diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-03-15 21:54:24 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-03-15 21:54:24 +0000 |
| commit | bb49d8f5a0dbbad65a8f65a28cc2d0847b518067 (patch) | |
| tree | 938fb7fd74053a816c21948b28d5f6cfb7443f37 /test/web/static_fe | |
| parent | e8493431bfc16977e43715bf8bdb09ac46580028 (diff) | |
| parent | 8d15d6c3ab9aecb82ba5126bb5efef20b3dfef41 (diff) | |
| download | pleroma-2.0.1.tar.gz | |
Merge branch 'release/2.0.1' into 'stable'v2.0.1
2.0.1 release
See merge request pleroma/pleroma!2298
Diffstat (limited to 'test/web/static_fe')
| -rw-r--r-- | test/web/static_fe/static_fe_controller_test.exs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index 2ce8f9fa3..2c999295a 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -110,6 +110,19 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do assert html =~ "testing a thing!" end + test "filters HTML tags", %{conn: conn} do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"}) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") + + html = html_response(conn, 200) + assert html =~ ~s[<script>alert('xss')</script>] + end + test "shows the whole thread", %{conn: conn} do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"}) |