has_xss_sanitized_note_examples.rb 735 B

123456789101112131415161718
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:, attribut_name: :note|
  3. describe 'XSS prevention' do
  4. context 'with injected JS' do
  5. subject { create(model_factory, attribut_name => 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
  6. before do
  7. # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
  8. stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
  9. end
  10. it 'strips out <script> tag with content' do
  11. expect(subject).to have_attributes(attribut_name =>'test 123 <b>some text</b>')
  12. end
  13. end
  14. end
  15. end