nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Spec for not allowing user to do the XSS

Browse source
This commit is contained in:
Dorian 2010-12-24 15:49:26 +01:00
parent 293445225a
commit 5cbccda33a
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
spec/helpers/application_helper_spec.rb
View file

@ -41,6 +41,14 @@ describe ApplicationHelper do
person_image_link(@person).should include(person_path(@person))
end
end
describe "#person_image_tag" do
it "should not allow basic XSS/HTML" do
@person.profile.first_name = "I'm <h1>Evil"
@person.profile.last_name = "I'm <h1>Evil"
person_image_tag(@person).should_not include("<h1>")
end
end
describe "markdownify" do
describe "autolinks" do