diff options
| author | Egor Kislitsyn <egor@kislitsyn.com> | 2018-12-06 19:55:58 +0700 |
|---|---|---|
| committer | Egor Kislitsyn <egor@kislitsyn.com> | 2018-12-06 19:55:58 +0700 |
| commit | 8b4397c704147bcc5ca12ab60dde32f2b6e11a41 (patch) | |
| tree | f1d26585be6673b495d3f4b8bea4deb5f0283d42 /test/web/common_api/common_api_test.exs | |
| parent | 04a48286e69704bf83429b85dbcdb70863bdcff1 (diff) | |
| parent | 52ce368562de919f1806dfd5235642caf0666e16 (diff) | |
| download | pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.tar.gz | |
Merge branch 'develop' into feature/compat/push-subscriptions
# Conflicts:
# lib/mix/tasks/sample_config.eex
# lib/pleroma/web/twitter_api/controllers/util_controller.ex
# mix.exs
# mix.lock
Diffstat (limited to 'test/web/common_api/common_api_test.exs')
| -rw-r--r-- | test/web/common_api/common_api_test.exs | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 2a2c40833..cd36e409c 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -21,4 +21,36 @@ defmodule Pleroma.Web.CommonAPI.Test do assert karjalanpiirakka["name"] == ":karjalanpiirakka:" end + + describe "posting" do + test "it filters out obviously bad tags when accepting a post as HTML" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/html" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + + test "it filters out obviously bad tags when accepting a post as Markdown" do + user = insert(:user) + + post = "<p><b>2hu</b></p><script>alert('xss')</script>" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/markdown" + }) + + content = activity.data["object"]["content"] + assert content == "<p><b>2hu</b></p>alert('xss')" + end + end end |