github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 03:36:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: validate poll parameters when type=multiple

Browse Source
This commit is contained in:
Régis Hanol
2015-06-01 19:28:05 +02:00
parent 72f7c26514
commit f736b6face
5 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/poll/spec/controllers/posts_controller_spec.rb
View File

@ -49,6 +49,13 @@ describe PostsController do
expect(json["errors"][0]).to eq(I18n.t("poll.default_poll_must_have_less_options", max: SiteSetting.poll_maximum_options))
end
it "should have valid parameters" do
xhr :post, :create, { title: title, raw: "[poll type=multiple min=5]\n- A\n- B[/poll]" }
expect(response).not_to be_success
json = ::JSON.parse(response.body)
expect(json["errors"][0]).to eq(I18n.t("poll.default_poll_with_multiple_choices_has_invalid_parameters"))
end
it "prevents self-xss" do
xhr :post, :create, { title: title, raw: "[poll name=<script>alert('xss')</script>]\n- A\n- B\n[/poll]" }
expect(response).to be_success