diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-05 00:10:19 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-05 00:10:19 +0300 |
| commit | 9248363e3eb740b2f1dccb3a63f09aff4fcdf94f (patch) | |
| tree | ee6b7e7122a3b6c9b21e4a163ad116e354cca483 /spec | |
| parent | db3acec198e92833482b9ce5c055f562b06a14a1 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
12 files changed, 160 insertions, 55 deletions
diff --git a/spec/lib/banzai/filter/asset_proxy_filter_spec.rb b/spec/lib/banzai/filter/asset_proxy_filter_spec.rb index 2a4ee28130b..1f886059bf6 100644 --- a/spec/lib/banzai/filter/asset_proxy_filter_spec.rb +++ b/spec/lib/banzai/filter/asset_proxy_filter_spec.rb @@ -35,8 +35,8 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do expect(Gitlab.config.asset_proxy.enabled).to be_truthy expect(Gitlab.config.asset_proxy.secret_key).to eq 'shared-secret' expect(Gitlab.config.asset_proxy.url).to eq 'https://assets.example.com' - expect(Gitlab.config.asset_proxy.whitelist).to eq %w(gitlab.com *.mydomain.com) - expect(Gitlab.config.asset_proxy.domain_regexp).to eq /^(gitlab\.com|.*?\.mydomain\.com)$/i + expect(Gitlab.config.asset_proxy.allowlist).to eq %w(gitlab.com *.mydomain.com) + expect(Gitlab.config.asset_proxy.domain_regexp).to eq(/^(gitlab\.com|.*?\.mydomain\.com)$/i) end context 'when whitelist is empty' do @@ -46,7 +46,7 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do described_class.initialize_settings - expect(Gitlab.config.asset_proxy.whitelist).to eq [Gitlab.config.gitlab.host] + expect(Gitlab.config.asset_proxy.allowlist).to eq [Gitlab.config.gitlab.host] end end end @@ -56,8 +56,8 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do stub_asset_proxy_setting(enabled: true) stub_asset_proxy_setting(secret_key: 'shared-secret') stub_asset_proxy_setting(url: 'https://assets.example.com') - stub_asset_proxy_setting(whitelist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host})) - stub_asset_proxy_setting(domain_regexp: described_class.compile_whitelist(Gitlab.config.asset_proxy.whitelist)) + stub_asset_proxy_setting(allowlist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host})) + stub_asset_proxy_setting(domain_regexp: described_class.compile_allowlist(Gitlab.config.asset_proxy.allowlist)) @context = described_class.transform_context({}) end diff --git a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb index 1f65268bd3c..67b480f8973 100644 --- a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb @@ -5,9 +5,9 @@ require 'spec_helper' RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do include FilterSpecHelper - it_behaves_like 'default whitelist' + it_behaves_like 'default allowlist' - describe 'custom whitelist' do + describe 'custom allowlist' do it_behaves_like 'XSS prevention' it_behaves_like 'sanitize link' @@ -26,19 +26,19 @@ RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do end context 'when `a` elements have `style` attribute' do - let(:whitelisted_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' } + let(:allowed_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' } context 'allows specific properties' do - let(:exp) { %{<a href="#" style="#{whitelisted_style}">Stylish Link</a>} } + let(:exp) { %{<a href="#" style="#{allowed_style}">Stylish Link</a>} } it { is_expected.to eq(exp) } end it 'disallows other properties in `style` attribute on `a` elements' do - style = [whitelisted_style, 'position: fixed'].join(';') + style = [allowed_style, 'position: fixed'].join(';') doc = filter(%{<a href="#" style="#{style}">Stylish Link</a>}) - expect(doc.at_css('a')['style']).to eq(whitelisted_style) + expect(doc.at_css('a')['style']).to eq(allowed_style) end end diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index 09dcd5518ff..bc4b60dfe60 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -5,31 +5,31 @@ require 'spec_helper' RSpec.describe Banzai::Filter::SanitizationFilter do include FilterSpecHelper - it_behaves_like 'default whitelist' + it_behaves_like 'default allowlist' - describe 'custom whitelist' do + describe 'custom allowlist' do it_behaves_like 'XSS prevention' it_behaves_like 'sanitize link' - it 'customizes the whitelist only once' do + it 'customizes the allowlist only once' do instance = described_class.new('Foo') - control_count = instance.whitelist[:transformers].size + control_count = instance.allowlist[:transformers].size - 3.times { instance.whitelist } + 3.times { instance.allowlist } - expect(instance.whitelist[:transformers].size).to eq control_count + expect(instance.allowlist[:transformers].size).to eq control_count end - it 'customizes the whitelist only once for different instances' do + it 'customizes the allowlist only once for different instances' do instance1 = described_class.new('Foo1') instance2 = described_class.new('Foo2') - control_count = instance1.whitelist[:transformers].size + control_count = instance1.allowlist[:transformers].size - instance1.whitelist - instance2.whitelist + instance1.allowlist + instance2.allowlist - expect(instance1.whitelist[:transformers].size).to eq control_count - expect(instance2.whitelist[:transformers].size).to eq control_count + expect(instance1.allowlist[:transformers].size).to eq control_count + expect(instance2.allowlist[:transformers].size).to eq control_count end it 'sanitizes `class` attribute from all elements' do diff --git a/spec/lib/banzai/pipeline/description_pipeline_spec.rb b/spec/lib/banzai/pipeline/description_pipeline_spec.rb index 82d4f883e0d..be553433e9e 100644 --- a/spec/lib/banzai/pipeline/description_pipeline_spec.rb +++ b/spec/lib/banzai/pipeline/description_pipeline_spec.rb @@ -21,7 +21,7 @@ RSpec.describe Banzai::Pipeline::DescriptionPipeline do stub_commonmark_sourcepos_disabled end - it 'uses a limited whitelist' do + it 'uses a limited allowlist' do doc = parse('# Description') expect(doc.strip).to eq 'Description' diff --git a/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb b/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb index 247f4591632..31047b9494a 100644 --- a/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb +++ b/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb @@ -176,8 +176,8 @@ RSpec.describe Banzai::Pipeline::GfmPipeline do stub_asset_proxy_setting(enabled: true) stub_asset_proxy_setting(secret_key: 'shared-secret') stub_asset_proxy_setting(url: 'https://assets.example.com') - stub_asset_proxy_setting(whitelist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host})) - stub_asset_proxy_setting(domain_regexp: Banzai::Filter::AssetProxyFilter.compile_whitelist(Gitlab.config.asset_proxy.whitelist)) + stub_asset_proxy_setting(allowlist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host})) + stub_asset_proxy_setting(domain_regexp: Banzai::Filter::AssetProxyFilter.compile_allowlist(Gitlab.config.asset_proxy.allowlist)) end it 'replaces a lazy loaded img src' do diff --git a/spec/lib/gitlab/asset_proxy_spec.rb b/spec/lib/gitlab/asset_proxy_spec.rb index 73b101c0dd8..7d7952d5741 100644 --- a/spec/lib/gitlab/asset_proxy_spec.rb +++ b/spec/lib/gitlab/asset_proxy_spec.rb @@ -17,12 +17,12 @@ RSpec.describe Gitlab::AssetProxy do context 'when asset proxy is enabled' do before do - stub_asset_proxy_setting(whitelist: %w(gitlab.com *.mydomain.com)) + stub_asset_proxy_setting(allowlist: %w(gitlab.com *.mydomain.com)) stub_asset_proxy_setting( enabled: true, url: 'https://assets.example.com', secret_key: 'shared-secret', - domain_regexp: Banzai::Filter::AssetProxyFilter.compile_whitelist(Gitlab.config.asset_proxy.whitelist) + domain_regexp: Banzai::Filter::AssetProxyFilter.compile_allowlist(Gitlab.config.asset_proxy.allowlist) ) end diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index f927d5912bb..775f8f056b5 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -6,7 +6,8 @@ RSpec.describe Gitlab::Auth::AuthFinders do include described_class include HttpBasicAuthHelpers - let(:user) { create(:user) } + # Create the feed_token and static_object_token for the user + let_it_be(:user) { create(:user).tap(&:feed_token).tap(&:static_object_token) } let(:env) do { 'rack.input' => '' @@ -65,7 +66,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_user_from_bearer_token' do - let(:job) { create(:ci_build, user: user) } + let_it_be_with_reload(:job) { create(:ci_build, user: user) } subject { find_user_from_bearer_token } @@ -91,7 +92,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'with a personal access token' do - let(:pat) { create(:personal_access_token, user: user) } + let_it_be(:pat) { create(:personal_access_token, user: user) } let(:token) { pat.token } before do @@ -148,7 +149,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end it 'returns nil if valid feed_token and disabled' do - allow(Gitlab::CurrentSettings).to receive(:disable_feed_token).and_return(true) + stub_application_setting(disable_feed_token: true) set_param(:feed_token, user.feed_token) expect(find_user_from_feed_token(:rss)).to be_nil @@ -166,7 +167,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'when rss_token param is provided' do - it 'returns user if valid rssd_token' do + it 'returns user if valid rss_token' do set_param(:rss_token, user.feed_token) expect(find_user_from_feed_token(:rss)).to eq user @@ -347,7 +348,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_user_from_access_token' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } before do set_header('SCRIPT_NAME', 'url.atom') @@ -386,7 +387,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'when using a non-prefixed access token' do - let(:personal_access_token) { create(:personal_access_token, :no_prefix, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, :no_prefix, user: user) } it 'returns user' do set_header('HTTP_AUTHORIZATION', "Bearer #{personal_access_token.token}") @@ -398,7 +399,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_user_from_web_access_token' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be_with_reload(:personal_access_token) { create(:personal_access_token, user: user) } before do set_header(described_class::PRIVATE_TOKEN_HEADER, personal_access_token.token) @@ -449,6 +450,22 @@ RSpec.describe Gitlab::Auth::AuthFinders do expect(find_user_from_web_access_token(:api)).to be_nil end + context 'when the token has read_api scope' do + before do + personal_access_token.update!(scopes: ['read_api']) + + set_header('SCRIPT_NAME', '/api/endpoint') + end + + it 'raises InsufficientScopeError by default' do + expect { find_user_from_web_access_token(:api) }.to raise_error(Gitlab::Auth::InsufficientScopeError) + end + + it 'finds the user when the read_api scope is passed' do + expect(find_user_from_web_access_token(:api, scopes: [:api, :read_api])).to eq(user) + end + end + context 'when relative_url_root is set' do before do stub_config_setting(relative_url_root: '/relative_root') @@ -464,7 +481,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_personal_access_token' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } before do set_header('SCRIPT_NAME', 'url.atom') @@ -534,7 +551,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'access token is valid' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } let(:route_authentication_setting) { { basic_auth_personal_access_token: true } } it 'finds the token from basic auth' do @@ -555,7 +572,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'route_setting is not set' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } it 'returns nil' do auth_header_with(personal_access_token.token) @@ -565,7 +582,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'route_setting is not correct' do - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } let(:route_authentication_setting) { { basic_auth_personal_access_token: false } } it 'returns nil' do @@ -611,8 +628,9 @@ RSpec.describe Gitlab::Auth::AuthFinders do context 'with CI username' do let(:username) { ::Gitlab::Auth::CI_JOB_USER } - let(:user) { create(:user) } - let(:build) { create(:ci_build, user: user, status: :running) } + + let_it_be(:user) { create(:user) } + let_it_be(:build) { create(:ci_build, user: user, status: :running) } it 'returns nil without password' do set_basic_auth_header(username, nil) @@ -645,11 +663,11 @@ RSpec.describe Gitlab::Auth::AuthFinders do describe '#validate_access_token!' do subject { validate_access_token! } - let(:personal_access_token) { create(:personal_access_token, user: user) } + let_it_be_with_reload(:personal_access_token) { create(:personal_access_token, user: user) } context 'with a job token' do + let_it_be(:job) { create(:ci_build, user: user, status: :running) } let(:route_authentication_setting) { { job_token_allowed: true } } - let(:job) { create(:ci_build, user: user, status: :running) } before do env['HTTP_AUTHORIZATION'] = "Bearer #{job.token}" @@ -671,7 +689,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end it 'returns Gitlab::Auth::ExpiredError if token expired' do - personal_access_token.expires_at = 1.day.ago + personal_access_token.update!