Sha256: e0a07101d82002af12cce2b9b3991087f152203a27195fbe20835c5442ad8f82
Contents?: true
Size: 1.33 KB
Versions: 3
Compression:
Stored size: 1.33 KB
Contents
require 'spec_helper'
describe "Product Taxons", :type => :feature do
stub_authorization!
context "managing taxons", js: true do
def assert_selected_taxons(taxons)
# Regression test for https://github.com/spree/spree/issues/2139
taxons.each do |taxon|
expect(page).to have_css(".select2-search-choice", text: taxon.name)
end
expected_value = taxons.map(&:id).join(",")
expect(page).to have_xpath("//*[@id = 'product_taxon_ids' and @value = '#{expected_value}']", visible: :all)
end
let(:product) { create(:product) }
it "should allow an admin to manage taxons" do
taxon_1 = create(:taxon)
taxon_2 = create(:taxon, name: 'Clothing')
product.taxons << taxon_1
visit spree.edit_admin_product_path(product)
assert_selected_taxons([taxon_1])
select2_search "Clothing", :from => "Taxons"
click_button "Update"
assert_selected_taxons([taxon_1, taxon_2])
end
context "with an XSS attempt" do
let(:taxon_name) { %(<script>throw("XSS")</script>) }
let!(:taxon) { create(:taxon, name: taxon_name) }
it "displays the escaped HTML without executing it" do
visit spree.edit_admin_product_path(product)
select2_search "<script>", from: "Taxons"
expect(page).to have_content(taxon_name)
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems