diff options
author | Robert Speicher <robert@gitlab.com> | 2017-04-02 17:39:41 +0000 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-04-05 21:03:46 -0700 |
commit | 2e8aa209f013d567bb3956a3e4201d3b2d63fe10 (patch) | |
tree | 4e2562c7630c5aa4d4bb68bd3e179f80a64eb5c3 /spec/lib/banzai/filter/sanitization_filter_spec.rb | |
parent | 5fde7c6c3b415656fe443a3ce27f12f41507a713 (diff) | |
download | gitlab-ce-2e8aa209f013d567bb3956a3e4201d3b2d63fe10.tar.gz |
Merge branch '30125-markdown-security'
Remove class from SanitizationFilter whitelist
See merge request !2079
Diffstat (limited to 'spec/lib/banzai/filter/sanitization_filter_spec.rb')
-rw-r--r-- | spec/lib/banzai/filter/sanitization_filter_spec.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index b4cd5f63a15..fdbc65b5e00 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -49,11 +49,12 @@ describe Banzai::Filter::SanitizationFilter, lib: true do instance = described_class.new('Foo') 3.times { instance.whitelist } - expect(instance.whitelist[:transformers].size).to eq 5 + expect(instance.whitelist[:transformers].size).to eq 4 end - it 'allows syntax highlighting' do - exp = act = %q{<pre class="code highlight white c"><code><span class="k">def</span></code></pre>} + it 'sanitizes `class` attribute from all elements' do + act = %q{<pre class="code highlight white c"><code><span class="k">def</span></code></pre>} + exp = %q{<pre><code><span class="k">def</span></code></pre>} expect(filter(act).to_html).to eq exp end |