Skip to content

Commit

Permalink
call the cops
Browse files Browse the repository at this point in the history
  • Loading branch information
@orangewolf
orangewolf committed Sep 19, 2024
1 parent af00bbf commit f31230b
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions spec/hyrax/transactions/steps/save_collection_logo_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,11 @@
let(:uploaded) { FactoryBot.create(:uploaded_file) }

it 'saves logo metadata' do
expect(step.call(collection, update_logo_file_ids: [uploaded.id.to_s], alttext_values: ["Logo alt Text"], linkurl_values: ["http://abc.com"], logo_unchanged_indicator: false)).to be_success
expect(step.call(collection,
update_logo_file_ids: [uploaded.id.to_s],
alttext_values: ["Logo alt Text"],
linkurl_values: ["http://abc.com"],
logo_unchanged_indicator: false)).to be_success

expect(CollectionBrandingInfo
.where(collection_id: collection.id.to_s,
Expand All @@ -25,7 +29,11 @@
end

it 'does not save linkurl containing html; target_url is empty' do
expect(step.call(collection, update_logo_file_ids: [uploaded.id.to_s], alttext_values: ["Logo alt Text"], linkurl_values: ["<script>remove_me</script>"], logo_unchanged_indicator: false)).to be_success
expect(step.call(collection,
update_logo_file_ids: [uploaded.id.to_s],
alttext_values: ["Logo alt Text"],
linkurl_values: ["<script>remove_me</script>"],
logo_unchanged_indicator: false)).to be_success

expect(
CollectionBrandingInfo.where(
Expand All @@ -36,7 +44,11 @@
end

it 'does not save linkurl containing dodgy protocol; target_url is empty' do
expect(step.call(collection, update_logo_file_ids: [uploaded.id.to_s], alttext_values: ["Logo alt Text"], linkurl_values: ['javascript:alert("remove_me")'], logo_unchanged_indicator: false)).to be_success
expect(step.call(collection,
update_logo_file_ids: [uploaded.id.to_s],
alttext_values: ["Logo alt Text"],
linkurl_values: ['javascript:alert("remove_me")'],
logo_unchanged_indicator: false)).to be_success

expect(
CollectionBrandingInfo.where(
Expand Down

0 comments on commit f31230b

Please sign in to comment.