Download as
Browse Code »

Commit d9680fb600b55d6b5f393f74e5fd9921677f9254

Authored by Rodrigo Souto
1 parent 94df4822
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

rails3: fix tiny_mce_article tests 

PS: still breaking xss_terminate related tests
Showing 1 changed file with 30 additions and 28 deletions   Show diff stats
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @d9680fb
... ... @@ -23,52 +23,52 @@ class TinyMceArticleTest < ActiveSupport::TestCase
23 23 end
24 24  
25 25 should 'not sanitize target attribute' do
26   - article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile)
  26 + article = create(TinyMceArticle, :name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile)
27 27 assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
28 28 end
29 29  
30 30 should 'not translate & to amp; over times' do
31   - article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
  31 + article = create(TinyMceArticle, :name => 'link', :body => "<a href='www.invalid.com?param1=value&param2=value'>link</a>", :profile => profile)
32 32 assert article.save
33 33 assert_no_match(/&amp;amp;/, article.body)
34 34 assert_match(/&amp;/, article.body)
35 35 end
36 36  
37 37 should 'not escape comments from tiny mce article body' do
38   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...")
  38 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...")
39 39 assert_equal "the <!-- comment --> article ...", article.body
40 40 end
41 41  
42 42 should 'convert entities characters to UTF-8 instead of ISO-8859-1' do
43   - article = TinyMceArticle.create!(:profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="inform&#225;tica">link</a>')
  43 + article = create(TinyMceArticle, :profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="inform&#225;tica">link</a>')
44 44 assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect)
45 45 end
46 46  
47 47 should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do
48   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")
49   - assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body
  48 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->")
  49 + assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body.html_safe
50 50 end
51 51  
52 52 should 'remove iframe if it is not from a trusted site' do
53   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>")
  53 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>")
54 54 assert_equal "", article.body
55 55 end
56 56  
57 57 should 'not mess with <iframe and </iframe if it is from itheora by default' do
58 58 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org'
59   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>")
  59 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>")
60 60 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/demo/index.php?v=example.ogv"}
61 61 end
62 62  
63 63 should 'allow iframe if it is from stream.softwarelivre.org by default' do
64 64 assert_includes Environment.default.trusted_sites_for_iframe, 'stream.softwarelivre.org'
65   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>")
  65 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>")
66 66 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg"}
67 67 end
68 68  
69 69 should 'allow iframe if it is from tv.softwarelivre.org by default' do
70 70 assert_includes Environment.default.trusted_sites_for_iframe, 'tv.softwarelivre.org'
71   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
  71 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>")
72 72 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"}
73 73 end
74 74  
... ... @@ -77,12 +77,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
77 77 env.trusted_sites_for_iframe = ['avideosite.com']
78 78 env.save
79 79 assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com'
80   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>")
  80 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>")
81 81 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://avideosite.com/videos.ogg"}
82 82 end
83 83  
84 84 should 'remove only the iframe from untrusted site' do
85   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>")
  85 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>")
86 86 assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/videos.ogg"}
87 87 assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"}
88 88 end
... ... @@ -90,13 +90,13 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
90 90 should 'remove iframe if it has 2 or more src' do
91 91 assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org'
92 92  
93   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>")
  93 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>")
94 94 assert_equal '', article.body
95 95 end
96 96  
97 97 #TinymMCE convert config={"key":(.*)} in config={&quotkey&quot:(.*)}
98 98 should 'not replace &quot with &amp;quot; when adding an Archive.org video' do
99   - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}'> </embed>")
  99 + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}'> </embed>")
100 100 assert_equal "<embed flashvars=\"config={&quot;key&quot;:&quot;\#$b6eb72a0f2f1e29f3d4&quot;}\"> </embed>", article.body
