tests: add tests for evil HTML filtering

author William Pitcock <nenolod@dereferenced.org>

Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)
author William Pitcock <nenolod@dereferenced.org>
Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs

index 2a2c40833839bfbd28f9890c2a6fc1cc161687c7..cd5aca961031187b1d70e4cfdc1ca16ebede6d9b 100644 (file)
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -21,4 +21,36 @@ defmodule Pleroma.Web.CommonAPI.Test do
  
      assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
    end
+
+  describe "posting" do
+    test "it filters out obviously bad tags when accepting a post as HTML" do
+      user = insert(:user)
+
+      post = "<h1>2hu</h1><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/html"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<h1>2hu</h1>alert('xss')"
+    end
+
+    test "it filters out obviously bad tags when accepting a post as Markdown" do
+      user = insert(:user)
+
+      post = "<h1>2hu</h1><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/markdown"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<h1>2hu</h1>alert('xss')"
+    end
+  end
  end
author	William Pitcock <nenolod@dereferenced.org>
	Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Fri, 31 Aug 2018 03:34:56 +0000 (03:34 +0000)