Commit d9680fb600b55d6b5f393f74e5fd9921677f9254
1 parent
94df4822
Exists in
master
and in
29 other branches
rails3: fix tiny_mce_article tests
PS: still breaking xss_terminate related tests
Showing
1 changed file
with
30 additions
and
28 deletions
Show diff stats
test/unit/tiny_mce_article_test.rb
@@ -23,52 +23,52 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -23,52 +23,52 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
23 | end | 23 | end |
24 | 24 | ||
25 | should 'not sanitize target attribute' do | 25 | should 'not sanitize target attribute' do |
26 | - article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile) | 26 | + article = create(TinyMceArticle, :name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => profile) |
27 | assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} | 27 | assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'} |
28 | end | 28 | end |
29 | 29 | ||
30 | should 'not translate & to amp; over times' do | 30 | should 'not translate & to amp; over times' do |
31 | - article = TinyMceArticle.create!(:name => 'link', :body => "<a href='www.invalid.com?param1=value¶m2=value'>link</a>", :profile => profile) | 31 | + article = create(TinyMceArticle, :name => 'link', :body => "<a href='www.invalid.com?param1=value¶m2=value'>link</a>", :profile => profile) |
32 | assert article.save | 32 | assert article.save |
33 | assert_no_match(/&amp;/, article.body) | 33 | assert_no_match(/&amp;/, article.body) |
34 | assert_match(/&/, article.body) | 34 | assert_match(/&/, article.body) |
35 | end | 35 | end |
36 | 36 | ||
37 | should 'not escape comments from tiny mce article body' do | 37 | should 'not escape comments from tiny mce article body' do |
38 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...") | 38 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!-- comment --> article ...") |
39 | assert_equal "the <!-- comment --> article ...", article.body | 39 | assert_equal "the <!-- comment --> article ...", article.body |
40 | end | 40 | end |
41 | 41 | ||
42 | should 'convert entities characters to UTF-8 instead of ISO-8859-1' do | 42 | should 'convert entities characters to UTF-8 instead of ISO-8859-1' do |
43 | - article = TinyMceArticle.create!(:profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="informática">link</a>') | 43 | + article = create(TinyMceArticle, :profile => profile, :name => 'teste ' + Time.now.to_s, :body => '<a title="informática">link</a>') |
44 | assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect) | 44 | assert(article.body.is_utf8?, "%s expected to be valid UTF-8 content" % article.body.inspect) |
45 | end | 45 | end |
46 | 46 | ||
47 | should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do | 47 | should 'fix tinymce mess with itheora comments for IE from tiny mce article body' do |
48 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->") | ||
49 | - assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body | 48 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "the <!--–-[if IE]--> just for ie... <!--[endif]-->") |
49 | + assert_equal "the <!–-[if IE]> just for ie... <![endif]-–>", article.body.html_safe | ||
50 | end | 50 | end |
51 | 51 | ||
52 | should 'remove iframe if it is not from a trusted site' do | 52 | should 'remove iframe if it is not from a trusted site' do |
53 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>") | 53 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://anything/videos.ogg'></iframe>") |
54 | assert_equal "", article.body | 54 | assert_equal "", article.body |
55 | end | 55 | end |
56 | 56 | ||
57 | should 'not mess with <iframe and </iframe if it is from itheora by default' do | 57 | should 'not mess with <iframe and </iframe if it is from itheora by default' do |
58 | assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' | 58 | assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' |
59 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>") | 59 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/demo/index.php?v=example.ogv'></iframe>") |
60 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/demo/index.php?v=example.ogv"} | 60 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://itheora.org/demo/index.php?v=example.ogv"} |
61 | end | 61 | end |
62 | 62 | ||
63 | should 'allow iframe if it is from stream.softwarelivre.org by default' do | 63 | should 'allow iframe if it is from stream.softwarelivre.org by default' do |
64 | assert_includes Environment.default.trusted_sites_for_iframe, 'stream.softwarelivre.org' | 64 | assert_includes Environment.default.trusted_sites_for_iframe, 'stream.softwarelivre.org' |
65 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>") | 65 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg'></iframe>") |
66 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg"} | 66 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/fisl10/sites/default/files/videos.ogg"} |
67 | end | 67 | end |
68 | 68 | ||
69 | should 'allow iframe if it is from tv.softwarelivre.org by default' do | 69 | should 'allow iframe if it is from tv.softwarelivre.org by default' do |
70 | assert_includes Environment.default.trusted_sites_for_iframe, 'tv.softwarelivre.org' | 70 | assert_includes Environment.default.trusted_sites_for_iframe, 'tv.softwarelivre.org' |
71 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>") | 71 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe id='player-base' src='http://tv.softwarelivre.org/embed/1170' width='482' height='406' align='right' frameborder='0' scrolling='no'></iframe>") |
72 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"} | 72 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://tv.softwarelivre.org/embed/1170", :width => "482", :height => "406", :align => "right", :frameborder => "0", :scrolling => "no"} |
73 | end | 73 | end |
74 | 74 | ||
@@ -77,12 +77,12 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -77,12 +77,12 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
77 | env.trusted_sites_for_iframe = ['avideosite.com'] | 77 | env.trusted_sites_for_iframe = ['avideosite.com'] |
78 | env.save | 78 | env.save |
79 | assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com' | 79 | assert_includes Environment.default.trusted_sites_for_iframe, 'avideosite.com' |
80 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>") | 80 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://avideosite.com/videos.ogg'></iframe>") |
81 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://avideosite.com/videos.ogg"} | 81 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://avideosite.com/videos.ogg"} |
82 | end | 82 | end |
83 | 83 | ||
84 | should 'remove only the iframe from untrusted site' do | 84 | should 'remove only the iframe from untrusted site' do |
85 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>") | 85 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org/videos.ogg'></iframe><iframe src='http://untrusted_site.com/videos.ogg'></iframe>") |
86 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/videos.ogg"} | 86 | assert_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://stream.softwarelivre.org/videos.ogg"} |
87 | assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"} | 87 | assert_no_tag_in_string article.body, :tag => 'iframe', :attributes => { :src => "http://untrusted_site.com/videos.ogg"} |
88 | end | 88 | end |
@@ -90,13 +90,13 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -90,13 +90,13 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
90 | should 'remove iframe if it has 2 or more src' do | 90 | should 'remove iframe if it has 2 or more src' do |
91 | assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' | 91 | assert_includes Environment.default.trusted_sites_for_iframe, 'itheora.org' |
92 | 92 | ||
93 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>") | 93 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://itheora.org/videos.ogg' src='http://untrusted_site.com/videos.ogg'></iframe>") |
94 | assert_equal '', article.body | 94 | assert_equal '', article.body |
95 | end | 95 | end |
96 | 96 | ||
97 | #TinymMCE convert config={"key":(.*)} in config={"key":(.*)} | 97 | #TinymMCE convert config={"key":(.*)} in config={"key":(.*)} |
98 | should 'not replace " with &quot; when adding an Archive.org video' do | 98 | should 'not replace " with &quot; when adding an Archive.org video' do |
99 | - article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={"key":"\#$b6eb72a0f2f1e29f3d4"}'> </embed>") | 99 | + article = create(TinyMceArticle, :profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={"key":"\#$b6eb72a0f2f1e29f3d4"}'> </embed>") |
100 | assert_equal "<embed flashvars=\"config={"key":"\#$b6eb72a0f2f1e29f3d4"}\"> </embed>", article.body | 100 | assert_equal "<embed flashvars=\"config={"key":"\#$b6eb72a0f2f1e29f3d4"}\"> </embed>", article.body |
101 | end | 101 | end |
102 | 102 | ||
@@ -109,12 +109,12 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -109,12 +109,12 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
109 | end | 109 | end |
110 | 110 | ||
111 | should 'not allow XSS on name' do | 111 | should 'not allow XSS on name' do |
112 | - article = TinyMceArticle.create!(:name => 'title with <script>alert("xss")</script>', :profile => profile) | 112 | + article = create(TinyMceArticle, :name => 'title with <script>alert("xss")</script>', :profile => profile) |
113 | assert_no_match /script/, article.name | 113 | assert_no_match /script/, article.name |
114 | end | 114 | end |
115 | 115 | ||
116 | should 'not allow XSS on abstract' do | 116 | should 'not allow XSS on abstract' do |
117 | - article = TinyMceArticle.create!(:name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile) | 117 | + article = create(TinyMceArticle, :name => "test 123", :abstract => 'abstract with <script>alert("xss")</script>', :profile => profile) |
118 | assert_no_match /script/, article.abstract | 118 | assert_no_match /script/, article.abstract |
119 | end | 119 | end |
120 | 120 | ||
@@ -125,23 +125,24 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -125,23 +125,24 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
125 | 125 | ||
126 | should 'notify activity on create' do | 126 | should 'notify activity on create' do |
127 | ActionTracker::Record.delete_all | 127 | ActionTracker::Record.delete_all |
128 | - TinyMceArticle.create! :name => 'test', :profile_id => fast_create(Profile).id, :published => true | 128 | + create TinyMceArticle, :name => 'test', :profile_id => fast_create(Profile).id, :published => true |
129 | assert_equal 1, ActionTracker::Record.count | 129 | assert_equal 1, ActionTracker::Record.count |
130 | end | 130 | end |
131 | 131 | ||
132 | should 'not group trackers activity of article\'s creation' do | 132 | should 'not group trackers activity of article\'s creation' do |
133 | ActionTracker::Record.delete_all | 133 | ActionTracker::Record.delete_all |
134 | profile = fast_create(Profile) | 134 | profile = fast_create(Profile) |
135 | - TinyMceArticle.create! :name => 'bar', :profile_id => profile.id, :published => true | ||
136 | - TinyMceArticle.create! :name => 'another bar', :profile_id => profile.id, :published => true | 135 | + create TinyMceArticle, :name => 'bar', :profile_id => profile.id, :published => true |
136 | + create TinyMceArticle, :name => 'another bar', :profile_id => profile.id, :published => true | ||
137 | assert_equal 2, ActionTracker::Record.count | 137 | assert_equal 2, ActionTracker::Record.count |
138 | - TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true | 138 | + create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true |
139 | assert_equal 3, ActionTracker::Record.count | 139 | assert_equal 3, ActionTracker::Record.count |
140 | end | 140 | end |
141 | 141 | ||
142 | should 'not update activity on update of an article' do | 142 | should 'not update activity on update of an article' do |
143 | ActionTracker::Record.delete_all | 143 | ActionTracker::Record.delete_all |
144 | profile = fast_create(Profile) | 144 | profile = fast_create(Profile) |
145 | + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person)) | ||
145 | article = create(TinyMceArticle, :profile_id => profile.id) | 146 | article = create(TinyMceArticle, :profile_id => profile.id) |
146 | time = article.activity.updated_at | 147 | time = article.activity.updated_at |
147 | Time.stubs(:now).returns(time + 1.day) | 148 | Time.stubs(:now).returns(time + 1.day) |
@@ -154,8 +155,8 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -154,8 +155,8 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
154 | 155 | ||
155 | should 'not create trackers activity when updating articles' do | 156 | should 'not create trackers activity when updating articles' do |
