added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies

added sane way to do $LAB includes - pattern to be expanded people keep on messing structure.sql
2025-06-06 03:06:53 +08:00 · 2013-02-20 15:37:42 +11:00
parent a1099ed74e
commit 0c085059c9
9 changed files with 2592 additions and 2080 deletions
--- a/spec/javascripts/sanitize_spec.js
+++ b/spec/javascripts/sanitize_spec.js
@ -0,0 +1,19 @@
+describe("sanitize", function(){
+
+
+  it("strips all script tags", function(){
+    sanitized = sanitizeHtml("<div><script>alert('hi');</script></div>");  
+
+    expect(sanitized)
+      .toBe("<div></div>");
+  });
+
+  it("strips disallowed attributes", function(){
+    sanitized = sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>");
+
+    expect(sanitized)
+      .toBe("<div><p class=\"funky\">hello</p></div>");
+  });
+});
+
+