Sha256: e23d5425641a5cc3daf9935f299101b1ea8ffad0172662ceb509e0de5b2f42e5
Contents?: true
Size: 1.91 KB
Versions: 18
Compression:
Stored size: 1.91 KB
Contents
# frozen_string_literal: true
shared_examples "having a rich text editor for field" do |selector, toolbar|
it "has a rich text editor" do
within selector do
expect(page).to have_selector("div.editor-container[data-toolbar='#{toolbar}']", visible: :all)
end
end
end
shared_examples "having a rich text editor" do |css, toolbar|
it_behaves_like "having a rich text editor for field", "form.#{css}", toolbar
end
shared_context "with rich text editor content" do
let(:content) { "<p>#{safe_tags}</p>#{script}" }
let(:safe_tags) { em + u + strong }
let(:em) { "<em>em</em>" }
let(:u) { "<u>u</u>" }
let(:strong) { "<strong>strong</strong>" }
let(:script) { "<script>alert('SCRIPT')</script>" }
end
shared_examples "rendering safe content" do |css|
include_context "with rich text editor content"
it "renders potentially safe HTML tags unescaped" do
within css do
expect(page).to have_selector("em", text: "em")
expect(page).to have_selector("u", text: "u")
expect(page).to have_selector("strong", text: "strong")
end
end
it "sanitizes potentially malicious HTML tags" do
within css do
expect(page).not_to have_selector("script", visible: :all)
expect(page).to have_content("alert('SCRIPT')")
end
end
end
shared_examples "rendering unsafe content" do |css|
include_context "with rich text editor content"
it "sanitizes potentially safe HTML tags" do
within css do
expect(page).not_to have_selector("em")
expect(page).to have_content("em")
expect(page).not_to have_selector("u")
expect(page).to have_content("u")
expect(page).not_to have_selector("strong")
expect(page).to have_content("strong")
end
end
it "strips potentially malicious HTML tags" do
within css do
expect(page).not_to have_selector("script", visible: :all)
expect(page).not_to have_content("alert('SCRIPT')")
end
end
end
Version data entries
18 entries across 18 versions & 1 rubygems