diff options
author | Robert Speicher <rspeicher@gmail.com> | 2015-04-28 01:56:37 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2015-04-30 23:35:25 +0300 |
commit | e46d1cdd8bd4cc12e8c8e8fdce10b3114a17d95e (patch) | |
tree | fc6b79dd86cd193ce86093c8df8ab91da338057d /spec/helpers | |
parent | aa2cc670fe2c9de772c82d90df4ee2d8a77c23fc (diff) |
Add Gitlab::Markdown::SanitizationFilter
This just extends the HTML::Pipeline::SanitizationFilter with our custom
whitelist.
Diffstat (limited to 'spec/helpers')
-rw-r--r-- | spec/helpers/gitlab_markdown_helper_spec.rb | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/spec/helpers/gitlab_markdown_helper_spec.rb b/spec/helpers/gitlab_markdown_helper_spec.rb index bd2240c5997..ff0f049ce6c 100644 --- a/spec/helpers/gitlab_markdown_helper_spec.rb +++ b/spec/helpers/gitlab_markdown_helper_spec.rb @@ -316,11 +316,6 @@ describe GitlabMarkdownHelper do expected = "" expect(markdown(actual)).to match(expected) end - - it 'should allow whitelisted HTML tags from the user' do - actual = '<dl><dt>Term</dt><dd>Definition</dd></dl>' - expect(markdown(actual)).to match(actual) - end end context 'with an empty repository' do @@ -336,34 +331,6 @@ describe GitlabMarkdownHelper do end end end - - # SANITIZATION ------------------------------------------------------------ - # TODO (rspeicher): These are testing SanitizationFilter, not `markdown` - - it 'should sanitize tags that are not whitelisted' do - actual = '<textarea>no inputs allowed</textarea> <blink>no blinks</blink>' - expected = 'no inputs allowed no blinks' - expect(markdown(actual)).to match(expected) - expect(markdown(actual)).not_to match('<.textarea>') - expect(markdown(actual)).not_to match('<.blink>') - end - - it 'should allow whitelisted tag attributes from the user' do - actual = '<a class="custom">link text</a>' - expect(markdown(actual)).to match(actual) - end - - it 'should sanitize tag attributes that are not whitelisted' do - actual = '<a href="http://example.com/bar.html" foo="bar">link text</a>' - expected = '<a href="http://example.com/bar.html">link text</a>' - expect(markdown(actual)).to match(expected) - end - - it 'should sanitize javascript in attributes' do - actual = %q(<a href="javascript:alert('foo')">link text</a>) - expected = '<a>link text</a>' - expect(markdown(actual)).to match(expected) - end end describe '#render_wiki_content' do |