mirror of
https://github.com/discourse/discourse.git
synced 2024-12-18 19:23:53 +08:00
493d437e79
* Remove outdated option
04078317ba
* Use the non-globally exposed RSpec syntax
https://github.com/rspec/rspec-core/pull/2803
* Use the non-globally exposed RSpec syntax, cont
https://github.com/rspec/rspec-core/pull/2803
* Comply to strict predicate matchers
See:
- https://github.com/rspec/rspec-expectations/pull/1195
- https://github.com/rspec/rspec-expectations/pull/1196
- https://github.com/rspec/rspec-expectations/pull/1277
23 lines
736 B
Ruby
23 lines
736 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe UserField do
|
|
describe "doesn't validate presence of name if field type is 'confirm'" do
|
|
subject { described_class.new(field_type: 'confirm') }
|
|
it { is_expected.not_to validate_presence_of :name }
|
|
end
|
|
|
|
describe "validates presence of name for other field types" do
|
|
subject { described_class.new(field_type: 'dropdown') }
|
|
it { is_expected.to validate_presence_of :name }
|
|
end
|
|
|
|
it 'sanitizes the description' do
|
|
xss = "<b onmouseover=alert('Wufff!')>click me!</b><script>alert('TEST');</script>"
|
|
user_field = Fabricate(:user_field)
|
|
|
|
user_field.update!(description: xss)
|
|
|
|
expect(user_field.description).to eq("<b>click me!</b>alert('TEST');")
|
|
end
|
|
end
|