CommonAPI.update(user)
user = User.get_cached_by_ap_id(user.ap_id)
- [karjalanpiirakka] = user.info["source_data"]["tag"]
+ [karjalanpiirakka] = user.info.source_data["tag"]
assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
end
test "it filters out obviously bad tags when accepting a post as HTML" do
user = insert(:user)
- post = "<h1>2hu</h1><script>alert('xss')</script>"
+ post = "<p><b>2hu</b></p><script>alert('xss')</script>"
{:ok, activity} =
CommonAPI.post(user, %{
})
content = activity.data["object"]["content"]
- assert content == "<h1>2hu</h1>alert('xss')"
+ assert content == "<p><b>2hu</b></p>alert('xss')"
end
test "it filters out obviously bad tags when accepting a post as Markdown" do
user = insert(:user)
- post = "<h1>2hu</h1><script>alert('xss')</script>"
+ post = "<p><b>2hu</b></p><script>alert('xss')</script>"
{:ok, activity} =
CommonAPI.post(user, %{
})
content = activity.data["object"]["content"]
- assert content == "<h1>2hu</h1>alert('xss')"
+ assert content == "<p><b>2hu</b></p>alert('xss')"
end
end
end