nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Test for XSS in comment

Browse source
This commit is contained in:
Dorian 2010-12-26 02:10:00 +01:00
parent d6e72cd2bb
commit b348f094ab
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
spec/helpers/application_helper_spec.rb
View file

@ -234,6 +234,12 @@ describe ApplicationHelper do
person_link(@person).should include @person.diaspora_handle
end
it "should not allow basic XSS/HTML" do
@person.profile.first_name = "I'm <h1>Evil"
@person.profile.last_name = "I'm <h1>Evil"
person_link(@person).should_not include("<h1>")
end
end
context 'performance' do
before do