|
|
|
@ -159,24 +159,19 @@ describe VersionsController do |
|
|
|
|
it "returns updated select box with new version" do |
|
|
|
|
version = Version.find_by_name('test_add_version_from_issue_form') |
|
|
|
|
|
|
|
|
|
pattern = "Element.replace\(\"work_package_fixed_version_id\"," |
|
|
|
|
# select tag with valid html |
|
|
|
|
pattern << " \"<select id=\\\"work_package_fixed_version_id\\\" name=\\\"work_package[fixed_version_id]\\\">" |
|
|
|
|
# empty option tag with valid html |
|
|
|
|
pattern << "<option></option>" |
|
|
|
|
# selected option tag for the new version with valid html |
|
|
|
|
pattern << "<option value=\\\"#{version.id}\\\" selected=\\\"selected\\\">#{version.name}</option>" |
|
|
|
|
pattern << "</select>\"\);" |
|
|
|
|
select_substring = "select id=\\\"work_package_fixed_version_id\\\" name=\\\"work_package[fixed_version_id]\\\"" |
|
|
|
|
# selected option tag for the new version |
|
|
|
|
option_substring = "option value=\\\"#{version.id}\\\" selected=\\\"selected\\\"" |
|
|
|
|
|
|
|
|
|
expect(response.body).to eq(pattern) |
|
|
|
|
response.body.include?(select_substring).should be_true |
|
|
|
|
response.body.include?(option_substring).should be_true |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it "escapes potentially harmful html" do |
|
|
|
|
harmful = "test <script>alert('pwned');</script>" |
|
|
|
|
post :create, :project_id => project.id, :version => {:name => harmful}, :format => :js |
|
|
|
|
version = Version.last |
|
|
|
|
|
|
|
|
|
expect(response.body.include?("lt;script>alert('pwned');</script>")).to be_true |
|
|
|
|
expect(response.body).to_not include("<script>alert('pwned');</script>") |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|