jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #3160 from evazion/feat-note-sanitization

Browse Source 
Improve note sanitization
This commit is contained in:
Albert Yi
2017-06-16 12:48:46 -07:00
committed by GitHub
parent 9d725f1132 91ed793120
commit 8b8b4fde71
5 changed files with 106 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
test/unit/note_sanitizer_test.rb Normal file
View File

@@ -0,0 +1,25 @@
require 'test_helper'
class NoteSanitizerTest < ActiveSupport::TestCase
context "Sanitizing a note" do
should "strip unsafe tags" do
body = '<p>test</p> <script>alert("owned")</script>'
assert_equal('<p>test</p> alert("owned")', NoteSanitizer.sanitize(body))
end
should "strip unsafe css" do
body = '<p style="background-image: url(http://www.google.com);">test</p>'
assert_equal("<p>test</p>", NoteSanitizer.sanitize(body))
end
should "allow style attributes on every tag" do
body = '<p style="font-size: 1em;">test</p>'
assert_equal('<p style="font-size: 1em;">test</p>', NoteSanitizer.sanitize(body))
end
should "mark links as nofollow" do
body = '<a href="http://www.google.com">google</a>'
assert_equal('<a href="http://www.google.com" rel="nofollow">google</a>', NoteSanitizer.sanitize(body))
end
end
end