diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-02-04 13:16:48 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-02-04 13:16:48 +0300 |
| commit | 312d3faf6f71e4dc7fc2870ea823115475f14c8b (patch) | |
| tree | 6d3b91d8c116ff07a2ee9038c0e0c55418d2432c /spec | |
| parent | a1fa973123796ce27559063a644f093539107a7f (diff) | |
| parent | 47982e50c4038ed6e56b1dd28b4d4888b33460eb (diff) | |
Merge branch 'rs-whitelist-in-pipeline' into 'master'
Make Pipelines responsible for defining their custom whitelist
This allows for future pipelines to more easily define a custom
whitelist.
See merge request !2693
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/banzai/filter/sanitization_filter_spec.rb | 22 | ||||
| -rw-r--r-- | spec/lib/banzai/pipeline/description_pipeline_spec.rb | 37 |
2 files changed, 37 insertions, 22 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index 9c63d227044..e14a6dbf922 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -177,26 +177,4 @@ describe Banzai::Filter::SanitizationFilter, lib: true do expect(act.to_html).to eq exp end end - - context 'when inline_sanitization is true' do - it 'uses a stricter whitelist' do - doc = filter('<h1>Description</h1>', inline_sanitization: true) - expect(doc.to_html.strip).to eq 'Description' - end - - %w(pre code img ol ul li).each do |elem| - it "removes '#{elem}' elements" do - act = "<#{elem}>Description</#{elem}>" - expect(filter(act, inline_sanitization: true).to_html.strip). - to eq 'Description' - end - end - - %w(b i strong em a ins del sup sub p).each do |elem| - it "still allows '#{elem}' elements" do - exp = act = "<#{elem}>Description</#{elem}>" - expect(filter(act, inline_sanitization: true).to_html).to eq exp - end - end - end end diff --git a/spec/lib/banzai/pipeline/description_pipeline_spec.rb b/spec/lib/banzai/pipeline/description_pipeline_spec.rb new file mode 100644 index 00000000000..76f42071810 --- /dev/null +++ b/spec/lib/banzai/pipeline/description_pipeline_spec.rb @@ -0,0 +1,37 @@ +require 'rails_helper' + +describe Banzai::Pipeline::DescriptionPipeline do + def parse(html) + # When we pass HTML to Redcarpet, it gets wrapped in `p` tags... + # ...except when we pass it pre-wrapped text. Rabble rabble. + unwrap = !html.start_with?('<p>') + + output = described_class.to_html(html, project: spy) + + output.gsub!(%r{\A<p>(.*)</p>(.*)\z}, '\1\2') if unwrap + + output + end + + it 'uses a limited whitelist' do + doc = parse('# Description') + + expect(doc.strip).to eq 'Description' + end + + %w(pre code img ol ul li).each do |elem| + it "removes '#{elem}' elements" do + act = "<#{elem}>Description</#{elem}>" + + expect(parse(act).strip).to eq 'Description' + end + end + + %w(b i strong em a ins del sup sub p).each do |elem| + it "still allows '#{elem}' elements" do + exp = act = "<#{elem}>Description</#{elem}>" + + expect(parse(act).strip).to eq exp + end + end +end |