec/features/debates_spec.rb
index 034b1d504..df9a4a92c 100644
--- a/spec/features/debates_spec.rb
+++ b/spec/features/debates_spec.rb
@@ -45,21 +45,22 @@ feature 'Debates' do
     expect(page).to have_content I18n.l(Date.today)
   end
 
-  scenario 'JS injection is sanitized' do
+  scenario 'JS injection is prevented but safe html is respected' do
     author = create(:user)
     login_as(author)
 
     visit new_debate_path
     fill_in 'debate_title', with: 'A test'
-    fill_in 'debate_description', with: 'This is <script>alert("an attack");</script>'
+    fill_in 'debate_description', with: '<p>This is <script>alert("an attack");</script></p>'
     check 'debate_terms_of_service'
 
     click_button 'Create Debate'
 
     expect(page).to have_content 'Debate was successfully created.'
     expect(page).to have_content 'A test'
-    expect(page).to have_content 'This is alert("an attack");'
+    expect(page.html).to include '<p>This is alert("an attack");</p>'
     expect(page.html).to_not include '<script>alert("an attack");</script>'
+    expect(page.html).to_not include '&lt;p&gt;This is'
   end
 
   scenario 'tagging using dangerous strings' do