diff options
| author | lain <lain@soykaf.club> | 2020-05-30 12:17:18 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-05-30 12:17:18 +0200 |
| commit | 2c9465cc51160546ae054d1a1912fbb8e9add8e8 (patch) | |
| tree | 132c941b0e7371cfd290627b8986fe2349caeab2 /test | |
| parent | 32431ad1ee88d260b720fab05fce76eb75bfe107 (diff) | |
| download | pleroma-2c9465cc51160546ae054d1a1912fbb8e9add8e8.tar.gz | |
SafeText: Let through basic html.
Diffstat (limited to 'test')
| -rw-r--r-- | test/web/activity_pub/object_validator_test.exs | 14 | ||||
| -rw-r--r-- | test/web/activity_pub/object_validators/types/safe_text_test.exs | 7 |
2 files changed, 21 insertions, 0 deletions
diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs index 929fdbc9b..31224abe0 100644 --- a/test/web/activity_pub/object_validator_test.exs +++ b/test/web/activity_pub/object_validator_test.exs @@ -113,6 +113,20 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do %{user: user, recipient: recipient, valid_chat_message: valid_chat_message} end + test "let's through some basic html", %{user: user, recipient: recipient} do + {:ok, valid_chat_message, _} = + Builder.chat_message( + user, + recipient.ap_id, + "hey <a href='https://example.org'>example</a> <script>alert('uguu')</script>" + ) + + assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) + + assert object["content"] == + "hey <a href=\"https://example.org\">example</a> alert('uguu')" + end + test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) diff --git a/test/web/activity_pub/object_validators/types/safe_text_test.exs b/test/web/activity_pub/object_validators/types/safe_text_test.exs index 59ed0a1fe..d4a574554 100644 --- a/test/web/activity_pub/object_validators/types/safe_text_test.exs +++ b/test/web/activity_pub/object_validators/types/safe_text_test.exs @@ -17,6 +17,13 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.Types.SafeTextTest do assert {:ok, "hey look xss alert('foo')"} == SafeText.cast(text) end + test "it keeps basic html tags" do + text = "hey <a href='http://gensokyo.2hu'>look</a> xss <script>alert('foo')</script>" + + assert {:ok, "hey <a href=\"http://gensokyo.2hu\">look</a> xss alert('foo')"} == + SafeText.cast(text) + end + test "errors for non-text" do assert :error == SafeText.cast(1) end |