156 | ActionTracker::Record.delete_all | 157 | ActionTracker::Record.delete_all |
157 | - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true | ||
158 | - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true | 158 | + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true |
159 | + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true | ||
159 | assert_no_difference ActionTracker::Record, :count do | 160 | assert_no_difference ActionTracker::Record, :count do |
160 | a1.name = 'foo';a1.save! | 161 | a1.name = 'foo';a1.save! |
161 | a2.name = 'another foo';a2.save! | 162 | a2.name = 'another foo';a2.save! |
@@ -164,8 +165,8 @@ class TinyMceArticleTest < ActiveSupport::TestCase | @@ -164,8 +165,8 @@ class TinyMceArticleTest < ActiveSupport::TestCase | ||
164 | 165 | ||
165 | should 'remove activity when an article is destroyed' do | 166 | should 'remove activity when an article is destroyed' do |
166 | ActionTracker::Record.delete_all | 167 | ActionTracker::Record.delete_all |
167 | - a1 = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true | ||
168 | - a2 = TinyMceArticle.create! :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true | 168 | + a1 = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true |
169 | + a2 = create TinyMceArticle, :name => 'another bar', :profile_id => fast_create(Profile).id, :published => true | ||
169 | assert_difference ActionTracker::Record, :count, -2 do | 170 | assert_difference ActionTracker::Record, :count, -2 do |
170 | a1.destroy | 171 | a1.destroy |
171 | a2.destroy | 172 | a2.destroy |
@@ -178,20 +179,21 @@ end | @@ -178,20 +179,21 @@ end | ||
178 | p1 = Person.first | 179 | p1 = Person.first |
179 | community.add_member(p1) | 180 | community.add_member(p1) |
180 | assert p1.is_member_of?(community) | 181 | assert p1.is_member_of?(community) |
181 | - article = TinyMceArticle.create! :name => 'test', :profile_id => community.id | 182 | + article = create TinyMceArticle, :name => 'test', :profile_id => community.id |
182 | assert_equal article, ActionTracker::Record.last.target | 183 | assert_equal article, ActionTracker::Record.last.target |
183 | end | 184 | end |
184 | 185 | ||
185 | should "the tracker action target be defined as the article on articles'creation in profile" do | 186 | should "the tracker action target be defined as the article on articles'creation in profile" do |
186 | ActionTracker::Record.delete_all | 187 | ActionTracker::Record.delete_all |
187 | person = Person.first | 188 | person = Person.first |
188 | - article = TinyMceArticle.create! :name => 'test', :profile_id => person.id | 189 | + ActionTracker::Record.stubs(:current_user_from_model).returns(fast_create(Person)) |
190 | + article = create TinyMceArticle, :name => 'test', :profile_id => person.id | ||
189 | assert_equal article, ActionTracker::Record.last.target | 191 | assert_equal article, ActionTracker::Record.last.target |
190 | end | 192 | end |
191 | 193 | ||
192 | should 'not notify activity if the article is not advertise' do | 194 | should 'not notify activity if the article is not advertise' do |
193 | ActionTracker::Record.delete_all | 195 | ActionTracker::Record.delete_all |
194 | - a = TinyMceArticle.create! :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false | 196 | + a = create TinyMceArticle, :name => 'bar', :profile_id => fast_create(Profile).id, :published => true, :advertise => false |
195 | assert_equal true, a.published? | 197 | assert_equal true, a.published? |
196 | assert_equal true, a.notifiable? | 198 | assert_equal true, a.notifiable? |
197 | assert_equal false, a.image? | 199 | assert_equal false, a.image? |
@@ -204,7 +206,7 @@ end | @@ -204,7 +206,7 @@ end | ||
204 | end | 206 | end |
205 | 207 | ||
206 | should "the common trackable conditions return the correct value" do | 208 | should "the common trackable conditions return the correct value" do |
207 | - a = TinyMceArticle.new(:profile => profile) | 209 | + a = build(TinyMceArticle, :profile => profile) |
208 | a.published = a.advertise = true | 210 | a.published = a.advertise = true |
209 | assert_equal true, a.published? | 211 | assert_equal true, a.published? |
210 | assert_equal true, a.notifiable? | 212 | assert_equal true, a.notifiable? |