trabajo-afectivo/spec/models/concerns/has_xss_sanitized_note_examples.rb

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
  describe 'XSS prevention' do
    context 'with injected JS' do
      subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }

      it 'strips out <script> tag' do
        expect(subject.note).to eq('test 123 alert("XSS!"); <b>some text</b>')
      end
    end
  end
end
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00			`# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/`

Sanitize html for note fields of tickets, users and organizations. 2019-02-12 07:38:59 +00:00			`RSpec.shared_examples 'HasXssSanitizedNote' do \|model_factory:\|`
			`describe 'XSS prevention' do`
			`context 'with injected JS' do`
			`subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }`
Fix auto-correctable rubocop offenses in test suite 2019-04-15 01:41:17 +00:00
Sanitize html for note fields of tickets, users and organizations. 2019-02-12 07:38:59 +00:00			`it 'strips out <script> tag' do`
			`expect(subject.note).to eq('test 123 alert("XSS!"); <b>some text</b>')`
			`end`
			`end`
			`end`
			`end`