trabajo-afectivo/spec/models/concerns/has_xss_sanitized_note_examples.rb

# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
  describe 'XSS prevention' do
    context 'with injected JS' do
      subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }

      before do
        # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
        stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
      end

      it 'strips out <script> tag with content' do
        expect(subject.note).to eq('test 123  <b>some text</b>')
      end
    end
  end
end
Maintenance: Update copyright header. 2022-01-01 13:38:12 +00:00			`# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/`
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00
Sanitize html for note fields of tickets, users and organizations. 2019-02-12 07:38:59 +00:00			`RSpec.shared_examples 'HasXssSanitizedNote' do \|model_factory:\|`
			`describe 'XSS prevention' do`
			`context 'with injected JS' do`
			`subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }`
Fix auto-correctable rubocop offenses in test suite 2019-04-15 01:41:17 +00:00
Maintenance: Improve handling of XSS timeouts in tests. 2022-01-31 15:34:33 +00:00			`before do`
			`# XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.`
			`stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)`
			`end`

Fixes #3365 - No script content (e. g. JavaScript) in emails 2021-09-29 08:13:40 +00:00			`it 'strips out <script> tag with content' do`
			`expect(subject.note).to eq('test 123 <b>some text</b>')`
Sanitize html for note fields of tickets, users and organizations. 2019-02-12 07:38:59 +00:00			`end`
			`end`
			`end`
			`end`