spec/lib/onebox/engine_spec.rb in onebox-1.7.3 vs spec/lib/onebox/engine_spec.rb in onebox-1.7.4

@@ -16,20 +16,14 @@
       { key: "value" }
     end
   end
 
   describe "#link" do
-    before { allow(Onebox::View).to receive(:template) { %|this shold be a template| } }
+    before { allow(Onebox::View).to receive(:template) { %|this should be a template| } }
 
     it "escapes `link`" do
       html = OneboxEngineExample.new(%|http://foo.com/'?a=1&b=2|).to_html
       expect(html).not_to match(/&(?!amp;)(?!#39;)/)
-    end
-
-    it "escapes xss" do
-      skip 'this is checking the wrong thing'
-      html = OneboxEngineExample.new(%|http://foo.com/'?%20onmouseover=alert(/foo/)|).to_html
-      expect(html).not_to include(%|onmouseover=alert(/foo/)|)
     end
   end
 
   describe "#record" do
     class OneboxEngineRecord