discourse/spec/javascripts/sanitize_spec.js

describe("sanitize", function(){


  it("strips all script tags", function(){
    sanitized = sanitizeHtml("<div><script>alert('hi');</script></div>");  

    expect(sanitized)
      .toBe("<div></div>");
  });

  it("strips disallowed attributes", function(){
    sanitized = sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>");

    expect(sanitized)
      .toBe("<div><p class=\"funky\">hello</p></div>");
  });
});
added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies added sane way to do $LAB includes - pattern to be expanded people keep on messing structure.sql 2013-02-19 23:37:42 -05:00			`describe("sanitize", function(){`


			`it("strips all script tags", function(){`
			`sanitized = sanitizeHtml("<div><script>alert('hi');</script></div>");`

			`expect(sanitized)`
			`.toBe("<div></div>");`
			`});`

			`it("strips disallowed attributes", function(){`
			`sanitized = sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>");`

			`expect(sanitized)`
			`.toBe("<div><p class=\"funky\">hello</p></div>");`
			`});`
			`});`