# Copyright (c) 2010-2011, Diaspora Inc. This file is # licensed under the Affero General Public License version 3 or later. See # the COPYRIGHT file. require 'spec_helper' describe MarkdownifyHelper do describe "#markdownify" do describe "not doing something dumb" do it "strips out script tags" do markdownify("").should == "

alert('XSS is evil')

\n" end it 'strips onClick handlers from links' do omghax = '[XSS](http://joindiaspora.com/" onClick="$\(\'a\'\).remove\(\))' markdownify(omghax).should_not match(/ onClick/i) end end it 'does not barf if message is nil' do markdownify(nil).should == '' end it 'autolinks standard url links' do markdownified = markdownify("http://joindiaspora.com/") doc = Nokogiri.parse(markdownified) link = doc.css("a") link.attr("href").value.should == "http://joindiaspora.com/" end context 'when formatting status messages' do it "should leave tags intact" do message = Factory.create(:status_message, :author => alice.person, :text => "I love #markdown") formatted = markdownify(message) formatted.should =~ %r{#markdown} end it "should leave mentions intact" do message = Factory.create(:status_message, :author => alice.person, :text => "Hey @{Bob; #{bob.diaspora_handle}}!") formatted = markdownify(message) formatted.should =~ /hovercard/ end it "should leave mentions intact for real diaspora handles" do new_person = Factory(:person, :diaspora_handle => 'maxwell@joindiaspora.com') message = Factory.create(:status_message, :author => alice.person, :text => "Hey @{maxwell@joindiaspora.com; #{new_person.diaspora_handle}}!") formatted = markdownify(message) formatted.should =~ /hovercard/ end end end end