ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

spec: 927147 block linked page from redirecting parent page 

- verifies that the linked page cannot exploit the
Windows Opener Property bug
- verifies the link includes the rel="noreferrer" attribute
- turns out this was much more testable from Selenium
- no outside websites visited

Change-Id: I24ecb131c4eb4fd3528456c1aef79273a742ae96
Reviewed-on: https://gerrit.instructure.com/86406
Tested-by: Jenkins
Reviewed-by: August Thornton <august@instructure.com>
Reviewed-by: Gentry Beckmann <gbeckmann@instructure.com>
Product-Review: Gentry Beckmann <gbeckmann@instructure.com>
QA-Review: Gentry Beckmann <gbeckmann@instructure.com>
This commit is contained in:
Heath Hales 2016-07-28 08:41:28 -06:00 committed by Gentry Beckmann
parent 79aedc8495
commit e53496af73
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spec/selenium/wiki_pages_spec.rb
View File

@ -96,6 +96,13 @@ describe "Wiki Pages" do
switch_editor_views(wiki_page_body)
expect(f('textarea')).to include_text('test')
end
it "blocks linked page from redirecting parent page", priority: "2", test_id: 927147 do
@course.wiki.wiki_pages.create!(title: 'Garfield and Odie Food Preparation',
body: '<a href="http://example.com/poc/" target="_blank" id="click_here_now">click_here</a>')
get "/courses/#{@course.id}/pages/garfield-and-odie-food-preparation"
expect(f('#click_here_now').attribute("rel")).to eq "noreferrer"
end
end
context "Index Page as a teacher" do