devcenter-parser_test.rb in devcenter-parser-2.2.0

- old
+ new
@@ -28,19 +28,23 @@
 
     it 'does not create <em>s inside words' do
       assert_parsing_result 'foo_bar_baz', '<p>foo_bar_baz</p>'
     end
 
+    it 'removes iframes with script tags in the src' do
+      md = '<iframe src="data:text/html,<script>alert(document.domain)</script>"></iframe>'
+      html = ''
+      assert_parsing_result md, html
+    end
+
     it 'removes script tags and their content' do
       md = '<strong>clean<script>alert("hack!")</script></strong>'
       html = '<p><strong>clean</strong></p>'
       assert_parsing_result md, html
     end
 
     it 'allows embedding vimeo videos' do
-      src = <<-SRC
-<iframe src=\"https://player.vimeo.com/video/61044807?title=0&amp;byline=0&amp;portrait=0&amp;color=a086ee\" width=\"500\" height=\"281\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
-SRC
+      src = '<iframe src="https://player.vimeo.com/video/61044807?title=0&amp;byline=0&amp;portrait=0&amp;color=a086ee" width="50" height="281" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>'
       assert_parsing_result src, src
     end
 
     describe 'github markdown' do
       it 'leaves HTML comments' do