consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds autolinking to proposal's description

Browse Source
This commit is contained in:
Juanjo Bazán
2015-09-13 18:03:00 +02:00
parent 4c4c467b3e
commit e610642485
3 changed files with 47 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/views/proposals/show.html.erb
View File

@@ -57,14 +57,13 @@
</span>
</div>
<h3><%= @proposal.question %></h3>
<%= safe_html_with_links @proposal.description %>
<% if @proposal.external_url.present? %>
<div><%= link_to(@proposal.external_url) %></div>
<% end %>
<%= @proposal.description %>
<h4><%= @proposal.question %></h4>
<%= render 'shared/tags', proposal: @proposal %>

44
spec/features/proposals_spec.rb
View File

@@ -150,6 +150,50 @@ feature 'Proposals' do
expect(page.html).to_not include '&lt;p&gt;This is'
end
scenario 'Autolinking is applied to description' do
author = create(:user)
login_as(author)
visit new_proposal_path
fill_in 'proposal_title', with: 'Testing auto link'
fill_in 'proposal_question', with: 'Should I stay or should I go?'
fill_in 'proposal_description', with: '<p>This is a link www.example.org</p>'
fill_in 'proposal_captcha', with: correct_captcha_text
check 'proposal_terms_of_service'
click_button 'Start a proposal'
expect(page).to have_content 'Proposal was successfully created.'
expect(page).to have_content 'Testing auto link'
expect(page).to have_link('www.example.org', href: 'http://www.example.org')
end
scenario 'JS injection is prevented but autolinking is respected' do
author = create(:user)
login_as(author)
visit new_proposal_path
fill_in 'proposal_title', with: 'Testing auto link'
fill_in 'proposal_question', with: 'Should I stay or should I go?'
fill_in 'proposal_description', with: "<script>alert('hey')</script> <a href=\"javascript:alert('surprise!')\">click me<a/> http://example.org"
fill_in 'proposal_captcha', with: correct_captcha_text
check 'proposal_terms_of_service'
click_button 'Start a proposal'
expect(page).to have_content 'Proposal was successfully created.'
expect(page).to have_content 'Testing auto link'
expect(page).to have_link('http://example.org', href: 'http://example.org')
expect(page).not_to have_link('click me')
expect(page.html).to_not include "<script>alert('hey')</script>"
click_link 'Edit'
expect(current_path).to eq edit_proposal_path(Proposal.last)
expect(page).not_to have_link('click me')
expect(page.html).to_not include "<script>alert('hey')</script>"
end
context 'Tagging proposals' do
let(:author) { create(:user) }

2
spec/models/lock_spec.rb
View File

@@ -10,7 +10,7 @@ describe Lock do
expect(lock.locked?).to be true
end
it "return false if locked_until is before curren time" do
it "return false if locked_until is before current time" do
lock.locked_until = 1.day.ago
expect(lock.locked?).to be false
end