nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix js bug, add spec

Browse source
This commit is contained in:
Raphael 2011-01-19 16:57:29 -08:00
parent cd92b1dccb
commit a5b4dd2604
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/views/shared/_public_explain.haml
View file

@ -11,7 +11,7 @@
%br %br
- if current_user.services - if current_user.services
- for service in current_user.services - for service in current_user.services
= t('.logged_in', :service => service.provider) = t('.logged_in', :service => service.provider)
%br %br
@ -19,4 +19,4 @@
%br %br
%br %br
= link_to t('ok'), '#', :class => "button", :onClick => '$.fancybox.close();' = link_to t('ok'), '#', :class => "button", :onClick => '$.facebox.close();'

10
spec/controllers/people_controller_spec.rb
View file

@ -152,6 +152,16 @@ describe PeopleController do
response.should be_success response.should be_success
end end
it 'does not allow xss attacks' do
user2 = bob
profile = user2.profile
profile.first_name = "<script> alert('xss attack');</script>"
profile.save
get :show, :id => user2.person.id
response.should be_success
response.body.match(profile.first_name).should be_false
end
it "renders the show page of a non-contact" do it "renders the show page of a non-contact" do
user2 = eve user2 = eve
get :show, :id => user2.person.id get :show, :id => user2.person.id