tests: add tests for evil HTML filtering
This commit is contained in:
parent
6aa65b68b8
commit
e7871ed05e
|
@ -21,4 +21,36 @@ test "it adds emoji when updating profiles" do
|
||||||
|
|
||||||
assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
|
assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "posting" do
|
||||||
|
test "it filters out obviously bad tags when accepting a post as HTML" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
post = "<h1>2hu</h1><script>alert('xss')</script>"
|
||||||
|
|
||||||
|
{:ok, activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => post,
|
||||||
|
"content_type" => "text/html"
|
||||||
|
})
|
||||||
|
|
||||||
|
content = activity.data["object"]["content"]
|
||||||
|
assert content == "<h1>2hu</h1>alert('xss')"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "it filters out obviously bad tags when accepting a post as Markdown" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
post = "<h1>2hu</h1><script>alert('xss')</script>"
|
||||||
|
|
||||||
|
{:ok, activity} =
|
||||||
|
CommonAPI.post(user, %{
|
||||||
|
"status" => post,
|
||||||
|
"content_type" => "text/markdown"
|
||||||
|
})
|
||||||
|
|
||||||
|
content = activity.data["object"]["content"]
|
||||||
|
assert content == "<h1>2hu</h1>alert('xss')"
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue