Commit e7871ed0 authored by kaniini's avatar kaniini

tests: add tests for evil HTML filtering

parent 6aa65b68
......@@ -21,4 +21,36 @@ defmodule Pleroma.Web.CommonAPI.Test do
assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
end
describe "posting" do
test "it filters out obviously bad tags when accepting a post as HTML" do
user = insert(:user)
post = "<h1>2hu</h1><script>alert('xss')</script>"
{:ok, activity} =
CommonAPI.post(user, %{
"status" => post,
"content_type" => "text/html"
})
content = activity.data["object"]["content"]
assert content == "<h1>2hu</h1>alert('xss')"
end
test "it filters out obviously bad tags when accepting a post as Markdown" do
user = insert(:user)
post = "<h1>2hu</h1><script>alert('xss')</script>"
{:ok, activity} =
CommonAPI.post(user, %{
"status" => post,
"content_type" => "text/markdown"
})
content = activity.data["object"]["content"]
assert content == "<h1>2hu</h1>alert('xss')"
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment