diff options
| author | lain <lain@soykaf.club> | 2020-04-16 12:56:29 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-16 12:56:29 +0200 |
| commit | 3d4eca5dd4be297f03c244497d78db03e82a9d81 (patch) | |
| tree | e89227817b67333d48999be46f7eb39f47ff68ce /test | |
| parent | 6ace22b56a3ced833bd990de5715048d6bd32f80 (diff) | |
| download | pleroma-3d4eca5dd4be297f03c244497d78db03e82a9d81.tar.gz | |
CommonAPI: Escape HTML for chat messages.
Diffstat (limited to 'test')
| -rw-r--r-- | test/web/common_api/common_api_test.exs | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 168721c81..abe3e6f8d 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -27,7 +27,12 @@ defmodule Pleroma.Web.CommonAPITest do author = insert(:user) recipient = insert(:user) - {:ok, activity} = CommonAPI.post_chat_message(author, recipient, "a test message") + {:ok, activity} = + CommonAPI.post_chat_message( + author, + recipient, + "a test message <script>alert('uuu')</script>" + ) assert activity.data["type"] == "Create" assert activity.local @@ -35,7 +40,9 @@ defmodule Pleroma.Web.CommonAPITest do assert object.data["type"] == "ChatMessage" assert object.data["to"] == [recipient.ap_id] - assert object.data["content"] == "a test message" + + assert object.data["content"] == + "a test message <script>alert('uuu')</script>" assert Chat.get(author.id, recipient.ap_id) assert Chat.get(recipient.id, author.ap_id) |