101 101 end
102 102  
... ... @@ -109,12 +109,12 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
109 109 end
110 110  
111 111 should 'not allow XSS on name' do
112   - article = TinyMceArticle.create!(:name => 'title with <script>alert("xss")</script>', :profile => profile)
  112 + article = create(TinyMceArticle, :name => 'title with <script>alert("xss")</script>', :profile => profile)
113 113 assert_no_match /script/, article.name
114 114 end
115 115  
116 116 should 'not allow XSS on abstract' do
117   - article = TinyMceArticle.create!(:name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile)
  117 + article = create(TinyMceArticle, :name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile)
118 118 assert_no_match /script/, article.abstract
119 119 end
120 120  
... ... @@ -125,23 +125,24 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
125 125  
126 126 should 'notify activity on create' do
127 127 ActionTracker::Record.delete_all
128   - TinyMceArticle.create! :name => 'test', :profile_id => fast_create(Profile).id, :published => true
  128 + create TinyMceArticle, :name => 'test', :profile_id => fast_create(Profile).id, :published => true
129 129 assert_equal 1, ActionTracker::Record.count
130 130 end
131 131  
132 132 should 'not group trackers activity of article\'s creation' do
133 133 ActionTracker::Record.delete_all
134 134 profile = fast_create(Profile)
135   - TinyMceArticle.create! :name => 'bar', :profile_id => profile.id, :published => true
136   - TinyMceArticle.create! :name => 'another bar', :profile_id => profile.id, :published => true
  135 + create TinyMceArticle, :name => 'bar', :profile_id => profile.id, :published => true
  136 + create TinyMceArticle, :name => 'another bar', :profile_id => profile.id, :published => true
137 137 assert_equal 2, ActionTracker::Record.count
138   - TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
  138 + create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
139 139 assert_equal 3, ActionTracker::Record.count
140 140 end
141 141  
142 142 should 'not update activity on update of an article' do
143 143 ActionTracker::Record.delete_all
144 144 profile = fast_create(Profile)
  145 + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person))
145 146 article = create(TinyMceArticle, :profile_id => profile.id)
146 147 time = article.activity.updated_at
147 148 Time.stubs(:now).returns(time + 1.day)
... ... @@ -154,8 +155,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
154 155  
155 156 should 'not create trackers activity when updating articles' do
156 157 ActionTracker::Record.delete_all
157   - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
158   - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
  158 + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
  159 + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
159 160 assert_no_difference ActionTracker::Record, :count do
160 161 a1.name = 'foo';a1.save!
161 162 a2.name = 'another foo';a2.save!
... ... @@ -164,8 +165,8 @@ class TinyMceArticleTest &lt; ActiveSupport::TestCase
164 165  
165 166 should 'remove activity when an article is destroyed' do
166 167 ActionTracker::Record.delete_all
167   - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
168   - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
  168 + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true
  169 + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true
169 170 assert_difference ActionTracker::Record, :count, -2 do
170 171 a1.destroy
171 172 a2.destroy
... ... @@ -178,20 +179,21 @@ end
178 179 p1 = Person.first
179 180 community.add_member(p1)
180 181 assert p1.is_member_of?(community)
181   - article = TinyMceArticle.create! :name => 'test', :profile_id => community.id
  182 + article = create TinyMceArticle, :name => 'test', :profile_id => community.id
182 183 assert_equal article, ActionTracker::Record.last.target
183 184 end
184 185  
185 186 should "the tracker action target be defined as the article on articles'creation in profile" do
186 187 ActionTracker::Record.delete_all
187 188 person = Person.first
188   - article = TinyMceArticle.create! :name => 'test', :profile_id => person.id
  189 + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person))
  190 + article = create TinyMceArticle, :name => 'test', :profile_id => person.id
189 191 assert_equal article, ActionTracker::Record.last.target
190 192 end
191 193  
192 194 should 'not notify activity if the article is not advertise' do
193 195 ActionTracker::Record.delete_all
194   - a = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false
  196 + a = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false
195 197 assert_equal true, a.published?
196 198 assert_equal true, a.notifiable?
197 199 assert_equal false, a.image?
... ... @@ -204,7 +206,7 @@ end
204 206 end
205 207  
206 208 should "the common trackable conditions return the correct value" do
207   - a = TinyMceArticle.new(:profile => profile)
  209 + a = build(TinyMceArticle, :profile => profile)
208 210 a.published = a.advertise = true
209 211 assert_equal true, a.published?
210 212 assert_equal true, a.notifiable?
... ...