Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/spec/models/concerns/has_xss_sanitized_note_examples.rb

11 lines
404 B
Ruby
Raw Normal View History

Sanitize html for note fields of tickets, users and organizations.
2019-02-12 07:38:59 +00:00
RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
describe 'XSS prevention' do
context 'with injected JS' do
subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
it 'strips out <script> tag' do
expect(subject.note).to eq('test 123 alert("XSS!"); <b>some text</b>')
end
end
end
end
Reference in a new issue Copy permalink