Maintenance: Improve handling of XSS timeouts in tests.
This commit is contained in:
parent
f79e8c72cd
commit
b40ca87b2a
3 changed files with 17 additions and 0 deletions
|
@ -5,6 +5,11 @@ RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
|
|||
context 'with injected JS' do
|
||||
subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
|
||||
|
||||
before do
|
||||
# XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
|
||||
stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
|
||||
end
|
||||
|
||||
it 'strips out <script> tag with content' do
|
||||
expect(subject.note).to eq('test 123 <b>some text</b>')
|
||||
end
|
||||
|
|
|
@ -85,6 +85,11 @@ RSpec.describe Ticket::Article, type: :model do
|
|||
describe 'XSS protection:' do
|
||||
subject(:article) { create(:ticket_article, body: body, content_type: 'text/html') }
|
||||
|
||||
before do
|
||||
# XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
|
||||
stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
|
||||
end
|
||||
|
||||
context 'when body contains only injected JS' do
|
||||
let(:body) { <<~RAW.chomp }
|
||||
<script type="text/javascript">alert("XSS!");</script> some other text
|
||||
|
|
|
@ -4,6 +4,11 @@ require 'test_helper'
|
|||
|
||||
class HtmlSanitizerTest < ActiveSupport::TestCase
|
||||
|
||||
processing_timeout = HtmlSanitizer.const_get(:PROCESSING_TIMEOUT)
|
||||
|
||||
# XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
|
||||
HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, nil)
|
||||
|
||||
test 'xss' do
|
||||
assert_equal(HtmlSanitizer.strict('<b>123</b>'), '<b>123</b>')
|
||||
assert_equal(HtmlSanitizer.strict('<script><b>123</b></script>'), '')
|
||||
|
@ -153,4 +158,6 @@ test 123
|
|||
|
||||
assert_equal(HtmlSanitizer.strict('<a href="mailto:testäöü@example.com" id="123">test</a>'), '<a href="mailto:test%C3%A4%C3%B6%C3%BC@example.com">test</a>')
|
||||
end
|
||||
|
||||
HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, processing_timeout)
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue