Commit 97cedc5d authored by Robert Speicher's avatar Robert Speicher

Break up SanitizationFilter feature specs

parent 3cafa743
...@@ -124,29 +124,52 @@ describe 'GitLab Markdown', feature: true do ...@@ -124,29 +124,52 @@ describe 'GitLab Markdown', feature: true do
describe 'HTML::Pipeline' do describe 'HTML::Pipeline' do
describe 'SanitizationFilter' do describe 'SanitizationFilter' do
it 'uses a permissive whitelist' do it 'permits b elements' do
aggregate_failures do
expect(doc).to have_selector('b:contains("b tag")') expect(doc).to have_selector('b:contains("b tag")')
end
it 'permits em elements' do
expect(doc).to have_selector('em:contains("em tag")') expect(doc).to have_selector('em:contains("em tag")')
end
it 'permits code elements' do
expect(doc).to have_selector('code:contains("code tag")') expect(doc).to have_selector('code:contains("code tag")')
end
it 'permits kbd elements' do
expect(doc).to have_selector('kbd:contains("s")') expect(doc).to have_selector('kbd:contains("s")')
end
it 'permits strike elements' do
expect(doc).to have_selector('strike:contains(Emoji)') expect(doc).to have_selector('strike:contains(Emoji)')
end
it 'permits img elements' do
expect(doc).to have_selector('img[src*="smile.png"]') expect(doc).to have_selector('img[src*="smile.png"]')
end
it 'permits br elements' do
expect(doc).to have_selector('br') expect(doc).to have_selector('br')
expect(doc).to have_selector('hr')
end end
it 'permits hr elements' do
expect(doc).to have_selector('hr')
end end
it 'permits span elements' do it 'permits span elements' do
expect(doc).to have_selector('span:contains("span tag")') expect(doc).to have_selector('span:contains("span tag")')
end end
it 'permits table alignment' do it 'permits style attribute in th elements' do
aggregate_failures do aggregate_failures do
expect(doc.at_css('th:contains("Header")')['style']).to eq 'text-align: center' expect(doc.at_css('th:contains("Header")')['style']).to eq 'text-align: center'
expect(doc.at_css('th:contains("Row")')['style']).to eq 'text-align: right' expect(doc.at_css('th:contains("Row")')['style']).to eq 'text-align: right'
expect(doc.at_css('th:contains("Example")')['style']).to eq 'text-align: left' expect(doc.at_css('th:contains("Example")')['style']).to eq 'text-align: left'
end
end
it 'permits style attribute in td elements' do
aggregate_failures do
expect(doc.at_css('td:contains("Foo")')['style']).to eq 'text-align: center' expect(doc.at_css('td:contains("Foo")')['style']).to eq 'text-align: center'
expect(doc.at_css('td:contains("Bar")')['style']).to eq 'text-align: right' expect(doc.at_css('td:contains("Bar")')['style']).to eq 'text-align: right'
expect(doc.at_css('td:contains("Baz")')['style']).to eq 'text-align: left' expect(doc.at_css('td:contains("Baz")')['style']).to eq 'text-align: left'
...@@ -154,8 +177,7 @@ describe 'GitLab Markdown', feature: true do ...@@ -154,8 +177,7 @@ describe 'GitLab Markdown', feature: true do
end end
it 'removes `rel` attribute from links' do it 'removes `rel` attribute from links' do
body = get_section('sanitizationfilter') expect(doc).not_to have_selector('a[rel="bookmark"]')
expect(body).not_to have_selector('a[rel="bookmark"]')
end end
it "removes `href` from `a` elements if it's fishy" do it "removes `href` from `a` elements if it's fishy" do
...@@ -164,9 +186,8 @@ describe 'GitLab Markdown', feature: true do ...@@ -164,9 +186,8 @@ describe 'GitLab Markdown', feature: true do
end end
describe 'Escaping' do describe 'Escaping' do
let(:table) { doc.css('table').last.at_css('tbody') }
it 'escapes non-tag angle brackets' do it 'escapes non-tag angle brackets' do
table = doc.css('table').last.at_css('tbody')
expect(table.at_xpath('.//tr[1]/td[3]').inner_html).to eq '1 < 3 & 5' expect(table.at_xpath('.//tr[1]/td[3]').inner_html).to eq '1 < 3 & 5'
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment