blob: d3bbe06b6673ccc69f4217bd500780b52cb1073e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
# frozen_string_literal: true
describe "status_messages/_status_message.mobile.haml" do
it "escapes the OpenGraph metadata" do
open_graph_cache = OpenGraphCache.new(
url: "<script>alert(0);</script>",
title: "<script>alert(0);</script>",
image: "https://example.org/\"><script>alert(0);</script>",
description: "<script>alert(0);</script>"
)
post = FactoryGirl.create(:status_message, public: true, open_graph_cache: open_graph_cache)
render template: "status_messages/_status_message", locals: {post: post, photos: post.photos}
expect(rendered).to_not include("<script>")
expect(rendered).to include("<script>alert(0);</script>")
end
end
|