discourse/spec/javascripts/sanitize_spec.js

/*global waitsFor:true expect:true describe:true beforeEach:true it:true sanitizeHtml:true */

describe("sanitize", function(){

  it("strips all script tags", function(){
    var sanitized = sanitizeHtml("<div><script>alert('hi');</script></div>");
    expect(sanitized).toBe("<div></div>");
  });

  it("strips disallowed attributes", function(){
    var sanitized = sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>");
    expect(sanitized).toBe("<div><p class=\"funky\">hello</p></div>");
  });

});
Convert all CoffeeScript to Javascript. See: http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153 2013-02-20 13:15:50 -05:00			`/global waitsFor:true expect:true describe:true beforeEach:true it:true sanitizeHtml:true /`

added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies added sane way to do $LAB includes - pattern to be expanded people keep on messing structure.sql 2013-02-19 23:37:42 -05:00			`describe("sanitize", function(){`

			`it("strips all script tags", function(){`
remove trailing whitespaces :heart: 2013-02-25 11:42:20 -05:00			`var sanitized = sanitizeHtml("<div><script>alert('hi');</script></div>");`
cleaned up all javascript specs for better readability 2013-02-27 21:26:20 -05:00			`expect(sanitized).toBe("<div></div>");`
added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies added sane way to do $LAB includes - pattern to be expanded people keep on messing structure.sql 2013-02-19 23:37:42 -05:00			`});`

			`it("strips disallowed attributes", function(){`
Convert all CoffeeScript to Javascript. See: http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153 2013-02-20 13:15:50 -05:00			`var sanitized = sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>");`
cleaned up all javascript specs for better readability 2013-02-27 21:26:20 -05:00			`expect(sanitized).toBe("<div><p class=\"funky\">hello</p></div>");`
added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies added sane way to do $LAB includes - pattern to be expanded people keep on messing structure.sql 2013-02-19 23:37:42 -05:00			`});`

cleaned up all javascript specs for better readability 2013-02-27 21:26:20 -05:00			`});`