defmodule Pleroma.Web.ActivityPub.ObjectValidators.Types.SafeTextTest do
use Pleroma.DataCase
- alias Pleroma.Web.ActivityPub.ObjectValidators.Types.SafeText
+ alias Pleroma.EctoType.ActivityPub.ObjectValidators.SafeText
test "it lets normal text go through" do
text = "hey how are you"
assert {:ok, "hey look xss alert('foo')"} == SafeText.cast(text)
end
+ test "it keeps basic html tags" do
+ text = "hey <a href='http://gensokyo.2hu'>look</a> xss <script>alert('foo')</script>"
+
+ assert {:ok, "hey <a href=\"http://gensokyo.2hu\">look</a> xss alert('foo')"} ==
+ SafeText.cast(text)
+ end
+
test "errors for non-text" do
assert :error == SafeText.cast(1)
end