From b1349342d200937665ca6486c4b3ba1bae2f9d05 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 8 Feb 2020 21:22:38 +0100 Subject: Fix rendering `` without `href` when scheme unsupported (#13040) - Disallow links with relative paths - Disallow iframes with non-http protocols and relative paths Close #13037 --- spec/lib/sanitize_config_spec.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'spec/lib') diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index feb86af35..d66302e64 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -26,5 +26,21 @@ describe Sanitize::Config do it 'keep links in lists' do expect(Sanitize.fragment('

Check out:

', subject)).to eq '

Check out:

joinmastodon.org
Bar

' end + + it 'removes a without href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end + + it 'removes a without href and only keeps text content' do + expect(Sanitize.fragment('Test', subject)).to eq 'foo&Test' + end + + it 'removes a with unsupported scheme in href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end + + it 'keeps a with href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end end end -- cgit From 432033743c409356bd11e0d7d96f14a3cc82fb77 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Sun, 9 Feb 2020 12:32:33 +0100 Subject: Fix tests Well, kinda, it's actually a bug from glitch-soc, but we will have to address it separately. --- spec/lib/sanitize_config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/lib') diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index 0a812e872..50558a0d8 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -28,7 +28,7 @@ describe Sanitize::Config do end it 'keeps a with href' do - expect(Sanitize.fragment('Test', subject)).to eq 'Test' + expect(Sanitize.fragment('Test', subject)).to eq 'Test' end end end -- cgit