diff options
Diffstat (limited to 'spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb')
-rw-r--r-- | spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb index 1f65268bd3c..67b480f8973 100644 --- a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb @@ -5,9 +5,9 @@ require 'spec_helper' RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do include FilterSpecHelper - it_behaves_like 'default whitelist' + it_behaves_like 'default allowlist' - describe 'custom whitelist' do + describe 'custom allowlist' do it_behaves_like 'XSS prevention' it_behaves_like 'sanitize link' @@ -26,19 +26,19 @@ RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do end context 'when `a` elements have `style` attribute' do - let(:whitelisted_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' } + let(:allowed_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' } context 'allows specific properties' do - let(:exp) { %{<a href="#" style="#{whitelisted_style}">Stylish Link</a>} } + let(:exp) { %{<a href="#" style="#{allowed_style}">Stylish Link</a>} } it { is_expected.to eq(exp) } end it 'disallows other properties in `style` attribute on `a` elements' do - style = [whitelisted_style, 'position: fixed'].join(';') + style = [allowed_style, 'position: fixed'].join(';') doc = filter(%{<a href="#" style="#{style}">Stylish Link</a>}) - expect(doc.at_css('a')['style']).to eq(whitelisted_style) + expect(doc.at_css('a')['style']).to eq(allowed_style) end end |