From b348f094ab47d8e4ddeac192682c3c65fdb6ffc4 Mon Sep 17 00:00:00 2001
From: Dorian <pr.dorian@gmail.com>
Date: Sun, 26 Dec 2010 02:10:00 +0100
Subject: [PATCH] Test for XSS in comment

---
 spec/helpers/application_helper_spec.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb
index a6633eafa..0133dc320 100644
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@@ -234,6 +234,12 @@ describe ApplicationHelper do
 
         person_link(@person).should include @person.diaspora_handle
       end
+      
+      it "should not allow basic XSS/HTML" do
+        @person.profile.first_name = "I'm <h1>Evil"
+        @person.profile.last_name = "I'm <h1>Evil"
+        person_link(@person).should_not include("<h1>")
+      end      
     end
     context 'performance' do
       before do