From 85e32b5eb29a5dcf91eae40f4c79945d82d5026b Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Thu, 15 Jun 2017 12:51:37 -0500
Subject: [PATCH] notes: add sanitization tests.

---
 test/unit/note_sanitizer_test.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 test/unit/note_sanitizer_test.rb

diff --git a/test/unit/note_sanitizer_test.rb b/test/unit/note_sanitizer_test.rb
new file mode 100644
index 000000000..8a089825d
--- /dev/null
+++ b/test/unit/note_sanitizer_test.rb
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class NoteSanitizerTest < ActiveSupport::TestCase
+  context "Sanitizing a note" do
+    should "strip unsafe tags" do
+      body = '<p>test</p> <script>alert("owned")</script>'
+      assert_equal('<p>test</p> alert("owned")', NoteSanitizer.sanitize(body))
+    end
+
+    should "strip unsafe css" do
+      body = '<p style="background-image: url(http://www.google.com);">test</p>'
+      assert_equal("<p>test</p>", NoteSanitizer.sanitize(body))
+    end
+  end
+end