You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 lines
662 B
21 lines
662 B
1 year ago
|
# frozen_string_literal: true
|
||
|
|
||
|
require 'rails_helper'
|
||
|
|
||
|
describe 'admin/trends/links/_preview_card.html.haml' do
|
||
|
it 'correctly escapes user supplied url values' do
|
||
|
form = instance_double(ActionView::Helpers::FormHelper, check_box: nil)
|
||
|
trend = PreviewCardTrend.new(allowed: false)
|
||
|
preview_card = Fabricate.build(
|
||
|
:preview_card,
|
||
|
url: 'https://host.example/path?query=<script>',
|
||
|
trend: trend,
|
||
|
title: 'Fun'
|
||
|
)
|
||
|
|
||
|
render partial: 'admin/trends/links/preview_card', locals: { preview_card: preview_card, f: form }
|
||
|
|
||
|
expect(rendered).to include('<a href="https://host.example/path?query=<script>">Fun</a>')
|
||
|
end
|
||
|
end
|