# frozen_string_literal: true
require 'rails_helper'
require 'category_badge'
describe CategoryBadge do
it "escapes HTML in category names / descriptions" do
c = Fabricate(:category, name: 'name', description: 'title')
html = CategoryBadge.html_for(c)
expect(html).not_to include("title")
expect(html).not_to include("name")
expect(html).to include(ERB::Util.html_escape("name"))
expect(html).to include("title='title'")
end
it "escapes code block contents" do
c = Fabricate(:category, description: '\' <b id="x">
')
html = CategoryBadge.html_for(c)
expect(html).to include("title='' <b id="x">'")
end
end