This repository was archived by the owner on Nov 8, 2022. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +6
-2
lines changed
test/groupher_server_web/mutation/cms Expand file tree Collapse file tree 1 file changed +6
-2
lines changed Original file line number Diff line number Diff line change @@ -63,18 +63,22 @@ defmodule GroupherServer.Test.Mutation.Post do
6363 assert { :ok , _ } = ORM . find_by ( CMS.Author , user_id: user . id )
6464 end
6565
66+ <<< <<< < HEAD
67+ === ====
68+ @ tag :wip
69+ >>> >>> > fix ( xss ) : add escape hepler for resources
6670 test "create post should excape xss attracts" do
6771 { :ok , user } = db_insert ( :user )
6872 user_conn = simu_conn ( :user , user )
6973
7074 { :ok , community } = db_insert ( :community )
71- post_attr = mock_attrs ( :post , % { body: assert_v ( :xss_string ) } )
75+ post_attr = mock_attrs ( :post , % { body: "<script>alert( \" hello,world \" )</script>" } )
7276
7377 variables = post_attr |> Map . merge ( % { communityId: community . id } )
7478 created = user_conn |> mutation_result ( @ create_post_query , variables , "createPost" )
7579 { :ok , post } = ORM . find ( CMS.Post , created [ "id" ] )
7680
77- assert post . body == assert_v ( :xss_safe_string )
81+ assert post . body == "<script>alert("hello,world")</script>"
7882 end
7983
8084 # NOTE: this test is IMPORTANT, cause json_codec: Jason in router will cause
You can’t perform that action at this time.
0 commit comments