github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 16:29:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Escape watched word in error message (#14434)

Browse Source
This commit is contained in:
Bianca Nenciu
2021-09-24 11:55:15 +03:00
committed by GitHub
parent e5754dedf4
commit 1f57b29147
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
spec/integration/watched_words_spec.rb
View File

@ -32,6 +32,14 @@ describe WatchedWord do
}.to_not change { Post.count }
end
it "escapes the blocked word in error message" do
block_word = Fabricate(:watched_word, action: WatchedWord.actions[:block], word: "<a>")
manager = NewPostManager.new(tl2_user, raw: "Want some #{block_word.word} for cheap?", topic_id: topic.id)
result = manager.perform
expect(result).to_not be_success
expect(result.errors[:base]&.first).to eq(I18n.t('contains_blocked_word', word: "&lt;a&gt;"))
end
it "should prevent the post from being created" do
manager = NewPostManager.new(tl2_user, raw: "Want some #{block_word.word} for cheap?", topic_id: topic.id)
should_block_post(manager)