trabajo-afectivo/spec/models/concerns/has_xss_sanitized_note_examples.rb

19 lines
678 B
Ruby
Raw Normal View History

2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
describe 'XSS prevention' do
context 'with injected JS' do
subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
before do
# XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
end
it 'strips out <script> tag with content' do
expect(subject.note).to eq('test 123 <b>some text</b>')
end
end
end
end