mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix action-text-attachment HTML escaping regression test 

Regression test included in 1ac6d40 was not exercising
the correct method. Switched from to_html()
to to_trix_html().
This commit is contained in:
Zack Deveau 2024-06-12 12:37:46 -04:00
parent 2ebb508cd8
commit 6678de6ce2
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actiontext/test/unit/attachment_test.rb
View File

@ -79,13 +79,10 @@ class ActionText::AttachmentTest < ActiveSupport::TestCase
end
end
test "sanitizes HTML content attachment" do
attachment = attachment_from_html('<action-text-attachment content-type="text/html" content="<img src=\&quot;.\&quot; onerror=alert>"></action-text-attachment>')
attachable = attachment.attachable
test "to_trix_html sanitizes action-text HTML content attachment" do
attachment = ActionText::Content.new("<action-text-attachment content-type=\"text/html\" content=\"<img src=. onerror='alert(location)' />\"></action-text-attachment>")
ActionText::Content.with_renderer MessagesController.renderer do
assert_equal "<img src=\"\\%22.\\%22\">", attachable.to_html.strip
end
assert_equal "<figure data-trix-attachment=\"{&quot;contentType&quot;:&quot;text/html&quot;,&quot;content&quot;:&quot;<img src=\\&quot;.\\&quot;>&quot;}\"></figure>", attachment.to_trix_html
end
test "defaults trix partial to model partial" do