From 545095b3ce312b42ba304d0bb2c76727826e27b4 Mon Sep 17 00:00:00 2001
From: puckipedia <puck@puckipedia.com>
Date: Wed, 3 Jan 2018 03:54:08 +0100
Subject: [!] Sanitize incoming classlist properly (#6162)

* Sanitize classlist properly

* Actually properly sanitize every class after the first

* Improve Formatter spec to check for multiple classes and non-space whitespace
---
 spec/lib/formatter_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'spec/lib')

diff --git a/spec/lib/formatter_spec.rb b/spec/lib/formatter_spec.rb
index 71b6b78d2..e79be3645 100644
--- a/spec/lib/formatter_spec.rb
+++ b/spec/lib/formatter_spec.rb
@@ -332,7 +332,7 @@ RSpec.describe Formatter do
     end
 
     context 'contains malicious classes' do
-      let(:text) { '<span class="status__content__spoiler-link">Show more</span>' }
+      let(:text) { '<span class="mention	status__content__spoiler-link">Show more</span>' }
 
       it 'strips malicious classes' do
         is_expected.to_not include 'status__content__spoiler-link'
-- 
cgit