notes: add sanitization tests.

2017-06-15 12:51:37 -05:00
parent 990f173b3d
commit 85e32b5eb2
1 changed files with 15 additions and 0 deletions
--- a/test/unit/note_sanitizer_test.rb
+++ b/test/unit/note_sanitizer_test.rb
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class NoteSanitizerTest < ActiveSupport::TestCase
+  context "Sanitizing a note" do
+    should "strip unsafe tags" do
+      body = '<p>test</p> <script>alert("owned")</script>'
+      assert_equal('<p>test</p> alert("owned")', NoteSanitizer.sanitize(body))
+    end
+
+    should "strip unsafe css" do
+      body = '<p style="background-image: url(http://www.google.com);">test</p>'
+      assert_equal("<p>test</p>", NoteSanitizer.sanitize(body))
+    end
+  end
+end