DEV: Add test.

Follow-up to bccd090cedd4f49b9a07958292baed462b8c1a1c.
2025-02-06 03:18:23 +00:00 · 2019-06-26 16:37:01 +03:00 · 2019-06-26 16:37:01 +03:00 · 463db22928
commit 463db22928
parent bccd090ced
1 changed files with 12 additions and 0 deletions
--- a/plugins/discourse-details/spec/components/pretty_text_spec.rb
+++ b/plugins/discourse-details/spec/components/pretty_text_spec.rb
@ -41,4 +41,16 @@ describe PrettyText do
    expect(md).to eq(html)
  end

+  it 'escapes summary text' do
+    md = PrettyText.cook(<<~EOF)
+      <script>alert('hello')</script>
+      [details="<script>alert('hello')</script>"]
+      <script>alert('hello')</script>
+      [/details]
+    EOF
+    md = PrettyText.format_for_email(md, post)
+
+    expect(md).not_to include('<script>')
+  end
+
 end