Sha256: 66ebdebe34f9e43f669eed66b39c607a7310632a9444cf10976372bc6f298d83

Contents?: true

Size: 1.36 KB

Versions: 37

Compression:

Stored size: 1.36 KB

Contents

require 'spec_helper'

describe "Product Display Order", type: :feature do
  stub_authorization!

  context "managing display order", js: true do
    def assert_selected_taxons(taxons)
      # Regression test for https://github.com/spree/spree/issues/2139
      taxons.each do |taxon|
        expect(page).to have_css(".select2-search-choice", text: taxon.name)
      end

      expected_value = taxons.map(&:id).join(",")
      expect(page).to have_xpath("//*[@id = 'product_taxon_ids' and @value = '#{expected_value}']", visible: :all)
    end

    let(:product) { create(:product) }

    it "should allow an admin to manage display order (taxons)" do
      taxon_1 = create(:taxon)
      taxon_2 = create(:taxon, name: 'Clothing')
      product.taxons << taxon_1

      visit spree.edit_admin_product_path(product)

      assert_selected_taxons([taxon_1])

      select2_search "Clothing", from: "Taxon"
      click_button "Update"
      assert_selected_taxons([taxon_1, taxon_2])
    end

    context "with an XSS attempt" do
      let(:taxon_name) { %(<script>throw("XSS")</script>) }
      let!(:taxon) { create(:taxon, name: taxon_name) }
      it "displays the escaped HTML without executing it" do
        visit spree.edit_admin_product_path(product)

        select2_search "<script>", from: "Taxon"

        expect(page).to have_content(taxon_name)
      end
    end
  end
end

Version data entries

37 entries across 37 versions & 1 rubygems

Version Path
solidus_backend-2.5.2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.5.1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.5.0 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.5.0.rc1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.5.0.beta2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.5.0.beta1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.4.2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.4.1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.3.1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.2.2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.1.1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.0.3 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-1.4.2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.4.0 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.4.0.rc1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.4.0.beta1 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.3.0 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.3.0.rc3 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.3.0.rc2 spec/features/admin/products/edit/taxons_spec.rb
solidus_backend-2.3.0.rc1 spec/features/admin/products/edit/taxons_spec.rb