+ html = html_response(conn, 200)
+ assert html =~ ~s[<script>alert('xss')</script>]
+ end
+
+ test "shows the whole thread", %{conn: conn, user: user} do
+ {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})
+
+ CommonAPI.post(user, %{
+ status: "these are the voyages or something",
+ in_reply_to_status_id: activity.id
+ })
+
+ conn = get(conn, "/notice/#{activity.id}")
+