From b1349342d200937665ca6486c4b3ba1bae2f9d05 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 8 Feb 2020 21:22:38 +0100 Subject: Fix rendering `` without `href` when scheme unsupported (#13040) - Disallow links with relative paths - Disallow iframes with non-http protocols and relative paths Close #13037 --- spec/lib/sanitize_config_spec.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'spec/lib') diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index feb86af35..d66302e64 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -26,5 +26,21 @@ describe Sanitize::Config do it 'keep links in lists' do expect(Sanitize.fragment('

Check out:

', subject)).to eq '

Check out:

joinmastodon.org
Bar

' end + + it 'removes a without href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end + + it 'removes a without href and only keeps text content' do + expect(Sanitize.fragment('Test', subject)).to eq 'foo&Test' + end + + it 'removes a with unsupported scheme in href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end + + it 'keeps a with href' do + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end end end -- cgit