require "spec_helper"
describe HtmlTerminator do
it "sanitizes only fields specified" do
user = OnlyFirstName.new
user.first_name = "Hello "
expect(user.first_name).to eql("Hello")
user.last_name = "Hello "
expect(user.last_name).to eql("Hello ")
user.age = 3
expect(user.age).to eql(3)
end
it "doesn't escape ampersands" do
user = OnlyFirstName.new
user.first_name = "A & B & C"
expect(user.first_name).to eql("A & B & C")
end
it "skips sanitize when only one bracket" do
user = OnlyFirstName.new
user.first_name = "1 < 2"
expect(user.first_name).to eql("1 < 2")
user.first_name = "2 > 1"
expect(user.first_name).to eql("2 > 1")
end
it "handles ampersands" do
user = OnlyFirstName.new
user.first_name = "Mr. & Mrs. Smith"
expect(user.first_name).to eql("Mr. & Mrs. Smith")
end
it "doesn't blow up if value is not a string" do
user = OnlyFirstName.new
user.first_name = 1
expect(user.first_name).to eql("1")
end
it "honors options that are passed in" do
user = FirstNameWithOptions.new
user.first_name = "Hello "
expect(user.first_name).to eql("Hello ")
end
describe "#sanitize" do
it "strips out all html by default" do
val = HtmlTerminator.sanitize " "
expect(val).to eql("")
end
it "does not mark the output as html_safe" do
val = HtmlTerminator.sanitize " "
expect(val.html_safe?).to eql(false)
end
it "does not escape output that isn't stripped" do
val = HtmlTerminator.sanitize "
I said, \"Hello, John O'hare.\"
"
expect(val).to eql("I said, \"Hello, John O'hare.\"")
end
end
it "sanitizes different fields with different options" do
user = TwoFieldsWithOptions.new
user.first_name = "Hello strongem"
user.last_name = "Hello strongem"
expect(user.first_name).to eql("Hello strongem")
expect(user.last_name).to eql("Hello strongem")
end
it "sanitizes on validation" do
user = TwoFieldsWithOptions.new
user.first_name = "Hello strongem"
user.last_name = "Hello strongem"
user.valid?
expect(user.read_attribute(:first_name)).to eql("Hello strongem")
expect(user.read_attribute(:last_name)).to eql("Hello strongem")
end
end