From e7871ed05e9ebc8e2fe2f1afe966285e767c682f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 31 Aug 2018 03:34:56 +0000 Subject: [PATCH] tests: add tests for evil HTML filtering --- test/web/common_api/common_api_test.exs | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 2a2c40833..cd5aca961 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -21,4 +21,36 @@ test "it adds emoji when updating profiles" do assert karjalanpiirakka["name"] == ":karjalanpiirakka:" end + + describe "posting" do + test "it filters out obviously bad tags when accepting a post as HTML" do + user = insert(:user) + + post = "

2hu

" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/html" + }) + + content = activity.data["object"]["content"] + assert content == "

2hu

alert('xss')" + end + + test "it filters out obviously bad tags when accepting a post as Markdown" do + user = insert(:user) + + post = "

2hu

" + + {:ok, activity} = + CommonAPI.post(user, %{ + "status" => post, + "content_type" => "text/markdown" + }) + + content = activity.data["object"]["content"] + assert content == "

2hu

alert('xss')" + end + end end