diff options
| -rw-r--r-- | app/helpers/application_helper.rb | 2 | ||||
| -rw-r--r-- | spec/helpers/application_helper_spec.rb | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 0e48889ebf8..ab98c894b82 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -192,7 +192,7 @@ module ApplicationHelper alt: "Sign in with #{provider.to_s.titleize}") end - def simple_sanitize str + def simple_sanitize(str) sanitize(str, tags: %w(a span)) end diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 0d066be5b45..d63a2de8806 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -123,4 +123,21 @@ describe ApplicationHelper do end end + describe "simple_sanitize" do + let(:a_tag) { '<a href="#">Foo</a>' } + + it "allows the a tag" do + simple_sanitize(a_tag).should == a_tag + end + + it "allows the span tag" do + input = '<span class="foo">Bar</span>' + simple_sanitize(input).should == input + end + + it "disallows other tags" do + input = "<strike><b>#{a_tag}</b></strike>" + simple_sanitize(input).should == a_tag + end + end end |