consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Uses the TagSanitizer in Debate

Browse Source
This commit is contained in:
kikito
2015-08-03 19:32:00 +02:00
parent 99c09afb02
commit b53bc42dcd
3 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
spec/features/debates_spec.rb
View File

@@ -62,6 +62,27 @@ feature 'Debates' do
expect(page.html).to_not include '<script>alert("an attack");</script>'
end
scenario 'tagging using dangerous strings' do
author = create(:user)
login_as(author)
visit new_debate_path
fill_in 'debate_title', with: 'A test'
fill_in 'debate_description', with: 'A test'
fill_in 'debate_tag_list', with: 'user_id=1, &a=3, <script>alert("hey");</script>'
check 'debate_terms_of_service'
click_button 'Create Debate'
expect(page).to have_content 'Debate was successfully created.'
expect(page).to have_content 'user_id1'
expect(page).to have_content 'a3'
expect(page).to have_content 'scriptalert("hey");script'
expect(page.html).to_not include 'user_id=1, &a=3, <script>alert("hey");</script>'
end
scenario 'Update should not be posible if logged user is not the author' do
debate = create(:debate)
expect(debate).to be_editable