From 520af0a8a47afb555228119748e68c5e93a8f37b Mon Sep 17 00:00:00 2001
From: Antonio Terceiro <terceiro@colivre.coop.br>
Date: Tue, 16 Aug 2011 10:18:32 -0700
Subject: [PATCH] Make sure TinyMCE's abstract is XSS-proof

---
 test/unit/tiny_mce_article_test.rb | 5 +++++
 1 file changed, 5 insertions(+), 0 deletions(-)

diff --git a/test/unit/tiny_mce_article_test.rb b/test/unit/tiny_mce_article_test.rb
index 6a44928..0b066fa 100644
--- a/test/unit/tiny_mce_article_test.rb
+++ b/test/unit/tiny_mce_article_test.rb
@@ -118,6 +118,11 @@ class TinyMceArticleTest < Test::Unit::TestCase
     assert_no_match /script/, article.name
   end
 
+  should 'not allow XSS on abstract' do
+    article = TinyMceArticle.create!(:name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile)
+    assert_no_match /script/, article.abstract
+  end
+
   should 'notifiable be true' do
     a = fast_create(TinyMceArticle)
     assert a.notifiable?
--
libgit2 0.21.2