# frozen_string_literal: true require 'spec_helper' RSpec.describe Banzai::Filter::SyntaxHighlightFilter do include FilterSpecHelper shared_examples "XSS prevention" do |lang| it "escapes HTML tags" do # This is how a script tag inside a code block is presented to this filter # after Markdown rendering. result = filter(%{
<script>alert(1)</script>
})
# `(1)` symbols are wrapped by lexer tags.
expect(result.to_html).not_to match(%r{"
end
end
context 'when multiple param delimiters are used' do
let(:lang) { 'suggestion' }
let(:lang_params) { '-1+10' }
let(:expected_result) do
%{This is a test
This is a test
})
expect(result.to_html.delete("\n")).to eq(expected_result)
end
end
context 'when delimiter is colon' do
it 'delimits on the first appearance' do
result = filter(%{This is a test
})
expect(result.to_html.delete("\n")).to eq(expected_result)
end
end
end
end
context "when sourcepos metadata is available" do
it "includes it in the highlighted code block" do
result = filter('This is a test
')
expect(result.to_html.delete("\n")).to eq('This is a test
This is a test
')
expect(result.to_html.delete("\n")).to eq('This is a test
This is a test
')
expect(result.to_html).to eq('This is a test
')
end
include_examples "XSS prevention", "ruby"
end
end