(expires_at: 1.day.ago) expect { validate_access_token! }.to raise_error(Gitlab::Auth::ExpiredError) end @@ -688,7 +706,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end context 'with impersonation token' do - let(:personal_access_token) { create(:personal_access_token, :impersonation, user: user) } + let_it_be(:personal_access_token) { create(:personal_access_token, :impersonation, user: user) } context 'when impersonation is disabled' do before do @@ -704,7 +722,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_user_from_job_token' do - let(:job) { create(:ci_build, user: user, status: :running) } + let_it_be(:job) { create(:ci_build, user: user, status: :running) } let(:route_authentication_setting) { { job_token_allowed: true } } subject { find_user_from_job_token } @@ -866,7 +884,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end describe '#find_runner_from_token' do - let(:runner) { create(:ci_runner) } + let_it_be(:runner) { create(:ci_runner) } context 'with API requests' do before do diff --git a/spec/lib/gitlab/auth/request_authenticator_spec.rb b/spec/lib/gitlab/auth/request_authenticator_spec.rb index ef6b1d72712..93e9cb06786 100644 --- a/spec/lib/gitlab/auth/request_authenticator_spec.rb +++ b/spec/lib/gitlab/auth/request_authenticator_spec.rb @@ -47,7 +47,10 @@ RSpec.describe Gitlab::Auth::RequestAuthenticator do let!(:job_token_user) { build(:user) } it 'returns access_token user first' do - allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_return(access_token_user) + allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token) + .with(anything, scopes: [:api, :read_api]) + .and_return(access_token_user) + allow_any_instance_of(described_class).to receive(:find_user_from_feed_token).and_return(feed_token_user) expect(subject.find_sessionless_user(:api)).to eq access_token_user diff --git a/spec/lib/gitlab/ci/charts_spec.rb b/spec/lib/gitlab/ci/charts_spec.rb index cfc2019a89b..c7869383dc4 100644 --- a/spec/lib/gitlab/ci/charts_spec.rb +++ b/spec/lib/gitlab/ci/charts_spec.rb @@ -47,6 +47,10 @@ RSpec.describe Gitlab::Ci::Charts do subject { chart.to } + before do + create(:ci_empty_pipeline, project: project, duration: 120) + end + it 'includes the whole current day' do is_expected.to eq(Date.today.end_of_day) end @@ -58,6 +62,37 @@ RSpec.describe Gitlab::Ci::Charts do it 'uses %d %B as labels format' do expect(chart.labels).to include(chart.from.strftime('%d %B')) end + + it 'returns count of pipelines run each day in the current week' do + expect(chart.total).to contain_exactly(0, 0, 0, 0, 0, 0, 0, 1) + end + end + + context 'weekchart_non_utc' do + today = Date.today + end_of_today = Time.use_zone(Time.find_zone('Asia/Dubai')) { today.end_of_day } + + let(:project) { create(:project) } + let(:chart) do + allow(Date).to receive(:today).and_return(today) + allow(today).to receive(:end_of_day).and_return(end_of_today) + Gitlab::Ci::Charts::WeekChart.new(project) + end + + subject { chart.total } + + before do + create(:ci_empty_pipeline, project: project, duration: 120) + end + + it 'uses a non-utc time zone for range times' do + expect(chart.to.zone).to eq(end_of_today.zone) + expect(chart.from.zone).to eq(end_of_today.zone) + end + + it 'returns count of pipelines run each day in the current week' do + is_expected.to contain_exactly(0, 0, 0, 0, 0, 0, 0, 1) + end end context 'pipeline_times' do diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb index 157fcac56fa..1d99f042c06 100644 --- a/spec/requests/rack_attack_global_spec.rb +++ b/spec/requests/rack_attack_global_spec.rb @@ -188,10 +188,10 @@ RSpec.describe 'Rack Attack global throttles' do end describe 'API requests authenticated with personal access token', :api do - let(:user) { create(:user) } - let(:token) { create(:personal_access_token, user: user) } - let(:other_user) { create(:user) } - let(:other_user_token) { create(:personal_access_token, user: other_user) } + let_it_be(:user) { create(:user) } + let_it_be(:token) { create(:personal_access_token, user: user) } + let_it_be(:other_user) { create(:user) } + let_it_be(:other_user_token) { create(:personal_access_token, user: other_user) } let(:throttle_setting_prefix) { 'throttle_authenticated_api' } let(:api_partial_url) { '/todos' } @@ -208,6 +208,41 @@ RSpec.describe 'Rack Attack global throttles' do it_behaves_like 'rate-limited token-authenticated requests' end + + context 'with the token in the OAuth headers' do + let(:request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(token)) } + let(:other_user_request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(other_user_token)) } + + it_behaves_like 'rate-limited token-authenticated requests' + end + + context 'with the token in basic auth' do + let(:request_args) { api_get_args_with_token_headers(api_partial_url, basic_auth_headers(user, token)) } + let(:other_user_request_args) { api_get_args_with_token_headers(api_partial_url, basic_auth_headers(other_user, other_user_token)) } + + it_behaves_like 'rate-limited token-authenticated requests' + end + + context 'with a read_api scope' do + before do + token.update!(scopes: ['read_api']) + other_user_token.update!(scopes: ['read_api']) + end + + context 'with the token in the headers' do + let(:request_args) { api_get_args_with_token_headers(api_partial_url, personal_access_token_headers(token)) } + let(:other_user_request_args) { api_get_args_with_token_headers(api_partial_url, personal_access_token_headers(other_user_token)) } + + it_behaves_like 'rate-limited token-authenticated requests' + end + + context 'with the token in the OAuth headers' do + let(:request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(token)) } + let(:other_user_request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(other_user_token)) } + + it_behaves_like 'rate-limited token-authenticated requests' + end + end end describe 'API requests authenticated with OAuth token', :api do @@ -235,6 +270,15 @@ RSpec.describe 'Rack Attack global throttles' do it_behaves_like 'rate-limited token-authenticated requests' end + + context 'with a read_api scope' do + let(:read_token) { Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "read_api") } + let(:other_user_read_token) { Doorkeeper::AccessToken.create!(application_id: other_user_application.id, resource_owner_id: other_user.id, scopes: "read_api") } + let(:request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(read_token)) } + let(:other_user_request_args) { api_get_args_with_token_headers(api_partial_url, oauth_token_headers(other_user_read_token)) } + + it_behaves_like 'rate-limited token-authenticated requests' + end end describe '"web" (non-API) requests authenticated with RSS token' do diff --git a/spec/support/helpers/rack_attack_spec_helpers.rb b/spec/support/helpers/rack_attack_spec_helpers.rb index d479420e87b..0f17b5b9137 100644 --- a/spec/support/helpers/rack_attack_spec_helpers.rb +++ b/spec/support/helpers/rack_attack_spec_helpers.rb @@ -21,6 +21,11 @@ module RackAttackSpecHelpers { 'AUTHORIZATION' => "Bearer #{oauth_access_token.token}" } end + def basic_auth_headers(user, personal_access_token) + encoded_login = ["#{user.username}:#{personal_access_token.token}"].pack('m0') + { 'AUTHORIZATION' => "Basic #{encoded_login}" } + end + def expect_rejection(&block) yield diff --git a/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb b/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb index 134e38833cf..b5c07f45d59 100644 --- a/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb +++ b/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true -RSpec.shared_examples 'default whitelist' do - it 'sanitizes tags that are not whitelisted' do +RSpec.shared_examples 'default allowlist' do + it 'sanitizes tags that are not allowed' do act = %q{<textarea>no inputs</textarea> and <blink>no blinks</blink>} exp = 'no inputs and no blinks' expect(filter(act).to_html).to eq exp |