consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds autolinking to debate's description

Browse Source
This commit is contained in:
Juanjo Bazán
2015-09-13 18:03:17 +02:00
parent e610642485
commit d4b3e8be94
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/debates/show.html.erb
View File

@@ -57,7 +57,7 @@
</span>
</div>
<%= @debate.description %>
<%= safe_html_with_links @debate.description %>
<%= render 'shared/tags', debate: @debate %>

42
spec/features/debates_spec.rb
View File

@@ -138,6 +138,48 @@ feature 'Debates' do
expect(page.html).to_not include '&lt;p&gt;This is'
end
scenario 'Autolinking is applied to description' do
author = create(:user)
login_as(author)
visit new_debate_path
fill_in 'debate_title', with: 'Testing auto link'
fill_in 'debate_description', with: '<p>This is a link www.example.org</p>'
fill_in 'debate_captcha', with: correct_captcha_text
check 'debate_terms_of_service'
click_button 'Start a debate'
expect(page).to have_content 'Debate was successfully created.'
expect(page).to have_content 'Testing auto link'
expect(page).to have_link('www.example.org', href: 'http://www.example.org')
end
scenario 'JS injection is prevented but autolinking is respected' do
author = create(:user)
login_as(author)
visit new_debate_path
fill_in 'debate_title', with: 'Testing auto link'
fill_in 'debate_description', with: "<script>alert('hey')</script> <a href=\"javascript:alert('surprise!')\">click me<a/> http://example.org"
fill_in 'debate_captcha', with: correct_captcha_text
check 'debate_terms_of_service'
click_button 'Start a debate'
expect(page).to have_content 'Debate was successfully created.'
expect(page).to have_content 'Testing auto link'
expect(page).to have_link('http://example.org', href: 'http://example.org')
expect(page).not_to have_link('click me')
expect(page.html).to_not include "<script>alert('hey')</script>"
click_link 'Edit'
expect(current_path).to eq edit_debate_path(Debate.last)
expect(page).not_to have_link('click me')
expect(page.html).to_not include "<script>alert('hey')</script>"
end
context 'Tagging debates' do
let(:author) { create(:user) }